Download the PHP package namshi/jose without Composer

On this page you can find all versions of the php package namshi/jose. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package jose

NAMSHI | JOSE

Deprecation notice

Hi there,

as much as we'd like to be able to work on all of the OSS in the world, we don't actively use this library anymore This means that new features / bugfixes / etc will only be merged based on pull requests from external contributors, and we strongly recommend you look for a long-term alternative.

If you're looking for an actively maintained library check firebase/php-jwt out!

Build Status Latest Stable Version Total Downloads License

This library provides a lightweight implementation of the JWS (JSON Web Signature) specification.

Prerequisites

This library needs PHP 5.5+ and the library OpenSSL.

It has been tested using PHP5.5 to PHP7.0 and HHVM.

Installation

You can install the library directly from composer / packagist:

Usage

Using it is pretty straightforward: imagine that you want to offer a service the ability to authenticate a user via a cookie, and the service is built with javascript; what you would need to do is to generate a JWS (after verifying the credentials once), store it as a cookie and then pass it from your JavaScript app everytime you want to authenticate that user.

First, generate the JWS:

Then your JS app can use the available cookie to execute authenticated calls, without sending passwords or credentials.

Once a request is submitted, you only have to verify that it is a valid call:

PROTIP: you can omit the second argument of the isValid() method, so jose will try to validate the token with the algorithm specified in the token's header, though this might expose you to some security issues.

For now we recommend to always explicitely set the algorithm you want to use to validate tokens.

PHPSECLIB For RSA Verification

You may find that you need to use this library in an environment where PHP's wrappers for OpenSSL do not work, or OpenSSL simply is not installed. This library uses OpenSSL to encrypt by default, but you can specify that you want to use PHPSecLib for a pure PHP implementation of RSA encryption.

In these cases, simply add the optional 'SecLib' parameter when constructing a JWS:

You can now use the PHPSecLib implementation of RSA signing. If you use a password protected private key, you can still submit the private key to use for signing as a string, as long as you pass the password as the second parameter into the sign method:

You may also load a JWS using the PHPSecLib implementation of RSA verification:

Under the hood

In order to validate the JWS, the signature is first verified with a public key and then we will check whether the token is expired.

To give a JWS a TTL, just use the standard exp value in the payload:

Unsecure JWSes

You can allow unsecure JWSes by setting the $allowUnsecure flag while loading JWSes:

This allows tokens signed with the 'none' algorithms to go through, which is something you probably don't want to do. Proceed with caution :)

Unsecure JWSes are disabled by default since version 2.2.2. You should not use previous versions other than 2.2.2 as they have a security vulnerability. More info here.

Using a custom encoder

If, for some reason, you need to encode the token in a different way, you can inject any implementation of Namshi\JOSE\Base64\Encoder in a JWS instance. Likewise, JWS::load() accepts such an implementation as a second argument.

Implementation Specifics

The library provides a base JWT Class that implements what is needed just for JSON Web Tokens. The JWS Class then extends the JWT class and adds the implementation for signing and verifying using JSON Web Signatures. The SimpleJWS class extends the base JWS class and adds validation of a TTL and inclusion of automatic claims.

Major Versions

2.x.x to 3.x.x

Introduced the ability to specify an encryption engine. Added support of PHPSecLib to the existing OpenSSL implementation.

3.x.x to 4.x.x - Not Backwards Compatible

Added the ability to set custom properties in the header. Moved automatic inclusion of certain claims into an SimpleJWS class from the base JWS class.

6.x.x - Not Backwards Compatible

6.1.x

6.0.x

7.x.x

7.0.x

Moved phpseclib and the openssl extension as suggested dependencies.

Tests

Tests are written using PHPUnit for this library. After doing composer install you can execute the following command to run tests:

Credits

This library has been inspired by the initial work done by @ritou.


All versions of jose with dependencies

PHP Build Version
Package Version
Requires ext-date Version *
ext-hash Version *
ext-json Version *
ext-pcre Version *
ext-spl Version *
php Version >=5.5
symfony/polyfill-php56 Version ^1.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package namshi/jose contains the following files

Loading the files please wait ....