Download the PHP package okta/jwt-verifier without Composer

On this page you can find all versions of the php package okta/jwt-verifier. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of okta/jwt-verifier

Informations about the package jwt-verifier

Packagist License Support

NOTICE: We're excited about the acquisition of Auth0 to bring you better support in PHP. This repo will be placed into security patch only mode and we will not be adding any further features. If you are looking for an API that is not supported in this library, please call the API directly. Our documentation for the supported Management APIs are located here: https://developer.okta.com/docs/reference/core-okta-api/. Please reach out to the DevForum for any questions.

Okta JWT Verifier for PHP

As a result of a successful authentication by obtaining an authorization grant from a user or using the Okta API, you will be provided with a signed JWT (id_token and/or access_token). A common use case for these access tokens is to use it inside of the Bearer authentication header to let your application know who the user is that is making the request. In order for you to know this use is valid, you will need to know how to validate the token against Okta. This guide gives you an example of how to do this using Okta's JWT Validation library for PHP.

This code does not work with the default authorization server. You must be using a custom authorization server. Please check if this is the case before using this code.

Release status

This library uses semantic versioning and follows Okta's library version policy.

Version Status
0.x :warning: Beta Release (Retired)
1.x :heavy_check_mark: Release

The latest release can always be found on the releases page.

Installation

The Okta JWT Verifier can be installed through composer.

This library requires a JWT library. We currently support firebase/php-jwt version 5.2. You will have to install this or create your own adaptor.

To create your own adaptor, just implement the Okta/JwtVerifier/Adaptors/Adaptor in your own class.

You will also need to install a PSR-7 compliant library. We suggest that you use guzzlehttp/psr7 in your project.

Setting up the Library

To validate a JWT, you will need a few different items:

  1. Your issuer URL
  2. The JWT string you want to verify
  3. Access to your vendor autoload file in your script.

Caching

It's strongly suggested to cache the keys to improve performance. You can pass an implementation of \Psr\SimpleCache\CacheInterface to the Adaptor constructor.

For example, in laravel:

If using symphony, you may need to use an adaptor: https://symfony.com/doc/current/components/cache/psr6_psr16_adapters.html

Validating an Access Token

After you have a $jwtVerifier from the above section and an access_token from a successful sign in, or from a Bearer token in the authorization header, you will need to make sure that it is still valid. All you need to do is call the verifyAccessToken method (where $jwtString is your access token in string format).

This will validate your JWT for the following:

The result from the verify method is a Jwt object which has a few helper methods for you:

Validating an Id Token

This will validate your JWT for the following:

The result from the verify method is a Jwt object which has a few helper methods for you:

Need help?

If you run into problems using the SDK, you can

Conclusion

The above are the basic steps for verifying an access token locally. The steps are not tied directly to a framework so you could plug in the okta/okta-jwt into the framework of your choice.

All versions of jwt-verifier with dependencies

PHP Build Version
Package Version
Requires php Version ^7.4 || ^8.0
nesbot/carbon Version ^2.0
psr/http-message Version ^1.0
php-http/client-common Version ^2.3
php-http/httplug Version ^2.2
php-http/message Version ^1.8
php-http/discovery Version ^1.9
php-http/curl-client Version ^2.1
bretterer/iso_duration_converter Version ^0.1.0
ext-json Version *
illuminate/cache Version ^8.83.1 || ^9.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package okta/jwt-verifier contains the following files

Loading the files please wait ....