Download the PHP package ossipesonen/azureadb2ctokenvalidator without Composer

On this page you can find all versions of the php package ossipesonen/azureadb2ctokenvalidator. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of ossipesonen/azureadb2ctokenvalidator

Informations about the package azureadb2ctokenvalidator

AzureADB2CTokenValidator

A simple implementation of Azure AD B2C token validation with PHP. The trick with AD B2C is to fetch your tenant keys to calculate a public key with the modulus and exponent. For this we use the PublicKeyLoader from phpseclib3.

Requirements

Installation

How to use

Very simple. Firebase's JWT package already verifies the token's signature and expiration.

Caching

The public keys in Azure rotate every 24 hours. It is highly recommended to cache the key somewhere nearby and use that if the kid (key id) value still matches. You can do this by providing the cached key payload (JSON format)

As an example, here's how you could use a local directory to store the keys (they are public, so no need to fear):

Tests

To run unit tests, you must create a private and public key pair with RSA-SHA 256 signature. Typically this can be done using the openssl command in your Terminal.

openssl rsa -in private.key -pubout -outform PEM -out public.key

Once you've created your keys, put them in /tests/resources/keys. Don't change the names (private.key and public.key). The contents of this folder are ignored on git and should never be committed!

The keys are a requirement for unit testing. We don't want to test against a live B2C account with Azure generated keys. We also don't have access to the private key there, which means we can't generate the signature anyway. Testing against an expired token doesn't get us too far.

Unit tests can be run with Pest:

composer run test

All versions of azureadb2ctokenvalidator with dependencies

PHP Build Version
Package Version
Requires php Version >=7.4
firebase/php-jwt Version ^5.4
phpseclib/phpseclib Version ^3.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package ossipesonen/azureadb2ctokenvalidator contains the following files

Loading the files please wait ....