PHP download

Download the PHP package rafalswierczek/jwt without Composer

On this page you can find all versions of the php package rafalswierczek/jwt. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download rafalswierczek/jwt
More information about rafalswierczek/jwt
Files in rafalswierczek/jwt

Vendor rafalswierczek
Package jwt
Short Description Simple JWT codebase
License MIT

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of rafalswierczek/jwt

Informations about the package jwt

Simple JWS authentication codebase

Take total control over JWS authentication with help of this repository.

Installation:

composer require rafalswierczek/jwt

Usage

Remember that this library is a code base so treat it as your source code. Be aware of exceptions defined in the contract, catch them.

Nothing will work unless you have 100% awareness of the whole architecture you want to implement.

SYMMETRIC SIGNATURE SYSTEM:

Keep your JWS secret very safely and share it between applications to let one JWS be used to authenticate with multiple applications. This is pretty much the only reason to use JWT system at all.
In authentication server or auth module in monolith:
- Create your own endpoint that will check user credentials and return generated JWS in successful response.
- Create your own instances of JWSIssuerInterface, JWSHeader and JWSPayload and generate new JWS that should be returned in auth endpoint.
- Create your own instance of RefreshTokenProviderInterface and generate new refresh token that should be returned together with JWS.
- You MUST have 1 unique secret key per 1 refresh token. Store both in a table as unique index. If refresh token get hacked or someone using it should be banned then you cannot do anything by definition of JWT system. The only way to handle this situation is to invalidate secret key associated with refresh token in such table to prevent user from generating new JWS that should be valid for 3~15 minutes depending on security measures.
In every application that matches the audience:
- Create your own authenticator and from there use your instance of JWSVerifierInterface to verify JWS from request header.
- If JWS is expired (JWSHasExpiredException) try to request your auth server to generate new JWS using current refresh token. Return 403.
- JWSCompromisedSignatureException is a red flag, most likely an attack or bug. Log it as error or alert and return 403.
- CannotMatchAudienceException Might be the problem with old domain name or the JWS is just not meant to be used for this specific application. Log it as warning and return 403.
- If the refresh token is not valid, log off the user and force him to log in (auth server endpoint) using whatever credentials you use.

All versions of jwt with dependencies

PHP Build Version

Package Version

Version 3.0 Release 04. Aug 2024
create-project require 0 people choosed require and
0 people choosed create-project.

Download

Download latest version of jwt from vendor rafalswierczek

Requires php Version 8.3.*

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package rafalswierczek/jwt contains the following files

Loading the files please wait ....

Download the PHP package rafalswierczek/jwt without Composer

FAQ

How can I use the PHP package after the download?

Do I need to create a project on this site?

When is it necessary to insert some auth.json content?

What is the advantage to use this site for my Composer projects?