Download the PHP package rbdwllr/psr-jwt without Composer
On this page you can find all versions of the php package rbdwllr/psr-jwt. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download rbdwllr/psr-jwt
More information about rbdwllr/psr-jwt
Files in rbdwllr/psr-jwt
Package psr-jwt
Short Description A PSR 7 compliant JSON Web Token Middleware Library.
License MIT
Informations about the package psr-jwt
PSR Compliant JSON Web Token Middleware
PSR-JWT is a middleware library which allows you to authorise JSON Web Tokens contained in a web request. It is PSR-7 and PSR-15 compliant and built on top of ReallySimpleJWT.
The library also allows you to generate JSON Web Tokens and the PSR-7 / PSR-15 compliant middleware can be added to any compatible framework, such as Slim PHP.
For more information on JSON Web Tokens please read RFC 7519. Also to learn more about how to pass JSON Web Tokens to web applications please read up on bearer token authorisation in RFC 6750.
Contents
- Setup
- Basic Usage
- Slim PHP Example Implementation
- Generate JSON Web Token
- Parse and Validate JSON Web Token
- Retrieve Token From Request
- Advanced Usage
- Handlers
- Create Custom Handler
Setup
To install this package you will need to install Composer and then run composer init
. Once this is done you can install the package via the command line or by editing the composer.json file created by the composer init
command.
Finally you will need to reference the Composer autoloader in your PHP code, require 'vendor/autoload.php';
. The location of the autoload file will differ dependent on where your code is run. Note, some frameworks already have the autoload file referenced for you.
Install via Composer on the command line:
Install via the composer.json file:
Basic Usage
PsrJwt can be used with any PSR-7 / PSR-15 compliant framework. Just call one of the middleware factory methods and they will return a middleware instance that exposes two methods, __invoke()
and process()
. The latter will work with PSR-15 compliant frameworks and the former will work with older PSR-7 compliant frameworks.
Secret: is the string required to hash the JSON Web Token signature.
Token Key: is the key required to retrieve the JSON Web Token from a cookie, query parameter or the request body. By default though the library looks for tokens in the bearer field of the authorization header. If you use the bearer field you can pass an empty string for the token key ''
.
Body: is the body content you would like to return in the response if authorisation fails. For example, <h1>Authorisation Failed!</h1>
.
Slim PHP Example Implementation
To add the middleware to a route in Slim PHP you can use the code below.
Generate JSON Web Token
To generate JSON Web Tokens PsrJwt offers a wrapper for the library ReallySimpleJWT. You can create an instance of the ReallySimpleJWT builder by calling the built in factory method.
Parse and Validate JSON Web Token
If for some reason you need to parse or validate a token outside of the normal middleware authorisation flow the JWT factory class provides a parser method.
This will return an instance of the Really Simple JWT Parse class which provides token parsing and validation functionality.
For more information on creating, parsing and validating tokens please read the ReallySimpleJWT documentation.
Retrieve Token From Request
If you would like to retrieve the JSON Web Token from the request outside of the normal middleware authorisation flow you can use the request helper class.
It allows you to retrieve the token itself or just access the token's payload or header.
Advanced Usage
You don't have to use the factory methods explained above to generate the JWT authorisation middleware you can instantiate all the required classes directly. This allows you to configure a custom setup.
Handlers
PsrJwt is built to work with any PSR-15 compliant handler. As standard it comes with two built in handlers, one which returns text/html responses and another which returns application/json responses.
You can use these handlers simply by instantiating them and passing them to the PsrJwt middleware.
Create Custom Handler
To create your own handler you need to do two things. First create a class which implements the Psr\Http\Server\RequestHandlerInterface
interface. This requires you create a handle()
method which consumes a Psr\Http\Message\ServerRequestInterface
object and returns a Psr\Http\Message\ResponseInterface
object.
Next you will need to extend the PsrJwt\Auth\Authorise
class as this will give you access to the JSON Web Token authorisation functionality. Once this is done you will be able to pass your handler to the PsrJwt\JwtAuthMiddleware
class and then integrate it with your desired framework.
License
MIT
Author
Rob Waller
Twitter: @robdwaller
All versions of psr-jwt with dependencies
rbdwllr/reallysimplejwt Version ^5.0
psr/http-message Version ^1.0
psr/http-server-middleware Version ^1.0
nyholm/psr7 Version ^1.5