Download the PHP package remessage/json-web-token without Composer

On this page you can find all versions of the php package remessage/json-web-token. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package json-web-token

Json Web Token Implementation

Version PHP Version Support License GitHub Workflow Status

This library implements a series of standards related with JSON Web Token and is used by others Re: Message libraries and services like remessage/client and API server.

Installation

You will need Composer to install. Run this command:

composer require remessage/json-web-token

Usage

Algorithms

All tokens and services uses algorithms to sign, verify, encrypt and decrypt the token data. Each algorithm MUST implement RM\Standard\Jwt\Algorithm\AlgorithmInterface.

At this moment, we provide only HMAC-based algorithms:

  1. RM\Standard\Jwt\Algorithm\Signature\HMAC\HS256 for HMAC with SHA-256
  2. RM\Standard\Jwt\Algorithm\Signature\HMAC\HS512 for HMAC with SHA-512
  3. RM\Standard\Jwt\Algorithm\Signature\HMAC\HS3256 for HMAC with SHA3-256 (or Keccak256)
  4. RM\Standard\Jwt\Algorithm\Signature\HMAC\HS3512 for HMAC with SHA3-512 (or Keccak512)

Also, you can implement your own algorithm. You need implement the RM\Standard\Jwt\Algorithm\AlgorithmInterface interface.

Keys

Each key must implement the RM\Standard\Jwt\Key\Factory\KeyInterface interface.

At the moment, we provide support for:

  1. Octet key
  2. RSA keys (PSS and PKCS1) (only signing)

Also, you can implement your own key. You need implement the RM\Standard\Jwt\Key\Factory\KeyFactoryInterface interface to create your key from array. If your key contains a property that is not implemented in this library, then you also need to implement the RM\Standard\Jwt\Key\Parameter\KeyParameterInterface interface and use RM\Standard\Jwt\Key\Parameter\Factory\ParameterFactory with your key parameter class.

Tokens

To create new token you can use the RM\Standard\Jwt\Signature\SignatureToken class. The class constructor have 3 arguments: header parameters, payload claims and signature. The header parameters must include the algorithm parameter. Other arguments is optional.

Example:

Via secondary constructor:

Properties

The token has parameters called properties, these are important sensitive data that are needed for authorization and verification. They are separated respectively in the header and in the payload of the token. Header parameters contains the common token data: the signing or encryption algorithm and the type of token. Payload claims contain the data necessary for verification: the token sign/encrypt time, the action time, who signed and for whom. The payload can also include business logic data like permissions or something else.

Header parameters defined in the RM\Standard\Jwt\Property\Header\ namespace. Payload claims defined in the RM\Standard\Jwt\Property\Payload\ namespace.

You can use custom properties. To create your custom property you need implement one of these interfaces:

  1. RM\Standard\Jwt\Property\Header\HeaderParameterInterface to create custom header parameter
  2. RM\Standard\Jwt\Property\Payload\ClaimInterface to create custom claim

According to the standard, property names must be concise enough. We use 3-character names, but there are no restrictions.

Serialization

Serialization of tokens provided by some services implemented the RM\Standard\Jwt\Serializer\SerializerInterface interface.

Example:

Signing

To sign the token you should use the RM\Standard\Jwt\Signature\Signer. Signer only depends on the serializer, but the default is RM\Standard\Jwt\Serializer\SignatureCompactSerializer.

Serializer is necessary for the service to sign the token, since the signature is the header and the payload signed by the key.

Also, you can use decorators for Signer to provide some token handling:

Example:

Implementation

This library implements only the necessary minimum for the correct operation of the service platform.

Will not implemented


All versions of json-web-token with dependencies

PHP Build Version
Package Version
Requires php Version >=8.3
ext-json Version *
ext-sodium Version *
ext-mbstring Version *
psr/log Version ^3.0
psr/http-client Version ^1.0.0
psr/http-factory Version ^1.0.0
psr/event-dispatcher Version ^1.0.0
doctrine/collections Version ^2.1.4
symfony/deprecation-contracts Version ^3.0
symfony/serializer Version ^7.0
symfony/event-dispatcher Version ^7.0
laminas/laminas-math Version ^3.2
phpseclib/phpseclib Version ^3.0
paragonie/constant_time_encoding Version ^2.3
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package remessage/json-web-token contains the following files

Loading the files please wait ....