Download the PHP package remessage/json-web-token without Composer
On this page you can find all versions of the php package remessage/json-web-token. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download remessage/json-web-token
More information about remessage/json-web-token
Files in remessage/json-web-token
Package json-web-token
Short Description A JSON Web Token (RFC 7519) implementation library
License Apache-2.0
Homepage https://dev.remessage.ru/packages/json-web-token
Informations about the package json-web-token
Json Web Token Implementation
This library implements a series of standards related with JSON Web Token and is used by others Re: Message libraries and services like remessage/client
and API server.
Installation
You will need Composer to install. Run this command:
composer require remessage/json-web-token
Usage
Algorithms
All tokens and services uses algorithms to sign, verify, encrypt and decrypt the token data. Each algorithm MUST implement RM\Standard\Jwt\Algorithm\AlgorithmInterface
.
At this moment, we provide only HMAC-based algorithms:
RM\Standard\Jwt\Algorithm\Signature\HMAC\HS256
for HMAC with SHA-256RM\Standard\Jwt\Algorithm\Signature\HMAC\HS512
for HMAC with SHA-512RM\Standard\Jwt\Algorithm\Signature\HMAC\HS3256
for HMAC with SHA3-256 (or Keccak256)RM\Standard\Jwt\Algorithm\Signature\HMAC\HS3512
for HMAC with SHA3-512 (or Keccak512)
Also, you can implement your own algorithm. You need implement the RM\Standard\Jwt\Algorithm\AlgorithmInterface
interface.
Keys
Each key must implement the RM\Standard\Jwt\Key\Factory\KeyInterface
interface.
At the moment, we provide support for:
- Octet key
- RSA keys (PSS and PKCS1) (only signing)
Also, you can implement your own key. You need implement the RM\Standard\Jwt\Key\Factory\KeyFactoryInterface
interface to create your key from array. If your key contains a property that is not implemented in this library, then you also need to implement the RM\Standard\Jwt\Key\Parameter\KeyParameterInterface
interface and use RM\Standard\Jwt\Key\Parameter\Factory\ParameterFactory
with your key parameter class.
Tokens
To create new token you can use the RM\Standard\Jwt\Signature\SignatureToken
class. The class constructor have 3 arguments: header parameters, payload claims and signature. The header parameters must include the algorithm parameter. Other arguments is optional.
Example:
Via secondary constructor:
Properties
The token has parameters called properties, these are important sensitive data that are needed for authorization and verification. They are separated respectively in the header and in the payload of the token. Header parameters contains the common token data: the signing or encryption algorithm and the type of token. Payload claims contain the data necessary for verification: the token sign/encrypt time, the action time, who signed and for whom. The payload can also include business logic data like permissions or something else.
Header parameters defined in the RM\Standard\Jwt\Property\Header\
namespace. Payload claims defined in the RM\Standard\Jwt\Property\Payload\
namespace.
You can use custom properties. To create your custom property you need implement one of these interfaces:
RM\Standard\Jwt\Property\Header\HeaderParameterInterface
to create custom header parameterRM\Standard\Jwt\Property\Payload\ClaimInterface
to create custom claim
According to the standard, property names must be concise enough. We use 3-character names, but there are no restrictions.
Serialization
Serialization of tokens provided by some services implemented the RM\Standard\Jwt\Serializer\SerializerInterface
interface.
Example:
Signing
To sign the token you should use the RM\Standard\Jwt\Signature\Signer
. Signer only depends on the serializer, but the default is RM\Standard\Jwt\Serializer\SignatureCompactSerializer
.
Serializer is necessary for the service to sign the token, since the signature is the header and the payload signed by the key.
Also, you can use decorators for Signer to provide some token handling:
RM\Standard\Jwt\Signature\GeneratedSigner
provides ability to generate token property before signingRM\Standard\Jwt\Signature\EventfulSigner
creates eventsRM\Standard\Jwt\Signature\LoggableSigner
allows collecting logs about the signing process
Example:
Implementation
This library implements only the necessary minimum for the correct operation of the service platform.
Will not implemented
All versions of json-web-token with dependencies
ext-json Version *
ext-sodium Version *
ext-mbstring Version *
psr/log Version ^3.0
psr/http-client Version ^1.0.0
psr/http-factory Version ^1.0.0
psr/event-dispatcher Version ^1.0.0
doctrine/collections Version ^2.1.4
symfony/deprecation-contracts Version ^3.0
symfony/serializer Version ^7.0
symfony/event-dispatcher Version ^7.0
laminas/laminas-math Version ^3.2
phpseclib/phpseclib Version ^3.0
paragonie/constant_time_encoding Version ^2.3