Download the PHP package sizeg/yii2-jwt without Composer

On this page you can find all versions of the php package sizeg/yii2-jwt. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package yii2-jwt

Yii2 JWT

This extension provides the JWT integration for the Yii framework 2.0 (requires PHP 5.6+). It includes basic HTTP authentication support.

Table of contents

  1. Installation
  2. Dependencies
  3. Basic usage
    1. Creating
    2. Parsing from strings
    3. Validating
  4. Token signature
    1. Hmac
    2. RSA and ECDSA
  5. Yii2 basic template example

Installation

Package is available on Packagist, you can install it using Composer.

Dependencies

Basic usage

Add jwt component to your configuration file,

Configure the authenticator behavior as follows.

Also you can use it with CompositeAuth reffer to a doc.

Creating

Some methods marked as deprecated and will soon backport things from lcobucci/jwt 4.x to create an upgrade path.

Just use the builder to create a new JWT/JWS tokens:

Parsing from strings

Use the parser to create a new token from a JWT string (using the previous token as example):

Validating

We can easily validate if the token is valid (using the previous token as example):

We can also use the $leeway parameter to deal with clock skew (see notes below). If token's claimed time is invalid but the difference between that and the validation time is less than $leeway, then token is still considered valid

Important

Token signature

We can use signatures to be able to verify if the token was not modified after its generation. This extension implements Hmac, RSA and ECDSA signatures (using 256, 384 and 512).

Important

Do not allow the string sent to the Parser to dictate which signature algorithm to use, or else your application will be vulnerable to a critical JWT security vulnerability.

The examples below are safe because the choice in Signer is hard-coded and cannot be influenced by malicious users.

Hmac

Hmac signatures are really simple to be used:

RSA and ECDSA

RSA and ECDSA signatures are based on public and private keys so you have to generate using the private key and verify using the public key:

It's important to say that if you're using RSA keys you shouldn't invoke ECDSA signers (and vice-versa), otherwise and will raise an exception!

Yii2 basic template example

Basic scheme

  1. Client send credentials. For example, login + password
  2. Backend validate them
  3. If credentials is valid client receive token
  4. Client store token for the future requests

Step-by-step usage example

  1. Create Yii2 application

    In this example we will use basic template, but you can use advanced template in the same way.

  2. Install component

  3. Add to config/web.php into components section

  4. Create JwtValidationData class. Where you have to configure ValidationData informing all claims you want to validate the token.

  5. Change method app\models\User::findIdentityByAccessToken()

  6. Create controller

  7. Send simple login request to get token. Here we does not send any credentials to simplify example. As we specify in authenticator behavior action login as optional the authenticator skip auth check for that action. image

  8. First of all we try to send request to rest/data without token and getting error Unauthorized image

  9. Then we retry request but already adding Authorization header with our token image

All versions of yii2-jwt with dependencies

PHP Build Version
Package Version
Requires php Version ^7.4 || ^8.0
lcobucci/jwt Version ~4.2.1
yiisoft/yii2 Version ~2.0.0
phpunit/phpunit Version ^9.5
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package sizeg/yii2-jwt contains the following files

Loading the files please wait ....