1. Go to this page and download the library: Download timjmasters/php-jws library. Choose the download type require.
2. Extract the ZIP file and open the index.php.
3. Add this code to the index.php.
<?php
require_once('vendor/autoload.php');
/* Start to develop here. Best regards https://php-download.com/ */
timjmasters / php-jws example snippets
use TimJMasters\JWS\JWSUtil;
$jws = JWSUtil::createFromPayload(
// The payload
[
"foo" => "bar"
],
[
"secret" => "foobar123",
"payload" => [
"encoding" => JWSUtil::PAYLOAD_AS_JSON //"json_encode"
]
]
);
print $jws . "\r\n";
// Will output eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIifQ.U_rA2byM9Nw_zrXNZfAqEOuyqCO75B9iHh6yO-Fjjgg
// You can also get the header or payload as an array using the $jws->getHeader() or $jws->getPayload() methods.
use TimJMasters\JWS\JWSUtil;
$private_key = openssl_pkey_get_private("path/to/your/private/key.pem");
$public_key = openssl_pkey_get_public("path/to/your/public/key.pem");
// Or you could do:
// $private_key = file_get_contents("path/to/your/private/key.pem");
// $public_key = file_get_contents("path/to/your/public/key.pem");
// Options for creating the token
$options = [
"header" => [
"alg" => JWSUtil::RSA_SHA256, // 'RS256'
"typ" => "JWT",
],
"secret" => $private_key,
];
// Create the token
$jws = JWSUtil::createFromPayload(["foo" => "bar"], $options);
print $jws; // eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJmb28iOiJiYXIifQ.SIGNATURE_ACCORDING_TO_YOUR_CERTIFICATES
var_export(JWSUtil::verify($jws, $public_key, ["RS256"])); // true
use TimJMasters\JWS\JWSUtil;
// Assuming we have a token from google we can create a JWS object
$id_token = JWSUtil::createFromEncoded($google_token);
// Make sure you follow verification according to https://developers.google.com/identity/protocols/oauth2/openid-connect#validatinganidtoken as the library only checks the signature.
// Get the key location from the jwks_uri in the Discovery document, use an HTTP library or curl to make the requests to Google.
$jwks_uri = json_decode(http_get_request('https://accounts.google.com/.well-known/openid-configuration'), true)['jwsk_uri']; // Currently https://www.googleapis.com/oauth2/v3/certs as of 2021/03/04
$google_keys = json_decode(http_get_request($jwks_uri), true); // Gives an array of keys
// Search the array for the correct kid according to the value in the token header
$key_info = array_search($idToken->getHeader()['kid'], array_column($google_keys, "kid"));
// You should probably check the key algorithm matches the token algorithm, but I won't show that here as using the $key_info['alg'] value as the only allowed algorithm effectively does that.
// Google currently uses RSA keys, you need to get the public key based on the modulus and exponent provided.
// I won't show how to do this here, but you might use the phpseclib library, or the firebase/php-jwt source as a way of calculating it here: https://github.com/firebase/php-jwt/blob/f42c9110abe98dd6cfe9053c49bc86acc70b2d23/src/JWK.php#L116
$public_key = createKeyFrom($key_info["n"], $key_info["e"]);
var_export(JWSUtil::verify($id_token, $public_key, [$key_info['alg']])); // Prints true or false
Loading please wait ...
Before you can download the PHP files, the dependencies should be resolved. This can take some minutes. Please be patient.