README

Library for parse and create JWT (JSON Web Token) in PHP, using PHP JWT Framework.

Installation

Install with composer :

composer require b2pweb/jwt

Simple usage

<?php

// Define algorithms
$jwa = new \B2pweb\Jwt\JWA();
$jwa = $jwa->filter(['HS256', 'HS512', 'RS256', 'RS512']); // Filter enabled algorithms

// Define your keys
$jwks = new \Jose\Component\Core\JWKSet([
    \Jose\Component\KeyManagement\JWKFactory::createFromKeyFile($privKey, null, ['use' => 'sig', 'kid' => 'key-user']),
    // ...
]);

// Encode a payload to JWT
$encoder = new \B2pweb\Jwt\JwtEncoder($jwa);
$jwt = $encoder->encode(
    [
        'iss' => 'https://example.com',
        'aud' => 'https://example.com',
        'iat' => time(),
        'exp' => time() + 3600,
        'sub' => '1234567890',
        'name' => 'John Doe',
        'admin' => true,
    ],
    // You can configure encoding options here, like the key to use, the algorithm, ...
    (new \B2pweb\Jwt\EncodingOptions($jwks))
        ->setAlgorithm('RS512')
        ->setKid('key-user')
);

// You can also use an object that implements \B2pweb\Jwt\ClaimsInterface
// allowing you to customize the claims serialization to JSON
// If you extends \B2pweb\Jwt\Claims, you can define Claims::$encodingFlags on the subclass to customize the JSON encoding flags
$claims = new \B2pweb\Jwt\Claims([
    'iss' => 'https://example.com',
    'aud' => 'https://example.com',
    'iat' => time(),
    'exp' => time() + 3600,
    'sub' => '1234567890',
    'name' => 'John Doe',
    'admin' => true,
]);
$jwt = $encoder->encode(
    $claims,
    // You can use EncodingOptions::fromKey, which will automatically set the algorithm and the kid from the given key
    \B2pweb\Jwt\EncodingOptions::fromKey(\Jose\Component\KeyManagement\JWKFactory::createFromSecret($secret, ['use' => 'sig', 'alg' => 'HS256']))
);

// Decode a JWT
$decoder = new \B2pweb\Jwt\JwtDecoder($jwa);

$token = $decoder->decode($jwt, $jwks); // Return a \B2pweb\Jwt\Claims object
$token->claim('iss'); // Return 'https://example.com'

// Yan can also define allowed algorithms using JwtDecoder::supportedAlgorithms()
$token = $decoder->supportedAlgorithms(['RS256', 'RS512'])->decode($jwt, $jwks);

// You can also decode a JWT without verifying the signature
$token = \B2pweb\Jwt\JWT::fromJwtUnsafe($jwt);