README

This library adds support to web-token/jwt-framework as an alternative to lcobucci/jwt in tymon/jwt-auth, which is probably the most used Laravel package for JWT authentication.

The main goal here is to provide JWKS support instead of using public keys stored locally.

Installation

You can install this library via Composer.

composer require fusionauth/jwt-auth-webtoken-provider

Then, you should add one of PHP JWT Framework's Signature libraries according to the algorithm you want to use:

• HMAC algorithms (HS256, HS384 or HS512):

  composer require web-token/jwt-signature-algorithm-hmac

• RSASSA-PKCS1 v1_5 algorithms (RS256, RS384 or RS512):

  composer require web-token/jwt-signature-algorithm-rsa

• ECDSA algorithms (ES256, ES384 or ES512):

  composer require web-token/jwt-signature-algorithm-ecdsa

Usage

This requires composer 2.2 or greater.

Publish this package config file (which overrides the one from tymon/jwt-auth):

php artisan vendor:publish --provider="FusionAuth\JWTAuth\WebTokenProvider\Providers\WebTokenServiceProvider"

Using JWKS

Instead of providing a local public key and use JWKS, edit your .env file to add these lines:

JWT_JWKS_URL=https://your.application.address.to/jwks.json
JWT_JWKS_URL_CACHE=86400

Packagist

You can find this on https://packagist.org/packages/fusionauth/jwt-auth-webtoken-provider

This packagist listing is updated using a GitHub webhook.

Release

• sb release
• sb publish

Questions and support

If you have a question or support issue regarding this client library, we'd love to hear from you.

If you have a paid edition with support included, please open a ticket in your account portal. Learn more about paid editions here.

Otherwise, please post your question in the community forum.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/FusionAuth/fusionauth-laravel-jwt-auth-webtoken-provider.

License

This code is available as open source under the terms of the Apache v2.0 License.