geggleto/securejwt

Secure JWT

Maintainers

Details

github.com/geggleto/securejwt

Source

Issues

Installs: 20

Dependents: 0

Suggesters: 0

Security: 0

Stars: 4

Watchers: 3

Forks: 0

Open Issues: 1

0.0.1 2016-05-27 15:52 UTC

Requires

Requires (Dev)

MIT 108c370fafad151bbb97b0ef205230d29016bb37

  • Glenn Eggleton <geggleto.woop@gmail.com>

This package is auto-updated.

Last update: 2024-03-29 02:39:32 UTC

README

Pre-Req

Libsodium is installed and configured in your environment. Our friends over at ParagonIE have a wonderful document to help you out. Read it here.

Installation

composer require geggleto/securejwt

Usage

  1. Generate a security key [a script has been provided scripts/generateSecretKey.php]

  2. Encrypting your Tokens

    $config = new \Lcobucci\JWT\Builder(); // This object helps to simplify the creation of the dependencies
    // instead of using "?:" on constructors.

    $token = $config->setIssuer('http://example.com') // Configures the issuer (iss claim)
        ->setAudience('http://example.org') // Configures the audience (aud claim)
        ->setId('4f1g23a12aa', true) // Configures the id (jti claim), replicating as a header item
        ->setIssuedAt(time()) // Configures the time that the token was issue (iat claim)
        ->setNotBefore(time() + 60) // Configures the time that the token can be used (nbf claim)
        ->setExpiration(time() + 3600) // Configures the expiration time of the token (exp claim)
        ->set('uid', 1) // Configures a new claim, called "uid"
        ->getToken(); // Retrieves the generated token

    $secureJwt = new \SecureJwt\SecureJwt('./sec/encryption.key');

    $securedToken = $secureJwt->encryptToken((string)$token); //<--- This is the encrypted token
  1. Decrypting your tokens
    $tokenString = $secureJwt->decryptToken($securedToken);

    $newToken = (new \Lcobucci\JWT\Parser())->parse($tokenString);