A PHP port of hueniverse/iron
iron-php is a PHP implementation of the Iron
library. Iron generates encapsulated tokens suitable for embedding in cookies,
query parameters, and HTTP headers.
$ composer require jsq/iron-php
Please consult the Iron [security considerations] (https://github.com/hueniverse/iron#security-considerations) before using this library.
iron-php supports the token format generated by Iron 4.0, with the
- The payload encryption cipher method is configurable but cannot be set to any GCM or CTR variant of AES. This is due to a PHP limitation that will be addressed in PHP 7.1.
- Separate encryption and signature passwords are not supported.
<?php use Jsq\Iron; use Jsq\Iron\Password; // payloads can be anything that can be serialized by json_encode $payload = ['an' => 'array']; // passwords must be at least 32 characters long $password = base64_encode(openssl_random_pseudo_bytes(24)); // tokens can be set to expire after a fixed number of seconds $ttl = 300; // create a sealed token $token = Iron\seal($payload, $password, $ttl); // The token will be unsealable with the correct password until the token expires $unsealed = Iron\unseal($token, $password); // Named passwords can also be used $password = new Password(base64_encode(openssl_random_pseudo_bytes(24)), 'my_password'); // create a sealed token with the named password $token = Iron\seal($payload, $password);