tmilos/jose-jwt

Javascript Object Signing and Encryption JOSE PHP library, supporting JSON Web Tokens JWT and JSON Web Encryption JWE

2.0.0 2017-01-26 10:34 UTC

This package is not auto-updated.

Last update: 2021-11-26 08:02:13 UTC


README

Javascript Object Signing and Encryption JOSE PHP library, supporting JSON Web Tokens JWT and JSON Web Encryption JWE.

Author License Build Status Coverage Status HHVM Status Scrutinizer Code Quality

JWT algorithms

Supported signing algorithms

JWS Algorithm
none
HS256
HS384
HS512
RS256
RS384
RS512

JWE algorithms and encryptions

Supported JWE algorithms

JWE Algorithm
RSA1_5
RSA-OAEP
A128KW
A192KW
A256KW
dir

Supported JWE encryption

JWE Encryption
A128CBC-HS256
A192CBC-HS384
A256CBC-HS512

JWT API

$factory = new \Tmilos\JoseJwt\Context\DefaultContextFactory();
$context = $factory->get();

$payload = ['msg' => 'Hello!'];
$extraHeader = ['iam'=>'my-id'];

// plain (no signature) token
$token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, null, \Tmilos\JoseJwt\Jws\JwsAlgorithm::NONE, $extraHeader);

// HS256 signature
$secret = '...'; // 256 bits secret
$token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS256, $extraHeader);

// HS384 signature
$secret = '...'; // 256 bits secret
$token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS384, $extraHeader);

// HS512 signature
$secret = '...'; // 256 bits secret
$token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS512, $extraHeader);

// RS256
$privateKey = openssl_get_privatekey($filename);
$token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS256, $extraHeader);

// RS384
$privateKey = openssl_get_privatekey($filename);
$token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS384, $extraHeader);

// RS512
$privateKey = openssl_get_privatekey($filename);
$token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS512, $extraHeader);

// decode
$header = \Tmilos\JoseJwt\Jwt::header($token);
// eventually also use other header data to indicate which key should be used
switch($header['alg']) {
    case \Tmilos\JoseJwt\Jws\JwsAlgorithm::NONE:
        $key = null;
        break;
    case \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS256:
    case \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS384:
    case \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS512:
        $key = $secret;
        break;
    case \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS256:
    case \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS384:
    case \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS512:
        $key = $publicKey;
        break;
}
$payload = \Tmilos\JoseJwt\JWT::decode($context, $token, $key);

JWE API

$factory = new \Tmilos\JoseJwt\Context\DefaultContextFactory();
$context = $factory->get();

// Symmetric
$payload = ['msg' => 'Hello!'];
$extraHeader = ['iam'=>'my-id'];

// DIR - A128CBC-HS256
$secret = '...'; // 256 bits secret
$token = \Tmilos\JoseJwt\Jwe::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jwe\JweAlgorithm::DIR, \Tmilos\JoseJwt\Jwe\JweEncryption::A128CBC_HS256, $extraHeaders);

// DIR - A192CBC-HS384
$secret = '...'; // 384 bits secret
$token = \Tmilos\JoseJwt\Jwe::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jwe\JweAlgorithm::DIR, \Tmilos\JoseJwt\Jwe\JweEncryption::A192CBC_HS384, $extraHeaders);

// DIR - A256CBC-HS512
$secret = '...'; // 512 bits secret
$token = \Tmilos\JoseJwt\Jwe::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jwe\JweAlgorithm::DIR, \Tmilos\JoseJwt\Jwe\JweEncryption::A256CBC_HS512, $extraHeaders);

// decode
$payload = \Tmilos\JoseJwt\Jwe::decode($context, $token, $secret);

// RSA
$myPrivateKey = openssl_get_privatekey();
$partyPublicKey = openssl_get_publickey();

// RSA_OAEP - A128CBC-HS256
$token = \Tmilos\JoseJwt\Jwe::encode($context, $payload, $partyPublicKey, \Tmilos\JoseJwt\Jwe\JweAlgorithm::RSA_OAEP, \Tmilos\JoseJwt\Jwe\JweEncryption::A128CBC_HS256, $extraHeaders);

// RSA_OAEP - A256CBC-HS512
$token = \Tmilos\JoseJwt\Jwe::encode($context, $payload, $partyPublicKey, \Tmilos\JoseJwt\Jwe\JweAlgorithm::RSA_OAEP, \Tmilos\JoseJwt\Jwe\JweEncryption::A256CBC_HS512, $extraHeaders);

// decode
$payload = \Tmilos\JoseJwt\Jwe::decode($context, $token, $myPrivateKey);

// read header w/out decryption
$header = \Tmilos\Tmilos\JoseJwt\Jwe::decode($token); // {"alg": "A192KW", "enc": "A128CBC-HS256", "typ": "JWT", "custom": "X"}