tmilos / jose-jwt
Javascript Object Signing and Encryption JOSE PHP library, supporting JSON Web Tokens JWT and JSON Web Encryption JWE
Installs: 119 797
Dependents: 0
Suggesters: 0
Security: 0
Stars: 7
Watchers: 2
Forks: 1
Open Issues: 3
Requires
- php: >=5.5
- ext-openssl: *
Requires (Dev)
- phpunit/phpunit: ~4.8|~5.6
- satooshi/php-coveralls: ~1.0
- spomky-labs/aes-key-wrap: ~2.0|~3.0
Suggests
- spomky-labs/aes-key-wrap: If you want to use encryption algorithms A128KW, A192KW, or A256KW
This package is not auto-updated.
Last update: 2025-03-28 23:44:03 UTC
README
Javascript Object Signing and Encryption JOSE PHP library, supporting JSON Web Tokens JWT and JSON Web Encryption JWE.
JWT algorithms
Supported signing algorithms
| JWS Algorithm |
|---|
| none |
| HS256 |
| HS384 |
| HS512 |
| RS256 |
| RS384 |
| RS512 |
JWE algorithms and encryptions
Supported JWE algorithms
| JWE Algorithm |
|---|
| RSA1_5 |
| RSA-OAEP |
| A128KW |
| A192KW |
| A256KW |
| dir |
Supported JWE encryption
| JWE Encryption |
|---|
| A128CBC-HS256 |
| A192CBC-HS384 |
| A256CBC-HS512 |
JWT API
$factory = new \Tmilos\JoseJwt\Context\DefaultContextFactory(); $context = $factory->get(); $payload = ['msg' => 'Hello!']; $extraHeader = ['iam'=>'my-id']; // plain (no signature) token $token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, null, \Tmilos\JoseJwt\Jws\JwsAlgorithm::NONE, $extraHeader); // HS256 signature $secret = '...'; // 256 bits secret $token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS256, $extraHeader); // HS384 signature $secret = '...'; // 256 bits secret $token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS384, $extraHeader); // HS512 signature $secret = '...'; // 256 bits secret $token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS512, $extraHeader); // RS256 $privateKey = openssl_get_privatekey($filename); $token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS256, $extraHeader); // RS384 $privateKey = openssl_get_privatekey($filename); $token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS384, $extraHeader); // RS512 $privateKey = openssl_get_privatekey($filename); $token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS512, $extraHeader); // decode $header = \Tmilos\JoseJwt\Jwt::header($token); // eventually also use other header data to indicate which key should be used switch($header['alg']) { case \Tmilos\JoseJwt\Jws\JwsAlgorithm::NONE: $key = null; break; case \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS256: case \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS384: case \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS512: $key = $secret; break; case \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS256: case \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS384: case \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS512: $key = $publicKey; break; } $payload = \Tmilos\JoseJwt\JWT::decode($context, $token, $key);
JWE API
$factory = new \Tmilos\JoseJwt\Context\DefaultContextFactory(); $context = $factory->get(); // Symmetric $payload = ['msg' => 'Hello!']; $extraHeader = ['iam'=>'my-id']; // DIR - A128CBC-HS256 $secret = '...'; // 256 bits secret $token = \Tmilos\JoseJwt\Jwe::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jwe\JweAlgorithm::DIR, \Tmilos\JoseJwt\Jwe\JweEncryption::A128CBC_HS256, $extraHeaders); // DIR - A192CBC-HS384 $secret = '...'; // 384 bits secret $token = \Tmilos\JoseJwt\Jwe::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jwe\JweAlgorithm::DIR, \Tmilos\JoseJwt\Jwe\JweEncryption::A192CBC_HS384, $extraHeaders); // DIR - A256CBC-HS512 $secret = '...'; // 512 bits secret $token = \Tmilos\JoseJwt\Jwe::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jwe\JweAlgorithm::DIR, \Tmilos\JoseJwt\Jwe\JweEncryption::A256CBC_HS512, $extraHeaders); // decode $payload = \Tmilos\JoseJwt\Jwe::decode($context, $token, $secret); // RSA $myPrivateKey = openssl_get_privatekey(); $partyPublicKey = openssl_get_publickey(); // RSA_OAEP - A128CBC-HS256 $token = \Tmilos\JoseJwt\Jwe::encode($context, $payload, $partyPublicKey, \Tmilos\JoseJwt\Jwe\JweAlgorithm::RSA_OAEP, \Tmilos\JoseJwt\Jwe\JweEncryption::A128CBC_HS256, $extraHeaders); // RSA_OAEP - A256CBC-HS512 $token = \Tmilos\JoseJwt\Jwe::encode($context, $payload, $partyPublicKey, \Tmilos\JoseJwt\Jwe\JweAlgorithm::RSA_OAEP, \Tmilos\JoseJwt\Jwe\JweEncryption::A256CBC_HS512, $extraHeaders); // decode $payload = \Tmilos\JoseJwt\Jwe::decode($context, $token, $myPrivateKey); // read header w/out decryption $header = \Tmilos\Tmilos\JoseJwt\Jwe::decode($token); // {"alg": "A192KW", "enc": "A128CBC-HS256", "typ": "JWT", "custom": "X"}