torugo/jwt

Simple library to handle Json Web Tokens.

Maintainers

Details

github.com/vitor-hugo/jwt

Source

Issues

Installs: 31

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 1

Forks: 0

Open Issues: 0

1.1.0 2024-09-27 22:49 UTC

Requires

Requires (Dev)

MIT 92afb30ffea9cd199c4fe96ca05824b8da3164e6

  • vitor-hugo <vitor83dev.woop@gmail.com>

This package is auto-updated.

Last update: 2025-04-28 00:04:41 UTC

README

Simple PHP library to handle Json Web Tokens (JWT).

Table of Contents

Requirements

  • PHP 8+
  • PHP mbstring extension installed and loaded.
  • PHP openssl extension installed and loaded.
  • Composer 2+

Installation via composer

composer require torugo/jwt

Supported algorithms

For now only the algorithms listed below are supported:

Algorithm JWTALg enum Key
HS256 JWTAlg::HS256 Symmetric key
HS384 JWTAlg::HS384 Symmetric key
HS512 JWTAlg::HS512 Symmetric key
RS256 JWTAlg::RS256 Private/Public RSA keys
RS384 JWTAlg::RS384 Private/Public RSA keys
RS512 JWTAlg::RS512 Private/Public RSA keys

Usage

Encoding

use Torugo\JWT\JWT;
use Torugo\JWT\Enums\JwtAlg;

$key = "example_key_Jr6QWaxb7pgerDJgL";

$payload = [
    "sid" => "session_id",
    "uid" => "user_id",
    // ... more data
    "iat" => 1724972934, // if not present, this library adds automatically
    "nbf" => 1724000000, // if not present, this library adds automatically
    "ext" => 1724973234, // if not present, this library adds automatically
];

$jwt = JWT::encode($payload, $key, JWTAlg::HS256);

Decoding

Validating the token

The method validate checks the token signature and the time controls.
Returns the payload content as a key=>pair array.

Throws:

  • InvalidTokenException: When the signature or structure is invalid.
  • ExpiredTokenException: The token signature is valid, but the token time expired.
  • InvalidKeyException: When the key type is invalid (not when the key is incorret).
use Torugo\JWT\JWT;
use Torugo\JWT\Exceptions\ExpiredTokenException;
use Torugo\JWT\Exceptions\InvalidKeyException;
use Torugo\JWT\Exceptions\InvalidTokenException;

$key = "example_key_Jr6QWaxb7pgerDJgL";

try {
    $payload = JWT::validate($jwt, $key);
} catch (ExpiredTokenException $e) {
    // Handle exception
} catch (InvalidTokenException $e) {
    // Handle exception
} catch (InvalidKeyException $e) {
    // Handle exception
}

Getting the token payload without validating it

Getting token payload without validation is insecure, use this method at your own risk.

$payload = JWT::decodePayload($jwt, $key);

You can use this method to refresh the token when the token expires.
Example

try {
    $payload = JWT::decodePayload($jwt, $key);
} catch (ExpiredTokenException $e) {
    // When using RS256, RS384 or RS512 you must also pass the privateKey
    // On HS algorithms it is not needed
    $token = JWT::refreshToken($token, $publicKey, $privatekey);
} catch (\Throwable $e) {
    // Handle exception
}

Contribute

It is currently not open to contributions, I intend to make it available as soon as possible.

License

This library is licensed under the MIT License - see the LICENSE file for details.