-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2 from alancting/integration
Integration base (#1)
- Loading branch information
Showing
31 changed files
with
1,274 additions
and
332 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
name: Test Coveralls | ||
|
||
on: | ||
push: | ||
branches: [master, integration] | ||
pull_request: | ||
branches: [master, integration] | ||
|
||
jobs: | ||
build: | ||
name: Build | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v2 | ||
|
||
- name: Validate composer.json and composer.lock | ||
run: composer validate | ||
|
||
- name: Cache Composer packages | ||
id: composer-cache | ||
uses: actions/cache@v2 | ||
with: | ||
path: vendor | ||
key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }} | ||
restore-keys: | | ||
${{ runner.os }}-php- | ||
- name: Install dependencies | ||
if: steps.composer-cache.outputs.cache-hit != 'true' | ||
run: composer install --prefer-dist --no-progress --no-suggest | ||
|
||
- name: Run test and submit to coveralls | ||
env: | ||
COVERALLS_REPO_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
run: | | ||
composer run coveralls |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
name: PHP Composer | ||
|
||
on: | ||
push: | ||
branches: [master, integration] | ||
pull_request: | ||
branches: [master, integration] | ||
|
||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
|
||
steps: | ||
- uses: actions/checkout@v2 | ||
|
||
- name: Validate composer.json and composer.lock | ||
run: composer validate | ||
|
||
- name: Cache Composer packages | ||
id: composer-cache | ||
uses: actions/cache@v2 | ||
with: | ||
path: vendor | ||
key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }} | ||
restore-keys: | | ||
${{ runner.os }}-php- | ||
- name: Install dependencies | ||
if: steps.composer-cache.outputs.cache-hit != 'true' | ||
run: composer install --prefer-dist --no-progress --no-suggest | ||
|
||
- name: Run test suite | ||
run: composer run test |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,3 +3,10 @@ phpunit.phar | |
phpunit.phar.asc | ||
composer.phar | ||
composer.lock | ||
|
||
coverage | ||
coverage/* | ||
|
||
build | ||
|
||
.coveralls.yml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,5 @@ | ||
BSD 3-Clause License | ||
|
||
Copyright (c) 2011, Neuman Vong | ||
|
||
All rights reserved. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,200 +1,76 @@ | ||
[![Build Status](https://travis-ci.org/firebase/php-jwt.png?branch=master)](https://travis-ci.org/firebase/php-jwt) | ||
[![Latest Stable Version](https://poser.pugx.org/firebase/php-jwt/v/stable)](https://packagist.org/packages/firebase/php-jwt) | ||
[![Total Downloads](https://poser.pugx.org/firebase/php-jwt/downloads)](https://packagist.org/packages/firebase/php-jwt) | ||
[![License](https://poser.pugx.org/firebase/php-jwt/license)](https://packagist.org/packages/firebase/php-jwt) | ||
[![firebase/php-jwt Version](https://img.shields.io/static/v1?label=firebase%2Fphp-jwt&message=5.2.0&color=blue&style=for-the-badge)](https://github.com/firebase/php-jwt/tree/v5.2.0) | ||
[![Test](https://img.shields.io/github/workflow/status/alancting/php-adfs-jwt/PHP%20Composer?label=TEST&style=for-the-badge)](https://github.com/alancting/php-adfs-jwt) | ||
[![Coverage Status](https://img.shields.io/coveralls/github/alancting/php-adfs-jwt/master?style=for-the-badge)](https://coveralls.io/github/alancting/php-adfs-jwt?branch=master) | ||
[![GitHub license](https://img.shields.io/github/license/alancting/php-adfs-jwt?color=blue&style=for-the-badge)](https://github.com/alancting/php-adfs-jwt/blob/master/LICENCE) | ||
|
||
PHP-JWT | ||
======= | ||
A simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming to [RFC 7519](https://tools.ietf.org/html/rfc7519). | ||
# PHP-ADFS-JWT | ||
|
||
Installation | ||
------------ | ||
A simple library to encode and decode Microsoft Active Directory Federation Services ([ADFS](https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/ad-fs-overview)) JSON Web Tokens (JWT) in PHP, conforming to [RFC 7519](https://tools.ietf.org/html/rfc7519). | ||
|
||
Use composer to manage your dependencies and download PHP-JWT: | ||
**Forked From [firebase/php-jwt](https://github.com/firebase/php-jwt)** | ||
|
||
## Installation | ||
|
||
Use composer to manage your dependencies and download PHP-ADFS-JWT: | ||
|
||
```bash | ||
composer require firebase/php-jwt | ||
composer require alancting/php-adfs-jwt | ||
``` | ||
|
||
Example | ||
------- | ||
## Example | ||
|
||
```php | ||
<?php | ||
use \Firebase\JWT\JWT; | ||
|
||
$key = "example_key"; | ||
$payload = array( | ||
"iss" => "http://example.org", | ||
"aud" => "http://example.com", | ||
"iat" => 1356999524, | ||
"nbf" => 1357000000 | ||
); | ||
use Alancting\Adfs\JWT\Adfs\AdfsConfiguration; | ||
use Alancting\Adfs\JWT\Adfs\AdfsAccessTokenJWT; | ||
use Alancting\Adfs\JWT\Adfs\AdfsIdTokenJWT; | ||
|
||
$openid_configuration_url = 'https://[Your ADFS hostname]/adfs/.well-known/openid-configuration'; | ||
$client_id = 'your_client_id'; | ||
|
||
/** | ||
* IMPORTANT: | ||
* You must specify supported algorithms for your application. See | ||
* https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40 | ||
* for a list of spec-compliant algorithms. | ||
* AdfsConfiguration will fetch the issuers, audiences and jwks for jwt validation | ||
*/ | ||
$jwt = JWT::encode($payload, $key); | ||
$decoded = JWT::decode($jwt, $key, array('HS256')); | ||
$adfs_configs = new AdfsConfiguration($openid_configuration_url, $client_id); | ||
|
||
print_r($decoded); | ||
|
||
/* | ||
NOTE: This will now be an object instead of an associative array. To get | ||
an associative array, you will need to cast it as such: | ||
*/ | ||
|
||
$decoded_array = (array) $decoded; | ||
$id_token_jwt = 'id.token.jwt'; | ||
$access_token_jwt = 'access.token.jwt'; | ||
|
||
/** | ||
* You can add a leeway to account for when there is a clock skew times between | ||
* the signing and verifying servers. It is recommended that this leeway should | ||
* not be bigger than a few minutes. | ||
* | ||
* Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef | ||
* If the jwt is invalid, exception will be thrown. | ||
*/ | ||
JWT::$leeway = 60; // $leeway in seconds | ||
$decoded = JWT::decode($jwt, $key, array('HS256')); | ||
$access_token = new AdfsAccessTokenJWT($adfs_configs, $access_token_jwt); | ||
echo "\n"; | ||
// Getting the payload from access token | ||
print_r($access_token->getPayload()); | ||
echo "\n"; | ||
|
||
$id_token = new AdfsIdTokenJWT($adfs_configs, $id_token_jwt); | ||
echo "\n"; | ||
// Getting the unique_name(username) from id token | ||
echo $id_token->getUsername(); | ||
echo "\n"; | ||
// Getting the payload from id token | ||
print_r($id_token->getPayload()); | ||
echo "\n"; | ||
|
||
?> | ||
``` | ||
Example with RS256 (openssl) | ||
---------------------------- | ||
```php | ||
<?php | ||
use \Firebase\JWT\JWT; | ||
|
||
$privateKey = <<<EOD | ||
-----BEGIN RSA PRIVATE KEY----- | ||
MIICXAIBAAKBgQC8kGa1pSjbSYZVebtTRBLxBz5H4i2p/llLCrEeQhta5kaQu/Rn | ||
vuER4W8oDH3+3iuIYW4VQAzyqFpwuzjkDI+17t5t0tyazyZ8JXw+KgXTxldMPEL9 | ||
5+qVhgXvwtihXC1c5oGbRlEDvDF6Sa53rcFVsYJ4ehde/zUxo6UvS7UrBQIDAQAB | ||
AoGAb/MXV46XxCFRxNuB8LyAtmLDgi/xRnTAlMHjSACddwkyKem8//8eZtw9fzxz | ||
bWZ/1/doQOuHBGYZU8aDzzj59FZ78dyzNFoF91hbvZKkg+6wGyd/LrGVEB+Xre0J | ||
Nil0GReM2AHDNZUYRv+HYJPIOrB0CRczLQsgFJ8K6aAD6F0CQQDzbpjYdx10qgK1 | ||
cP59UHiHjPZYC0loEsk7s+hUmT3QHerAQJMZWC11Qrn2N+ybwwNblDKv+s5qgMQ5 | ||
5tNoQ9IfAkEAxkyffU6ythpg/H0Ixe1I2rd0GbF05biIzO/i77Det3n4YsJVlDck | ||
ZkcvY3SK2iRIL4c9yY6hlIhs+K9wXTtGWwJBAO9Dskl48mO7woPR9uD22jDpNSwe | ||
k90OMepTjzSvlhjbfuPN1IdhqvSJTDychRwn1kIJ7LQZgQ8fVz9OCFZ/6qMCQGOb | ||
qaGwHmUK6xzpUbbacnYrIM6nLSkXgOAwv7XXCojvY614ILTK3iXiLBOxPu5Eu13k | ||
eUz9sHyD6vkgZzjtxXECQAkp4Xerf5TGfQXGXhxIX52yH+N2LtujCdkQZjXAsGdm | ||
B2zNzvrlgRmgBrklMTrMYgm1NPcW+bRLGcwgW2PTvNM= | ||
-----END RSA PRIVATE KEY----- | ||
EOD; | ||
|
||
$publicKey = <<<EOD | ||
-----BEGIN PUBLIC KEY----- | ||
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8kGa1pSjbSYZVebtTRBLxBz5H | ||
4i2p/llLCrEeQhta5kaQu/RnvuER4W8oDH3+3iuIYW4VQAzyqFpwuzjkDI+17t5t | ||
0tyazyZ8JXw+KgXTxldMPEL95+qVhgXvwtihXC1c5oGbRlEDvDF6Sa53rcFVsYJ4 | ||
ehde/zUxo6UvS7UrBQIDAQAB | ||
-----END PUBLIC KEY----- | ||
EOD; | ||
|
||
$payload = array( | ||
"iss" => "example.org", | ||
"aud" => "example.com", | ||
"iat" => 1356999524, | ||
"nbf" => 1357000000 | ||
); | ||
|
||
$jwt = JWT::encode($payload, $privateKey, 'RS256'); | ||
echo "Encode:\n" . print_r($jwt, true) . "\n"; | ||
|
||
$decoded = JWT::decode($jwt, $publicKey, array('RS256')); | ||
|
||
/* | ||
NOTE: This will now be an object instead of an associative array. To get | ||
an associative array, you will need to cast it as such: | ||
*/ | ||
|
||
$decoded_array = (array) $decoded; | ||
echo "Decode:\n" . print_r($decoded_array, true) . "\n"; | ||
?> | ||
/** | ||
* You might want to 'cache' the tokens for expire validation | ||
* To check whether the access token and id token are expired, simply call | ||
*/ | ||
echo ($access_token->isExpired()) ? 'Access token is expired' : 'Access token is valid'; | ||
echo ($id_token->isExpired()) ? 'Id token is expired' : 'Id token is valid'; | ||
``` | ||
|
||
Changelog | ||
--------- | ||
|
||
#### 5.0.0 / 2017-06-26 | ||
- Support RS384 and RS512. | ||
See [#117](https://github.com/firebase/php-jwt/pull/117). Thanks [@joostfaassen](https://github.com/joostfaassen)! | ||
- Add an example for RS256 openssl. | ||
See [#125](https://github.com/firebase/php-jwt/pull/125). Thanks [@akeeman](https://github.com/akeeman)! | ||
- Detect invalid Base64 encoding in signature. | ||
See [#162](https://github.com/firebase/php-jwt/pull/162). Thanks [@psignoret](https://github.com/psignoret)! | ||
- Update `JWT::verify` to handle OpenSSL errors. | ||
See [#159](https://github.com/firebase/php-jwt/pull/159). Thanks [@bshaffer](https://github.com/bshaffer)! | ||
- Add `array` type hinting to `decode` method | ||
See [#101](https://github.com/firebase/php-jwt/pull/101). Thanks [@hywak](https://github.com/hywak)! | ||
- Add all JSON error types. | ||
See [#110](https://github.com/firebase/php-jwt/pull/110). Thanks [@gbalduzzi](https://github.com/gbalduzzi)! | ||
- Bugfix 'kid' not in given key list. | ||
See [#129](https://github.com/firebase/php-jwt/pull/129). Thanks [@stampycode](https://github.com/stampycode)! | ||
- Miscellaneous cleanup, documentation and test fixes. | ||
See [#107](https://github.com/firebase/php-jwt/pull/107), [#115](https://github.com/firebase/php-jwt/pull/115), | ||
[#160](https://github.com/firebase/php-jwt/pull/160), [#161](https://github.com/firebase/php-jwt/pull/161), and | ||
[#165](https://github.com/firebase/php-jwt/pull/165). Thanks [@akeeman](https://github.com/akeeman), | ||
[@chinedufn](https://github.com/chinedufn), and [@bshaffer](https://github.com/bshaffer)! | ||
|
||
#### 4.0.0 / 2016-07-17 | ||
- Add support for late static binding. See [#88](https://github.com/firebase/php-jwt/pull/88) for details. Thanks to [@chappy84](https://github.com/chappy84)! | ||
- Use static `$timestamp` instead of `time()` to improve unit testing. See [#93](https://github.com/firebase/php-jwt/pull/93) for details. Thanks to [@josephmcdermott](https://github.com/josephmcdermott)! | ||
- Fixes to exceptions classes. See [#81](https://github.com/firebase/php-jwt/pull/81) for details. Thanks to [@Maks3w](https://github.com/Maks3w)! | ||
- Fixes to PHPDoc. See [#76](https://github.com/firebase/php-jwt/pull/76) for details. Thanks to [@akeeman](https://github.com/akeeman)! | ||
|
||
#### 3.0.0 / 2015-07-22 | ||
- Minimum PHP version updated from `5.2.0` to `5.3.0`. | ||
- Add `\Firebase\JWT` namespace. See | ||
[#59](https://github.com/firebase/php-jwt/pull/59) for details. Thanks to | ||
[@Dashron](https://github.com/Dashron)! | ||
- Require a non-empty key to decode and verify a JWT. See | ||
[#60](https://github.com/firebase/php-jwt/pull/60) for details. Thanks to | ||
[@sjones608](https://github.com/sjones608)! | ||
- Cleaner documentation blocks in the code. See | ||
[#62](https://github.com/firebase/php-jwt/pull/62) for details. Thanks to | ||
[@johanderuijter](https://github.com/johanderuijter)! | ||
|
||
#### 2.2.0 / 2015-06-22 | ||
- Add support for adding custom, optional JWT headers to `JWT::encode()`. See | ||
[#53](https://github.com/firebase/php-jwt/pull/53/files) for details. Thanks to | ||
[@mcocaro](https://github.com/mcocaro)! | ||
|
||
#### 2.1.0 / 2015-05-20 | ||
- Add support for adding a leeway to `JWT:decode()` that accounts for clock skew | ||
between signing and verifying entities. Thanks to [@lcabral](https://github.com/lcabral)! | ||
- Add support for passing an object implementing the `ArrayAccess` interface for | ||
`$keys` argument in `JWT::decode()`. Thanks to [@aztech-dev](https://github.com/aztech-dev)! | ||
|
||
#### 2.0.0 / 2015-04-01 | ||
- **Note**: It is strongly recommended that you update to > v2.0.0 to address | ||
known security vulnerabilities in prior versions when both symmetric and | ||
asymmetric keys are used together. | ||
- Update signature for `JWT::decode(...)` to require an array of supported | ||
algorithms to use when verifying token signatures. | ||
|
||
|
||
Tests | ||
----- | ||
## Tests | ||
|
||
Run the tests using phpunit: | ||
|
||
```bash | ||
$ pear install PHPUnit | ||
$ phpunit --configuration phpunit.xml.dist | ||
PHPUnit 3.7.10 by Sebastian Bergmann. | ||
..... | ||
Time: 0 seconds, Memory: 2.50Mb | ||
OK (5 tests, 5 assertions) | ||
$ composer run test | ||
``` | ||
|
||
New Lines in private keys | ||
----- | ||
|
||
If your private key contains `\n` characters, be sure to wrap it in double quotes `""` | ||
and not single quotes `''` in order to properly interpret the escaped characters. | ||
## License | ||
|
||
License | ||
------- | ||
[3-Clause BSD](http://opensource.org/licenses/BSD-3-Clause). |
Oops, something went wrong.