Library for parse and create JWT (JSON Web Token) in PHP, using PHP JWT Framework.
Install with composer :
composer require b2pweb/jwt
<?php
// Define algorithms
$jwa = new \B2pweb\Jwt\JWA();
$jwa = $jwa->filter(['HS256', 'HS512', 'RS256', 'RS512']); // Filter enabled algorithms
// Define your keys
$jwks = new \Jose\Component\Core\JWKSet([
\Jose\Component\KeyManagement\JWKFactory::createFromKeyFile($privKey, null, ['use' => 'sig', 'kid' => 'key-user']),
// ...
]);
// Encode a payload to JWT
$encoder = new \B2pweb\Jwt\JwtEncoder($jwa);
$jwt = $encoder->encode(
[
'iss' => 'https://example.com',
'aud' => 'https://example.com',
'iat' => time(),
'exp' => time() + 3600,
'sub' => '1234567890',
'name' => 'John Doe',
'admin' => true,
],
// You can configure encoding options here, like the key to use, the algorithm, ...
(new \B2pweb\Jwt\EncodingOptions($jwks))
->setAlgorithm('RS512')
->setKid('key-user')
);
// You can also use an object that implements \B2pweb\Jwt\ClaimsInterface
// allowing you to customize the claims serialization to JSON
// If you extends \B2pweb\Jwt\Claims, you can define Claims::$encodingFlags on the subclass to customize the JSON encoding flags
$claims = new \B2pweb\Jwt\Claims([
'iss' => 'https://example.com',
'aud' => 'https://example.com',
'iat' => time(),
'exp' => time() + 3600,
'sub' => '1234567890',
'name' => 'John Doe',
'admin' => true,
]);
$jwt = $encoder->encode(
$claims,
// You can use EncodingOptions::fromKey, which will automatically set the algorithm and the kid from the given key
\B2pweb\Jwt\EncodingOptions::fromKey(\Jose\Component\KeyManagement\JWKFactory::createFromSecret($secret, ['use' => 'sig', 'alg' => 'HS256']))
);
// Decode a JWT
$decoder = new \B2pweb\Jwt\JwtDecoder($jwa);
$token = $decoder->decode($jwt, $jwks); // Return a \B2pweb\Jwt\Claims object
$token->claim('iss'); // Return 'https://example.com'
// Yan can also define allowed algorithms using JwtDecoder::supportedAlgorithms()
$token = $decoder->supportedAlgorithms(['RS256', 'RS512'])->decode($jwt, $jwks);
// You can also decode a JWT without verifying the signature
$token = \B2pweb\Jwt\JWT::fromJwtUnsafe($jwt);