| 103 |
- |
1 |
[](https://travis-ci.org/firebase/php-jwt)
|
|
|
2 |
[](https://packagist.org/packages/firebase/php-jwt)
|
|
|
3 |
[](https://packagist.org/packages/firebase/php-jwt)
|
|
|
4 |
[](https://packagist.org/packages/firebase/php-jwt)
|
|
|
5 |
|
|
|
6 |
PHP-JWT
|
|
|
7 |
=======
|
|
|
8 |
A simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming to [RFC 7519](https://tools.ietf.org/html/rfc7519).
|
|
|
9 |
|
|
|
10 |
Installation
|
|
|
11 |
------------
|
|
|
12 |
|
|
|
13 |
Use composer to manage your dependencies and download PHP-JWT:
|
|
|
14 |
|
|
|
15 |
```bash
|
|
|
16 |
composer require firebase/php-jwt
|
|
|
17 |
```
|
|
|
18 |
|
|
|
19 |
Example
|
|
|
20 |
-------
|
|
|
21 |
```php
|
|
|
22 |
<?php
|
|
|
23 |
use \Firebase\JWT\JWT;
|
|
|
24 |
|
|
|
25 |
$key = "example_key";
|
|
|
26 |
$token = array(
|
|
|
27 |
"iss" => "http://example.org",
|
|
|
28 |
"aud" => "http://example.com",
|
|
|
29 |
"iat" => 1356999524,
|
|
|
30 |
"nbf" => 1357000000
|
|
|
31 |
);
|
|
|
32 |
|
|
|
33 |
/**
|
|
|
34 |
* IMPORTANT:
|
|
|
35 |
* You must specify supported algorithms for your application. See
|
|
|
36 |
* https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40
|
|
|
37 |
* for a list of spec-compliant algorithms.
|
|
|
38 |
*/
|
|
|
39 |
$jwt = JWT::encode($token, $key);
|
|
|
40 |
$decoded = JWT::decode($jwt, $key, array('HS256'));
|
|
|
41 |
|
|
|
42 |
print_r($decoded);
|
|
|
43 |
|
|
|
44 |
/*
|
|
|
45 |
NOTE: This will now be an object instead of an associative array. To get
|
|
|
46 |
an associative array, you will need to cast it as such:
|
|
|
47 |
*/
|
|
|
48 |
|
|
|
49 |
$decoded_array = (array) $decoded;
|
|
|
50 |
|
|
|
51 |
/**
|
|
|
52 |
* You can add a leeway to account for when there is a clock skew times between
|
|
|
53 |
* the signing and verifying servers. It is recommended that this leeway should
|
|
|
54 |
* not be bigger than a few minutes.
|
|
|
55 |
*
|
|
|
56 |
* Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef
|
|
|
57 |
*/
|
|
|
58 |
JWT::$leeway = 60; // $leeway in seconds
|
|
|
59 |
$decoded = JWT::decode($jwt, $key, array('HS256'));
|
|
|
60 |
|
|
|
61 |
?>
|
|
|
62 |
```
|
|
|
63 |
|
|
|
64 |
Changelog
|
|
|
65 |
---------
|
|
|
66 |
|
|
|
67 |
#### 4.0.0 / 2016-07-17
|
|
|
68 |
- Add support for late static binding. See [#88](https://github.com/firebase/php-jwt/pull/88) for details. Thanks to [@chappy84](https://github.com/chappy84)!
|
|
|
69 |
- Use static `$timestamp` instead of `time()` to improve unit testing. See [#93](https://github.com/firebase/php-jwt/pull/93) for details. Thanks to [@josephmcdermott](https://github.com/josephmcdermott)!
|
|
|
70 |
- Fixes to exceptions classes. See [#81](https://github.com/firebase/php-jwt/pull/81) for details. Thanks to [@Maks3w](https://github.com/Maks3w)!
|
|
|
71 |
- Fixes to PHPDoc. See [#76](https://github.com/firebase/php-jwt/pull/76) for details. Thanks to [@akeeman](https://github.com/akeeman)!
|
|
|
72 |
|
|
|
73 |
#### 3.0.0 / 2015-07-22
|
|
|
74 |
- Minimum PHP version updated from `5.2.0` to `5.3.0`.
|
|
|
75 |
- Add `\Firebase\JWT` namespace. See
|
|
|
76 |
[#59](https://github.com/firebase/php-jwt/pull/59) for details. Thanks to
|
|
|
77 |
[@Dashron](https://github.com/Dashron)!
|
|
|
78 |
- Require a non-empty key to decode and verify a JWT. See
|
|
|
79 |
[#60](https://github.com/firebase/php-jwt/pull/60) for details. Thanks to
|
|
|
80 |
[@sjones608](https://github.com/sjones608)!
|
|
|
81 |
- Cleaner documentation blocks in the code. See
|
|
|
82 |
[#62](https://github.com/firebase/php-jwt/pull/62) for details. Thanks to
|
|
|
83 |
[@johanderuijter](https://github.com/johanderuijter)!
|
|
|
84 |
|
|
|
85 |
#### 2.2.0 / 2015-06-22
|
|
|
86 |
- Add support for adding custom, optional JWT headers to `JWT::encode()`. See
|
|
|
87 |
[#53](https://github.com/firebase/php-jwt/pull/53/files) for details. Thanks to
|
|
|
88 |
[@mcocaro](https://github.com/mcocaro)!
|
|
|
89 |
|
|
|
90 |
#### 2.1.0 / 2015-05-20
|
|
|
91 |
- Add support for adding a leeway to `JWT:decode()` that accounts for clock skew
|
|
|
92 |
between signing and verifying entities. Thanks to [@lcabral](https://github.com/lcabral)!
|
|
|
93 |
- Add support for passing an object implementing the `ArrayAccess` interface for
|
|
|
94 |
`$keys` argument in `JWT::decode()`. Thanks to [@aztech-dev](https://github.com/aztech-dev)!
|
|
|
95 |
|
|
|
96 |
#### 2.0.0 / 2015-04-01
|
|
|
97 |
- **Note**: It is strongly recommended that you update to > v2.0.0 to address
|
|
|
98 |
known security vulnerabilities in prior versions when both symmetric and
|
|
|
99 |
asymmetric keys are used together.
|
|
|
100 |
- Update signature for `JWT::decode(...)` to require an array of supported
|
|
|
101 |
algorithms to use when verifying token signatures.
|
|
|
102 |
|
|
|
103 |
|
|
|
104 |
Tests
|
|
|
105 |
-----
|
|
|
106 |
Run the tests using phpunit:
|
|
|
107 |
|
|
|
108 |
```bash
|
|
|
109 |
$ pear install PHPUnit
|
|
|
110 |
$ phpunit --configuration phpunit.xml.dist
|
|
|
111 |
PHPUnit 3.7.10 by Sebastian Bergmann.
|
|
|
112 |
.....
|
|
|
113 |
Time: 0 seconds, Memory: 2.50Mb
|
|
|
114 |
OK (5 tests, 5 assertions)
|
|
|
115 |
```
|
|
|
116 |
|
|
|
117 |
License
|
|
|
118 |
-------
|
|
|
119 |
[3-Clause BSD](http://opensource.org/licenses/BSD-3-Clause).
|