tmilos/jose-jwt

Javascript Object Signing and Encryption JOSE PHP library, supporting JSON Web Tokens JWT and JSON Web Encryption JWE

2.0.0 2017-01-26 10:34 UTC

This package is not auto-updated.

Last update: 2024-10-25 21:44:44 UTC


README

Javascript Object Signing and Encryption JOSE PHP library, supporting JSON Web Tokens JWT and JSON Web Encryption JWE.

Author License Build Status Coverage Status HHVM Status Scrutinizer Code Quality

JWT algorithms

Supported signing algorithms

JWE algorithms and encryptions

Supported JWE algorithms

Supported JWE encryption

JWT API

$factory = new \Tmilos\JoseJwt\Context\DefaultContextFactory();
$context = $factory->get();

$payload = ['msg' => 'Hello!'];
$extraHeader = ['iam'=>'my-id'];

// plain (no signature) token
$token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, null, \Tmilos\JoseJwt\Jws\JwsAlgorithm::NONE, $extraHeader);

// HS256 signature
$secret = '...'; // 256 bits secret
$token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS256, $extraHeader);

// HS384 signature
$secret = '...'; // 256 bits secret
$token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS384, $extraHeader);

// HS512 signature
$secret = '...'; // 256 bits secret
$token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS512, $extraHeader);

// RS256
$privateKey = openssl_get_privatekey($filename);
$token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS256, $extraHeader);

// RS384
$privateKey = openssl_get_privatekey($filename);
$token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS384, $extraHeader);

// RS512
$privateKey = openssl_get_privatekey($filename);
$token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS512, $extraHeader);

// decode
$header = \Tmilos\JoseJwt\Jwt::header($token);
// eventually also use other header data to indicate which key should be used
switch($header['alg']) {
    case \Tmilos\JoseJwt\Jws\JwsAlgorithm::NONE:
        $key = null;
        break;
    case \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS256:
    case \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS384:
    case \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS512:
        $key = $secret;
        break;
    case \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS256:
    case \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS384:
    case \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS512:
        $key = $publicKey;
        break;
}
$payload = \Tmilos\JoseJwt\JWT::decode($context, $token, $key);

JWE API

$factory = new \Tmilos\JoseJwt\Context\DefaultContextFactory();
$context = $factory->get();

// Symmetric
$payload = ['msg' => 'Hello!'];
$extraHeader = ['iam'=>'my-id'];

// DIR - A128CBC-HS256
$secret = '...'; // 256 bits secret
$token = \Tmilos\JoseJwt\Jwe::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jwe\JweAlgorithm::DIR, \Tmilos\JoseJwt\Jwe\JweEncryption::A128CBC_HS256, $extraHeaders);

// DIR - A192CBC-HS384
$secret = '...'; // 384 bits secret
$token = \Tmilos\JoseJwt\Jwe::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jwe\JweAlgorithm::DIR, \Tmilos\JoseJwt\Jwe\JweEncryption::A192CBC_HS384, $extraHeaders);

// DIR - A256CBC-HS512
$secret = '...'; // 512 bits secret
$token = \Tmilos\JoseJwt\Jwe::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jwe\JweAlgorithm::DIR, \Tmilos\JoseJwt\Jwe\JweEncryption::A256CBC_HS512, $extraHeaders);

// decode
$payload = \Tmilos\JoseJwt\Jwe::decode($context, $token, $secret);

// RSA
$myPrivateKey = openssl_get_privatekey();
$partyPublicKey = openssl_get_publickey();

// RSA_OAEP - A128CBC-HS256
$token = \Tmilos\JoseJwt\Jwe::encode($context, $payload, $partyPublicKey, \Tmilos\JoseJwt\Jwe\JweAlgorithm::RSA_OAEP, \Tmilos\JoseJwt\Jwe\JweEncryption::A128CBC_HS256, $extraHeaders);

// RSA_OAEP - A256CBC-HS512
$token = \Tmilos\JoseJwt\Jwe::encode($context, $payload, $partyPublicKey, \Tmilos\JoseJwt\Jwe\JweAlgorithm::RSA_OAEP, \Tmilos\JoseJwt\Jwe\JweEncryption::A256CBC_HS512, $extraHeaders);

// decode
$payload = \Tmilos\JoseJwt\Jwe::decode($context, $token, $myPrivateKey);

// read header w/out decryption
$header = \Tmilos\Tmilos\JoseJwt\Jwe::decode($token); // {"alg": "A192KW", "enc": "A128CBC-HS256", "typ": "JWT", "custom": "X"}