JSON Web Token implementation, based on this spec:
https://tools.ietf.org/html/rfc7519

PHP version 5

CloneableInstantiable
Constants
public Firebase\JWT\JWT::ASN1_BIT_STRING = 3
public Firebase\JWT\JWT::ASN1_INTEGER = 2
public Firebase\JWT\JWT::ASN1_SEQUENCE = 16
Properties
public static $leeway
 

When checking nbf, iat or expiration times,
we want to provide some extra leeway time to
account for clock skew.

public static $supported_algs = ['ES256' => ['openssl', 'SHA256'], 'HS256' => ['hash_hmac', 'SHA256'], 'HS384' => ['hash_hmac', 'SHA384'], 'HS512' => ['hash_hmac', 'SHA512'], 'RS256' => ['openssl', 'SHA256'], 'RS384' => ['openssl', 'SHA384'], 'RS512' => ['openssl', 'SHA512']]
public static $timestamp
 

Allow the current timestamp to be specified.

Useful for fixing a value within unit testing.

Will default to PHP time() value if null.

Methods
public static decode( $jwt, $key, array $allowed_algs = [])
 

Decodes a JWT string into a PHP object.

public static encode( $payload, $key, $alg = 'HS256', $keyId = NULL, $head = NULL)
 

Converts and signs a PHP object or array into a JWT string.

  • return string A signed JWT
  • uses \jsonEncode
  • uses \urlsafeB64Encode
public static jsonDecode( $input)
 

Decode a JSON string into a PHP object.

  • return object Object representation of JSON string
  • throws DomainException Provided string was invalid JSON
public static jsonEncode( $input)
 

Encode a PHP object into a JSON string.

  • return string JSON representation of the PHP object or array
  • throws DomainException Provided object could not be encoded to valid JSON
public static sign( $msg, $key, $alg = 'HS256')
 

Sign a string with a given key and algorithm.

  • return string An encrypted message
  • throws DomainException Unsupported algorithm was specified
public static urlsafeB64Decode( $input)
 

Decode a string with URL-safe Base64.

  • return string A decoded string
public static urlsafeB64Encode( $input)
 

Encode a string with URL-safe Base64.

  • return string The base64 encode of what you passed in
Methods
private static encodeDER( $type, $value)
 

Encodes a value into a DER object.

  • return string the encoded object
private static handleJsonError( $errno)
 

Helper method to create a JSON error.

  • return void
private static readDER( $der, $offset = 0)
 

Reads binary DER-encoded data and decodes into a single object

  • return array [$offset, $data] the new offset and the decoded object
private static safeStrlen( $str)
 

Get the number of bytes in cryptographic strings.

  • return int
private static signatureFromDER( $der, $keySize)
 

Encodes signature from a DER object.

  • return string the signature
private static signatureToDER( $sig)
 

Convert an ECDSA signature to an ASN.1 DER sequence

  • return string The encoded DER object
private static verify( $msg, $signature, $key, $alg)
 

Verify a signature with the message, key and method. Not all methods
are symmetric, so we must have a separate verify and sign method.

  • return bool
  • throws DomainException Invalid Algorithm or OpenSSL failure
Properties
public static $leeway
 

When checking nbf, iat or expiration times,
we want to provide some extra leeway time to
account for clock skew.

public static $supported_algs = ['ES256' => ['openssl', 'SHA256'], 'HS256' => ['hash_hmac', 'SHA256'], 'HS384' => ['hash_hmac', 'SHA384'], 'HS512' => ['hash_hmac', 'SHA512'], 'RS256' => ['openssl', 'SHA256'], 'RS384' => ['openssl', 'SHA384'], 'RS512' => ['openssl', 'SHA512']]
public static $timestamp
 

Allow the current timestamp to be specified.

Useful for fixing a value within unit testing.

Will default to PHP time() value if null.

Methods
public static decode( $jwt, $key, array $allowed_algs = [])
 

Decodes a JWT string into a PHP object.

public static encode( $payload, $key, $alg = 'HS256', $keyId = NULL, $head = NULL)
 

Converts and signs a PHP object or array into a JWT string.

  • return string A signed JWT
  • uses \jsonEncode
  • uses \urlsafeB64Encode
private static encodeDER( $type, $value)
 

Encodes a value into a DER object.

  • return string the encoded object
private static handleJsonError( $errno)
 

Helper method to create a JSON error.

  • return void
public static jsonDecode( $input)
 

Decode a JSON string into a PHP object.

  • return object Object representation of JSON string
  • throws DomainException Provided string was invalid JSON
public static jsonEncode( $input)
 

Encode a PHP object into a JSON string.

  • return string JSON representation of the PHP object or array
  • throws DomainException Provided object could not be encoded to valid JSON
private static readDER( $der, $offset = 0)
 

Reads binary DER-encoded data and decodes into a single object

  • return array [$offset, $data] the new offset and the decoded object
private static safeStrlen( $str)
 

Get the number of bytes in cryptographic strings.

  • return int
public static sign( $msg, $key, $alg = 'HS256')
 

Sign a string with a given key and algorithm.

  • return string An encrypted message
  • throws DomainException Unsupported algorithm was specified
private static signatureFromDER( $der, $keySize)
 

Encodes signature from a DER object.

  • return string the signature
private static signatureToDER( $sig)
 

Convert an ECDSA signature to an ASN.1 DER sequence

  • return string The encoded DER object
public static urlsafeB64Decode( $input)
 

Decode a string with URL-safe Base64.

  • return string A decoded string
public static urlsafeB64Encode( $input)
 

Encode a string with URL-safe Base64.

  • return string The base64 encode of what you passed in
private static verify( $msg, $signature, $key, $alg)
 

Verify a signature with the message, key and method. Not all methods
are symmetric, so we must have a separate verify and sign method.

  • return bool
  • throws DomainException Invalid Algorithm or OpenSSL failure
© 2020 Bruce Wells
Search Namespaces \ Classes
ConfigurationNumbers (0-9.) only