zoukankan      html  css  js  c++  java
  • GitHub

    Build Status Latest Stable Version Total Downloads License

    PHP-JWT

    A simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming to RFC 7519.

    Installation

    Use composer to manage your dependencies and download PHP-JWT:

    composer require firebase/php-jwt

    Example

    <?php
    use FirebaseJWTJWT;
    
    $key = "example_key";
    $token = array(
        "iss" => "http://example.org",
        "aud" => "http://example.com",
        "iat" => 1356999524,
        "nbf" => 1357000000
    );
    
    /**
     * IMPORTANT:
     * You must specify supported algorithms for your application. See
     * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40
     * for a list of spec-compliant algorithms.
     */
    $jwt = JWT::encode($token, $key);
    $decoded = JWT::decode($jwt, $key, array('HS256'));
    
    print_r($decoded);
    
    /*
     NOTE: This will now be an object instead of an associative array. To get
     an associative array, you will need to cast it as such:
    */
    
    $decoded_array = (array) $decoded;
    
    /**
     * You can add a leeway to account for when there is a clock skew times between
     * the signing and verifying servers. It is recommended that this leeway should
     * not be bigger than a few minutes.
     *
     * Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef
     */
    JWT::$leeway = 60; // $leeway in seconds
    $decoded = JWT::decode($jwt, $key, array('HS256'));
    
    ?>

    Example with RS256 (openssl)

    <?php
    use FirebaseJWTJWT;
    
    $privateKey = <<<EOD
    -----BEGIN RSA PRIVATE KEY-----
    MIICXAIBAAKBgQC8kGa1pSjbSYZVebtTRBLxBz5H4i2p/llLCrEeQhta5kaQu/Rn
    vuER4W8oDH3+3iuIYW4VQAzyqFpwuzjkDI+17t5t0tyazyZ8JXw+KgXTxldMPEL9
    5+qVhgXvwtihXC1c5oGbRlEDvDF6Sa53rcFVsYJ4ehde/zUxo6UvS7UrBQIDAQAB
    AoGAb/MXV46XxCFRxNuB8LyAtmLDgi/xRnTAlMHjSACddwkyKem8//8eZtw9fzxz
    bWZ/1/doQOuHBGYZU8aDzzj59FZ78dyzNFoF91hbvZKkg+6wGyd/LrGVEB+Xre0J
    Nil0GReM2AHDNZUYRv+HYJPIOrB0CRczLQsgFJ8K6aAD6F0CQQDzbpjYdx10qgK1
    cP59UHiHjPZYC0loEsk7s+hUmT3QHerAQJMZWC11Qrn2N+ybwwNblDKv+s5qgMQ5
    5tNoQ9IfAkEAxkyffU6ythpg/H0Ixe1I2rd0GbF05biIzO/i77Det3n4YsJVlDck
    ZkcvY3SK2iRIL4c9yY6hlIhs+K9wXTtGWwJBAO9Dskl48mO7woPR9uD22jDpNSwe
    k90OMepTjzSvlhjbfuPN1IdhqvSJTDychRwn1kIJ7LQZgQ8fVz9OCFZ/6qMCQGOb
    qaGwHmUK6xzpUbbacnYrIM6nLSkXgOAwv7XXCojvY614ILTK3iXiLBOxPu5Eu13k
    eUz9sHyD6vkgZzjtxXECQAkp4Xerf5TGfQXGXhxIX52yH+N2LtujCdkQZjXAsGdm
    B2zNzvrlgRmgBrklMTrMYgm1NPcW+bRLGcwgW2PTvNM=
    -----END RSA PRIVATE KEY-----
    EOD;
    
    $publicKey = <<<EOD
    -----BEGIN PUBLIC KEY-----
    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8kGa1pSjbSYZVebtTRBLxBz5H
    4i2p/llLCrEeQhta5kaQu/RnvuER4W8oDH3+3iuIYW4VQAzyqFpwuzjkDI+17t5t
    0tyazyZ8JXw+KgXTxldMPEL95+qVhgXvwtihXC1c5oGbRlEDvDF6Sa53rcFVsYJ4
    ehde/zUxo6UvS7UrBQIDAQAB
    -----END PUBLIC KEY-----
    EOD;
    
    $token = array(
        "iss" => "example.org",
        "aud" => "example.com",
        "iat" => 1356999524,
        "nbf" => 1357000000
    );
    
    $jwt = JWT::encode($token, $privateKey, 'RS256');
    echo "Encode:
    " . print_r($jwt, true) . "
    ";
    
    $decoded = JWT::decode($jwt, $publicKey, array('RS256'));
    
    /*
     NOTE: This will now be an object instead of an associative array. To get
     an associative array, you will need to cast it as such:
    */
    
    $decoded_array = (array) $decoded;
    echo "Decode:
    " . print_r($decoded_array, true) . "
    ";
    ?>

    Changelog

    5.0.0 / 2017-06-26

    4.0.0 / 2016-07-17

    • Add support for late static binding. See #88 for details. Thanks to @chappy84!
    • Use static $timestamp instead of time() to improve unit testing. See #93 for details. Thanks to @josephmcdermott!
    • Fixes to exceptions classes. See #81 for details. Thanks to @Maks3w!
    • Fixes to PHPDoc. See #76 for details. Thanks to @akeeman!

    3.0.0 / 2015-07-22

    • Minimum PHP version updated from 5.2.0 to 5.3.0.
    • Add FirebaseJWT namespace. See #59 for details. Thanks to @Dashron!
    • Require a non-empty key to decode and verify a JWT. See #60 for details. Thanks to @sjones608!
    • Cleaner documentation blocks in the code. See #62 for details. Thanks to @johanderuijter!

    2.2.0 / 2015-06-22

    • Add support for adding custom, optional JWT headers to JWT::encode(). See #53 for details. Thanks to @mcocaro!

    2.1.0 / 2015-05-20

    • Add support for adding a leeway to JWT:decode() that accounts for clock skew between signing and verifying entities. Thanks to @lcabral!
    • Add support for passing an object implementing the ArrayAccess interface for $keys argument in JWT::decode(). Thanks to @aztech-dev!

    2.0.0 / 2015-04-01

    • Note: It is strongly recommended that you update to > v2.0.0 to address known security vulnerabilities in prior versions when both symmetric and asymmetric keys are used together.
    • Update signature for JWT::decode(...) to require an array of supported algorithms to use when verifying token signatures.

    Tests

    Run the tests using phpunit:

    $ pear install PHPUnit
    $ phpunit --configuration phpunit.xml.dist
    PHPUnit 3.7.10 by Sebastian Bergmann.
    .....
    Time: 0 seconds, Memory: 2.50Mb
    OK (5 tests, 5 assertions)

    New Lines in private keys

    If your private key contains   characters, be sure to wrap it in double quotes "" and not single quotes '' in order to properly interpret the escaped characters.

    License

    3-Clause BSD.

  • 相关阅读:
    gw经销商上传部分代码
    lib
    【转】sql server的随机函数newID()和RAND()
    【源码】仿qq记住登录信息
    关于ConfigurationManager类
    oracle 10 协议适配器错误解决办法
    配置对象数据源时,无法找到业务对象的解决办法
    private的由来,让能你很容易地区分private与protected的用法!
    大树扎根不稳,缘何不倒?
    Html服务器控件常用属性InnerHtml属性及InnerText属性的区别
  • 原文地址:https://www.cnblogs.com/wzjwffg/p/9884007.html
Copyright © 2011-2022 走看看