Skip to content
/ jose-jwt Public

Javascript Object Signing and Encryption PHP library, supporting signed JSON Web Tokens JWT and encrypted JSON Web Encryption JWE

License

MIT license
7 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tmilos/jose-jwt

BranchesTags

Repository files navigation

jose-jwt

Javascript Object Signing and Encryption JOSE PHP library, supporting JSON Web Tokens JWT and JSON Web Encryption JWE.

Author License Build Status Coverage Status HHVM Status Scrutinizer Code Quality

JWT algorithms

Supported signing algorithms

JWS Algorithm
none
HS256
HS384
HS512
RS256
RS384
RS512

JWE algorithms and encryptions

Supported JWE algorithms

JWE Algorithm
RSA1_5
RSA-OAEP
A128KW
A192KW
A256KW
dir

Supported JWE encryption

JWE Encryption
A128CBC-HS256
A192CBC-HS384
A256CBC-HS512

JWT API

$factory = new \Tmilos\JoseJwt\Context\DefaultContextFactory();
$context = $factory->get();

$payload = ['msg' => 'Hello!'];
$extraHeader = ['iam'=>'my-id'];

// plain (no signature) token
$token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, null, \Tmilos\JoseJwt\Jws\JwsAlgorithm::NONE, $extraHeader);

// HS256 signature
$secret = '...'; // 256 bits secret
$token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS256, $extraHeader);

// HS384 signature
$secret = '...'; // 256 bits secret
$token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS384, $extraHeader);

// HS512 signature
$secret = '...'; // 256 bits secret
$token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS512, $extraHeader);

// RS256
$privateKey = openssl_get_privatekey($filename);
$token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS256, $extraHeader);

// RS384
$privateKey = openssl_get_privatekey($filename);
$token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS384, $extraHeader);

// RS512
$privateKey = openssl_get_privatekey($filename);
$token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS512, $extraHeader);

// decode
$header = \Tmilos\JoseJwt\Jwt::header($token);
// eventually also use other header data to indicate which key should be used
switch($header['alg']) {
    case \Tmilos\JoseJwt\Jws\JwsAlgorithm::NONE:
        $key = null;
        break;
    case \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS256:
    case \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS384:
    case \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS512:
        $key = $secret;
        break;
    case \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS256:
    case \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS384:
    case \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS512:
        $key = $publicKey;
        break;
}
$payload = \Tmilos\JoseJwt\JWT::decode($context, $token, $key);

JWE API

$factory = new \Tmilos\JoseJwt\Context\DefaultContextFactory();
$context = $factory->get();

// Symmetric
$payload = ['msg' => 'Hello!'];
$extraHeader = ['iam'=>'my-id'];

// DIR - A128CBC-HS256
$secret = '...'; // 256 bits secret
$token = \Tmilos\JoseJwt\Jwe::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jwe\JweAlgorithm::DIR, \Tmilos\JoseJwt\Jwe\JweEncryption::A128CBC_HS256, $extraHeaders);

// DIR - A192CBC-HS384
$secret = '...'; // 384 bits secret
$token = \Tmilos\JoseJwt\Jwe::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jwe\JweAlgorithm::DIR, \Tmilos\JoseJwt\Jwe\JweEncryption::A192CBC_HS384, $extraHeaders);

// DIR - A256CBC-HS512
$secret = '...'; // 512 bits secret
$token = \Tmilos\JoseJwt\Jwe::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jwe\JweAlgorithm::DIR, \Tmilos\JoseJwt\Jwe\JweEncryption::A256CBC_HS512, $extraHeaders);

// decode
$payload = \Tmilos\JoseJwt\Jwe::decode($context, $token, $secret);

// RSA
$myPrivateKey = openssl_get_privatekey();
$partyPublicKey = openssl_get_publickey();

// RSA_OAEP - A128CBC-HS256
$token = \Tmilos\JoseJwt\Jwe::encode($context, $payload, $partyPublicKey, \Tmilos\JoseJwt\Jwe\JweAlgorithm::RSA_OAEP, \Tmilos\JoseJwt\Jwe\JweEncryption::A128CBC_HS256, $extraHeaders);

// RSA_OAEP - A256CBC-HS512
$token = \Tmilos\JoseJwt\Jwe::encode($context, $payload, $partyPublicKey, \Tmilos\JoseJwt\Jwe\JweAlgorithm::RSA_OAEP, \Tmilos\JoseJwt\Jwe\JweEncryption::A256CBC_HS512, $extraHeaders);

// decode
$payload = \Tmilos\JoseJwt\Jwe::decode($context, $token, $myPrivateKey);

// read header w/out decryption
$header = \Tmilos\Tmilos\JoseJwt\Jwe::decode($token); // {"alg": "A192KW", "enc": "A128CBC-HS256", "typ": "JWT", "custom": "X"}

About

Javascript Object Signing and Encryption PHP library, supporting signed JSON Web Tokens JWT and encrypted JSON Web Encryption JWE

Topics

php jwt jose-jwt

Resources

Readme

License

MIT license
Activity

Stars

7 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases 3

2.0.0 Latest
Jan 26, 2017
+ 2 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages