Documentation

JWT
in package

The JWT Class

Table of Contents

ASN1_BIT_STRING  = 0x3
ASN1_INTEGER  = 0x2
ASN1_SEQUENCE  = 0x10
$leeway  : mixed
When checking nbf, iat or expiration times, we want to provide some extra leeway time to account for clock skew.
$timestamp  : mixed
Allow the current timestamp to be specified.
$supported_algs  : array<, mixed>
decode()  : object
Decodes a JWT string into a PHP object.
encode()  : string
Converts and signs a PHP object or array into a JWT string.
jsonDecode()  : object
Decode a JSON string into a PHP object.
jsonEncode()  : string
Encode a PHP object into a JSON string.
sign()  : string
Sign a string with a given key and algorithm.
urlsafeB64Decode()  : string
Decode a string with URL-safe Base64.
urlsafeB64Encode()  : string
Encode a string with URL-safe Base64.
encodeDER()  : string
Encodes a value into a DER object.
handleJsonError()  : void
Helper method to create a JSON error.
readDER()  : array<, mixed>
Reads binary DER-encoded data and decodes into a single object
safeStrlen()  : int
Get the number of bytes in cryptographic strings.
signatureFromDER()  : string
Encodes signature from a DER object.
signatureToDER()  : string
Convert an ECDSA signature to an ASN.1 DER sequence
verify()  : bool
Verify a signature with the message, key and method. Not all methods are symmetric, so we must have a separate verify and sign method.

Constants

ASN1_BIT_STRING

private mixed ASN1_BIT_STRING = 0x3

ASN1_INTEGER

private mixed ASN1_INTEGER = 0x2

ASN1_SEQUENCE

private mixed ASN1_SEQUENCE = 0x10

Properties

$leeway

When checking nbf, iat or expiration times, we want to provide some extra leeway time to account for clock skew.

public static mixed $leeway = 0

$timestamp

Allow the current timestamp to be specified.

public static mixed $timestamp = null

Useful for fixing a value within unit testing.

Will default to PHP time() value if null.

$supported_algs

private static array<, mixed> $supported_algs = ['ES256' => ['openssl', 'SHA256'], 'HS256' => ['hash_hmac', 'SHA256'], 'HS512' => ['hash_hmac', 'SHA512'], 'HS384' => ['hash_hmac', 'SHA384'], 'RS256' => ['openssl', 'SHA256'], 'RS384' => ['openssl', 'SHA384'], 'RS512' => ['openssl', 'SHA512']]

Hash algorthms that this supports

Methods

decode()

Decodes a JWT string into a PHP object.

public static decode(string $jwt,  $key[, array<, mixed> $allowed_algs = [] ]) : object
Parameters
$jwt : string

The JWT

$key :

The key, or map of keys. If the algorithm used is asymmetric, this is the public key

$allowed_algs : array<, mixed> = []

List of supported verification algorithms Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256'

Tags
throws
UnexpectedValueException

Provided JWT was invalid

throws
SignatureInvalidException

Provided JWT was invalid because the signature verification failed

throws
BeforeValidException

Provided JWT is trying to be used before it's eligible as defined by 'nbf'

throws
BeforeValidException

Provided JWT is trying to be used before it's been created as defined by 'iat'

throws
ExpiredException

Provided JWT has since expired, as defined by the 'exp' claim

uses
jsonDecode
uses
urlsafeB64Decode
Return values
object

The JWT's payload as a PHP object

encode()

Converts and signs a PHP object or array into a JWT string.

public static encode( $payload, string $key[, string $alg = 'HS256' ][, mixed $keyId = null ][, array<, mixed> $head = null ]) : string
Parameters
$payload :

PHP object or array

$key : string

The secret key. If the algorithm used is asymmetric, this is the private key

$alg : string = 'HS256'

The signing algorithm. Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256'

$keyId : mixed = null
$head : array<, mixed> = null

An array with header elements to attach

Tags
uses
jsonEncode
uses
urlsafeB64Encode
Return values
string

A signed JWT

jsonDecode()

Decode a JSON string into a PHP object.

public static jsonDecode(string $input) : object
Parameters
$input : string

JSON string

Tags
throws
DomainException

Provided string was invalid JSON

Return values
object

Object representation of JSON string

jsonEncode()

Encode a PHP object into a JSON string.

public static jsonEncode( $input) : string
Parameters
$input :

A PHP object or array

Tags
throws
DomainException

Provided object could not be encoded to valid JSON

Return values
string

JSON representation of the PHP object or array

sign()

Sign a string with a given key and algorithm.

public static sign(string $msg,  $key[, string $alg = 'HS256' ]) : string
Parameters
$msg : string

The message to sign

$key :

The secret key

$alg : string = 'HS256'

The signing algorithm. Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256'

Tags
throws
DomainException

Unsupported algorithm was specified

psalm-suppress

InvalidNullableReturnType

Return values
string

urlsafeB64Decode()

Decode a string with URL-safe Base64.

public static urlsafeB64Decode(string $input) : string
Parameters
$input : string

A Base64 encoded string

Return values
string

A decoded string

urlsafeB64Encode()

Encode a string with URL-safe Base64.

public static urlsafeB64Encode(string $input) : string
Parameters
$input : string

The string you want encoded

Return values
string

The base64 encode of what you passed in

encodeDER()

Encodes a value into a DER object.

private static encodeDER(int $type, string $value) : string
Parameters
$type : int

DER tag

$value : string

the value to encode

Return values
string

the encoded object

handleJsonError()

Helper method to create a JSON error.

private static handleJsonError(int $errno) : void
Parameters
$errno : int

An error number from json_last_error()

Return values
void

readDER()

Reads binary DER-encoded data and decodes into a single object

private static readDER(string $der, int $offset) : array<, mixed>
Parameters
$der : string

the binary data in DER format

$offset : int

the offset of the data stream containing the object to decode

Return values
array<, mixed>

[$offset, $data] the new offset and the decoded object

safeStrlen()

Get the number of bytes in cryptographic strings.

private static safeStrlen(string $str) : int
Parameters
$str : string
Return values
int

signatureFromDER()

Encodes signature from a DER object.

private static signatureFromDER(string $der, int $keySize) : string
Parameters
$der : string

binary signature in DER format

$keySize : int

the number of bits in the key

Return values
string

the signature

signatureToDER()

Convert an ECDSA signature to an ASN.1 DER sequence

private static signatureToDER(string $sig) : string
Parameters
$sig : string

The ECDSA signature to convert

Return values
string

The encoded DER object

verify()

Verify a signature with the message, key and method. Not all methods are symmetric, so we must have a separate verify and sign method.

private static verify(string $msg, string $signature,  $key, string $alg) : bool
Parameters
$msg : string

The original message (header and body)

$signature : string

The original signature

$key :

For HS*, a string key works. for RS*, must be a resource of an openssl public key

$alg : string

The algorithm

Tags
throws
DomainException

Invalid Algorithm or OpenSSL failure

Return values
bool

Search results