JWT
in package
The JWT Class
Table of Contents
- ASN1_BIT_STRING = 0x3
- ASN1_INTEGER = 0x2
- ASN1_SEQUENCE = 0x10
- $leeway : mixed
- When checking nbf, iat or expiration times, we want to provide some extra leeway time to account for clock skew.
- $timestamp : mixed
- Allow the current timestamp to be specified.
- $supported_algs : array<, mixed>
- decode() : object
- Decodes a JWT string into a PHP object.
- encode() : string
- Converts and signs a PHP object or array into a JWT string.
- jsonDecode() : object
- Decode a JSON string into a PHP object.
- jsonEncode() : string
- Encode a PHP object into a JSON string.
- sign() : string
- Sign a string with a given key and algorithm.
- urlsafeB64Decode() : string
- Decode a string with URL-safe Base64.
- urlsafeB64Encode() : string
- Encode a string with URL-safe Base64.
- encodeDER() : string
- Encodes a value into a DER object.
- handleJsonError() : void
- Helper method to create a JSON error.
- readDER() : array<, mixed>
- Reads binary DER-encoded data and decodes into a single object
- safeStrlen() : int
- Get the number of bytes in cryptographic strings.
- signatureFromDER() : string
- Encodes signature from a DER object.
- signatureToDER() : string
- Convert an ECDSA signature to an ASN.1 DER sequence
- verify() : bool
- Verify a signature with the message, key and method. Not all methods are symmetric, so we must have a separate verify and sign method.
Constants
ASN1_BIT_STRING
private
mixed
ASN1_BIT_STRING
= 0x3
ASN1_INTEGER
private
mixed
ASN1_INTEGER
= 0x2
ASN1_SEQUENCE
private
mixed
ASN1_SEQUENCE
= 0x10
Properties
$leeway
When checking nbf, iat or expiration times, we want to provide some extra leeway time to account for clock skew.
public
static mixed
$leeway
= 0
$timestamp
Allow the current timestamp to be specified.
public
static mixed
$timestamp
= null
Useful for fixing a value within unit testing.
Will default to PHP time() value if null.
$supported_algs
private
static array<, mixed>
$supported_algs
= ['ES256' => ['openssl', 'SHA256'], 'HS256' => ['hash_hmac', 'SHA256'], 'HS512' => ['hash_hmac', 'SHA512'], 'HS384' => ['hash_hmac', 'SHA384'], 'RS256' => ['openssl', 'SHA256'], 'RS384' => ['openssl', 'SHA384'], 'RS512' => ['openssl', 'SHA512']]
Hash algorthms that this supports
Methods
decode()
Decodes a JWT string into a PHP object.
public
static decode(string $jwt, $key[, array<, mixed> $allowed_algs = [] ]) : object
Parameters
- $jwt : string
-
The JWT
- $key :
-
The key, or map of keys. If the algorithm used is asymmetric, this is the public key
- $allowed_algs : array<, mixed> = []
-
List of supported verification algorithms Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256'
Tags
Return values
object —The JWT's payload as a PHP object
encode()
Converts and signs a PHP object or array into a JWT string.
public
static encode( $payload, string $key[, string $alg = 'HS256' ][, mixed $keyId = null ][, array<, mixed> $head = null ]) : string
Parameters
- $payload :
-
PHP object or array
- $key : string
-
The secret key. If the algorithm used is asymmetric, this is the private key
- $alg : string = 'HS256'
-
The signing algorithm. Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256'
- $keyId : mixed = null
- $head : array<, mixed> = null
-
An array with header elements to attach
Tags
Return values
string —A signed JWT
jsonDecode()
Decode a JSON string into a PHP object.
public
static jsonDecode(string $input) : object
Parameters
- $input : string
-
JSON string
Tags
Return values
object —Object representation of JSON string
jsonEncode()
Encode a PHP object into a JSON string.
public
static jsonEncode( $input) : string
Parameters
- $input :
-
A PHP object or array
Tags
Return values
string —JSON representation of the PHP object or array
sign()
Sign a string with a given key and algorithm.
public
static sign(string $msg, $key[, string $alg = 'HS256' ]) : string
Parameters
- $msg : string
-
The message to sign
- $key :
-
The secret key
- $alg : string = 'HS256'
-
The signing algorithm. Supported algorithms are 'HS256', 'HS384', 'HS512' and 'RS256'
Tags
Return values
string —urlsafeB64Decode()
Decode a string with URL-safe Base64.
public
static urlsafeB64Decode(string $input) : string
Parameters
- $input : string
-
A Base64 encoded string
Return values
string —A decoded string
urlsafeB64Encode()
Encode a string with URL-safe Base64.
public
static urlsafeB64Encode(string $input) : string
Parameters
- $input : string
-
The string you want encoded
Return values
string —The base64 encode of what you passed in
encodeDER()
Encodes a value into a DER object.
private
static encodeDER(int $type, string $value) : string
Parameters
- $type : int
-
DER tag
- $value : string
-
the value to encode
Return values
string —the encoded object
handleJsonError()
Helper method to create a JSON error.
private
static handleJsonError(int $errno) : void
Parameters
- $errno : int
-
An error number from json_last_error()
Return values
void —readDER()
Reads binary DER-encoded data and decodes into a single object
private
static readDER(string $der, int $offset) : array<, mixed>
Parameters
- $der : string
-
the binary data in DER format
- $offset : int
-
the offset of the data stream containing the object to decode
Return values
array<, mixed> —[$offset, $data] the new offset and the decoded object
safeStrlen()
Get the number of bytes in cryptographic strings.
private
static safeStrlen(string $str) : int
Parameters
- $str : string
Return values
int —signatureFromDER()
Encodes signature from a DER object.
private
static signatureFromDER(string $der, int $keySize) : string
Parameters
- $der : string
-
binary signature in DER format
- $keySize : int
-
the number of bits in the key
Return values
string —the signature
signatureToDER()
Convert an ECDSA signature to an ASN.1 DER sequence
private
static signatureToDER(string $sig) : string
Parameters
- $sig : string
-
The ECDSA signature to convert
Return values
string —The encoded DER object
verify()
Verify a signature with the message, key and method. Not all methods are symmetric, so we must have a separate verify and sign method.
private
static verify(string $msg, string $signature, $key, string $alg) : bool
Parameters
- $msg : string
-
The original message (header and body)
- $signature : string
-
The original signature
- $key :
-
For HS*, a string key works. for RS*, must be a resource of an openssl public key
- $alg : string
-
The algorithm