Rev 637 | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 637 | Rev 679 | ||
---|---|---|---|
Line 25... | Line 25... | ||
25 | 25 | ||
26 | Example |
26 | Example |
27 | ------- |
27 | ------- |
28 | ```php |
28 | ```php |
29 | use Firebase\JWT\JWT; |
29 | use Firebase\JWT\JWT; |
- | 30 | use Firebase\JWT\Key; |
|
30 | 31 | ||
31 | $key = "example_key"; |
32 | $key = "example_key"; |
32 | $payload = array( |
33 | $payload = array( |
33 | "iss" => "http://example.org", |
34 | "iss" => "http://example.org", |
34 | "aud" => "http://example.com", |
35 | "aud" => "http://example.com", |
Line 40... | Line 41... | ||
40 | * IMPORTANT: |
41 | * IMPORTANT: |
41 | * You must specify supported algorithms for your application. See |
42 | * You must specify supported algorithms for your application. See |
42 | * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40 |
43 | * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40 |
43 | * for a list of spec-compliant algorithms. |
44 | * for a list of spec-compliant algorithms. |
44 | */ |
45 | */ |
45 | $jwt = JWT::encode($payload, $key); |
46 | $jwt = JWT::encode($payload, $key, 'HS256'); |
46 | $decoded = JWT::decode($jwt, $key, array('HS256')); |
47 | $decoded = JWT::decode($jwt, new Key($key, 'HS256')); |
47 | 48 | ||
48 | print_r($decoded); |
49 | print_r($decoded); |
49 | 50 | ||
50 | /* |
51 | /* |
51 | NOTE: This will now be an object instead of an associative array. To get |
52 | NOTE: This will now be an object instead of an associative array. To get |
Line 60... | Line 61... | ||
60 | * not be bigger than a few minutes. |
61 | * not be bigger than a few minutes. |
61 | * |
62 | * |
62 | * Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef |
63 | * Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef |
63 | */ |
64 | */ |
64 | JWT::$leeway = 60; // $leeway in seconds |
65 | JWT::$leeway = 60; // $leeway in seconds |
65 | $decoded = JWT::decode($jwt, $key, array('HS256')); |
66 | $decoded = JWT::decode($jwt, new Key($key, 'HS256')); |
66 | ``` |
67 | ``` |
67 | Example with RS256 (openssl) |
68 | Example with RS256 (openssl) |
68 | ---------------------------- |
69 | ---------------------------- |
69 | ```php |
70 | ```php |
70 | use Firebase\JWT\JWT; |
71 | use Firebase\JWT\JWT; |
- | 72 | use Firebase\JWT\Key; |
|
71 | 73 | ||
72 | $privateKey = <<<EOD |
74 | $privateKey = <<<EOD |
73 | -----BEGIN RSA PRIVATE KEY----- |
75 | -----BEGIN RSA PRIVATE KEY----- |
74 | MIICXAIBAAKBgQC8kGa1pSjbSYZVebtTRBLxBz5H4i2p/llLCrEeQhta5kaQu/Rn |
76 | MIICXAIBAAKBgQC8kGa1pSjbSYZVebtTRBLxBz5H4i2p/llLCrEeQhta5kaQu/Rn |
75 | vuER4W8oDH3+3iuIYW4VQAzyqFpwuzjkDI+17t5t0tyazyZ8JXw+KgXTxldMPEL9 |
77 | vuER4W8oDH3+3iuIYW4VQAzyqFpwuzjkDI+17t5t0tyazyZ8JXw+KgXTxldMPEL9 |
Line 104... | Line 106... | ||
104 | ); |
106 | ); |
105 | 107 | ||
106 | $jwt = JWT::encode($payload, $privateKey, 'RS256'); |
108 | $jwt = JWT::encode($payload, $privateKey, 'RS256'); |
107 | echo "Encode:\n" . print_r($jwt, true) . "\n"; |
109 | echo "Encode:\n" . print_r($jwt, true) . "\n"; |
108 | 110 | ||
109 | $decoded = JWT::decode($jwt, $publicKey, array('RS256')); |
111 | $decoded = JWT::decode($jwt, new Key($publicKey, 'RS256')); |
110 | 112 | ||
111 | /* |
113 | /* |
112 | NOTE: This will now be an object instead of an associative array. To get |
114 | NOTE: This will now be an object instead of an associative array. To get |
113 | an associative array, you will need to cast it as such: |
115 | an associative array, you will need to cast it as such: |
114 | */ |
116 | */ |
Line 119... | Line 121... | ||
119 | 121 | ||
120 | Example with a passphrase |
122 | Example with a passphrase |
121 | ------------------------- |
123 | ------------------------- |
122 | 124 | ||
123 | ```php |
125 | ```php |
- | 126 | use Firebase\JWT\JWT; |
|
- | 127 | use Firebase\JWT\Key; |
|
- | 128 | ||
124 | // Your passphrase |
129 | // Your passphrase |
125 | $passphrase = '[YOUR_PASSPHRASE]'; |
130 | $passphrase = '[YOUR_PASSPHRASE]'; |
126 | 131 | ||
127 | // Your private key file with passphrase |
132 | // Your private key file with passphrase |
128 | // Can be generated with "ssh-keygen -t rsa -m pem" |
133 | // Can be generated with "ssh-keygen -t rsa -m pem" |
Line 145... | Line 150... | ||
145 | echo "Encode:\n" . print_r($jwt, true) . "\n"; |
150 | echo "Encode:\n" . print_r($jwt, true) . "\n"; |
146 | 151 | ||
147 | // Get public key from the private key, or pull from from a file. |
152 | // Get public key from the private key, or pull from from a file. |
148 | $publicKey = openssl_pkey_get_details($privateKey)['key']; |
153 | $publicKey = openssl_pkey_get_details($privateKey)['key']; |
149 | 154 | ||
150 | $decoded = JWT::decode($jwt, $publicKey, array('RS256')); |
155 | $decoded = JWT::decode($jwt, new Key($publicKey, 'RS256')); |
151 | echo "Decode:\n" . print_r((array) $decoded, true) . "\n"; |
156 | echo "Decode:\n" . print_r((array) $decoded, true) . "\n"; |
152 | ``` |
157 | ``` |
153 | 158 | ||
154 | Example with EdDSA (libsodium and Ed25519 signature) |
159 | Example with EdDSA (libsodium and Ed25519 signature) |
155 | ---------------------------- |
160 | ---------------------------- |
156 | ```php |
161 | ```php |
157 | use Firebase\JWT\JWT; |
162 | use Firebase\JWT\JWT; |
- | 163 | use Firebase\JWT\Key; |
|
158 | 164 | ||
159 | // Public and private keys are expected to be Base64 encoded. The last |
165 | // Public and private keys are expected to be Base64 encoded. The last |
160 | // non-empty line is used so that keys can be generated with |
166 | // non-empty line is used so that keys can be generated with |
161 | // sodium_crypto_sign_keypair(). The secret keys generated by other tools may |
167 | // sodium_crypto_sign_keypair(). The secret keys generated by other tools may |
162 | // need to be adjusted to match the input expected by libsodium. |
168 | // need to be adjusted to match the input expected by libsodium. |
Line 175... | Line 181... | ||
175 | ); |
181 | ); |
176 | 182 | ||
177 | $jwt = JWT::encode($payload, $privateKey, 'EdDSA'); |
183 | $jwt = JWT::encode($payload, $privateKey, 'EdDSA'); |
178 | echo "Encode:\n" . print_r($jwt, true) . "\n"; |
184 | echo "Encode:\n" . print_r($jwt, true) . "\n"; |
179 | 185 | ||
180 | $decoded = JWT::decode($jwt, $publicKey, array('EdDSA')); |
186 | $decoded = JWT::decode($jwt, new Key($publicKey, 'EdDSA')); |
181 | echo "Decode:\n" . print_r((array) $decoded, true) . "\n"; |
187 | echo "Decode:\n" . print_r((array) $decoded, true) . "\n"; |
182 | ```` |
188 | ```` |
183 | 189 | ||
184 | Using JWKs |
190 | Using JWKs |
185 | ---------- |
191 | ---------- |
Line 192... | Line 198... | ||
192 | // this endpoint: https://www.gstatic.com/iap/verify/public_key-jwk |
198 | // this endpoint: https://www.gstatic.com/iap/verify/public_key-jwk |
193 | $jwks = ['keys' => []]; |
199 | $jwks = ['keys' => []]; |
194 | 200 | ||
195 | // JWK::parseKeySet($jwks) returns an associative array of **kid** to private |
201 | // JWK::parseKeySet($jwks) returns an associative array of **kid** to private |
196 | // key. Pass this as the second parameter to JWT::decode. |
202 | // key. Pass this as the second parameter to JWT::decode. |
- | 203 | // NOTE: The deprecated $supportedAlgorithm must be supplied when parsing from JWK. |
|
197 | JWT::decode($payload, JWK::parseKeySet($jwks), $supportedAlgorithm); |
204 | JWT::decode($payload, JWK::parseKeySet($jwks), $supportedAlgorithm); |
198 | ``` |
205 | ``` |
199 | 206 | ||
200 | Changelog |
207 | Changelog |
201 | --------- |
208 | --------- |