Rev 637 | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 637 | Rev 679 | ||
|---|---|---|---|
| Line 25... | Line 25... | ||
| 25 | 25 | ||
| 26 | Example |
26 | Example |
| 27 | ------- |
27 | ------- |
| 28 | ```php |
28 | ```php |
| 29 | use Firebase\JWT\JWT; |
29 | use Firebase\JWT\JWT; |
| - | 30 | use Firebase\JWT\Key; |
|
| 30 | 31 | ||
| 31 | $key = "example_key"; |
32 | $key = "example_key"; |
| 32 | $payload = array( |
33 | $payload = array( |
| 33 | "iss" => "http://example.org", |
34 | "iss" => "http://example.org", |
| 34 | "aud" => "http://example.com", |
35 | "aud" => "http://example.com", |
| Line 40... | Line 41... | ||
| 40 | * IMPORTANT: |
41 | * IMPORTANT: |
| 41 | * You must specify supported algorithms for your application. See |
42 | * You must specify supported algorithms for your application. See |
| 42 | * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40 |
43 | * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40 |
| 43 | * for a list of spec-compliant algorithms. |
44 | * for a list of spec-compliant algorithms. |
| 44 | */ |
45 | */ |
| 45 | $jwt = JWT::encode($payload, $key); |
46 | $jwt = JWT::encode($payload, $key, 'HS256'); |
| 46 | $decoded = JWT::decode($jwt, $key, array('HS256')); |
47 | $decoded = JWT::decode($jwt, new Key($key, 'HS256')); |
| 47 | 48 | ||
| 48 | print_r($decoded); |
49 | print_r($decoded); |
| 49 | 50 | ||
| 50 | /* |
51 | /* |
| 51 | NOTE: This will now be an object instead of an associative array. To get |
52 | NOTE: This will now be an object instead of an associative array. To get |
| Line 60... | Line 61... | ||
| 60 | * not be bigger than a few minutes. |
61 | * not be bigger than a few minutes. |
| 61 | * |
62 | * |
| 62 | * Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef |
63 | * Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef |
| 63 | */ |
64 | */ |
| 64 | JWT::$leeway = 60; // $leeway in seconds |
65 | JWT::$leeway = 60; // $leeway in seconds |
| 65 | $decoded = JWT::decode($jwt, $key, array('HS256')); |
66 | $decoded = JWT::decode($jwt, new Key($key, 'HS256')); |
| 66 | ``` |
67 | ``` |
| 67 | Example with RS256 (openssl) |
68 | Example with RS256 (openssl) |
| 68 | ---------------------------- |
69 | ---------------------------- |
| 69 | ```php |
70 | ```php |
| 70 | use Firebase\JWT\JWT; |
71 | use Firebase\JWT\JWT; |
| - | 72 | use Firebase\JWT\Key; |
|
| 71 | 73 | ||
| 72 | $privateKey = <<<EOD |
74 | $privateKey = <<<EOD |
| 73 | -----BEGIN RSA PRIVATE KEY----- |
75 | -----BEGIN RSA PRIVATE KEY----- |
| 74 | MIICXAIBAAKBgQC8kGa1pSjbSYZVebtTRBLxBz5H4i2p/llLCrEeQhta5kaQu/Rn |
76 | MIICXAIBAAKBgQC8kGa1pSjbSYZVebtTRBLxBz5H4i2p/llLCrEeQhta5kaQu/Rn |
| 75 | vuER4W8oDH3+3iuIYW4VQAzyqFpwuzjkDI+17t5t0tyazyZ8JXw+KgXTxldMPEL9 |
77 | vuER4W8oDH3+3iuIYW4VQAzyqFpwuzjkDI+17t5t0tyazyZ8JXw+KgXTxldMPEL9 |
| Line 104... | Line 106... | ||
| 104 | ); |
106 | ); |
| 105 | 107 | ||
| 106 | $jwt = JWT::encode($payload, $privateKey, 'RS256'); |
108 | $jwt = JWT::encode($payload, $privateKey, 'RS256'); |
| 107 | echo "Encode:\n" . print_r($jwt, true) . "\n"; |
109 | echo "Encode:\n" . print_r($jwt, true) . "\n"; |
| 108 | 110 | ||
| 109 | $decoded = JWT::decode($jwt, $publicKey, array('RS256')); |
111 | $decoded = JWT::decode($jwt, new Key($publicKey, 'RS256')); |
| 110 | 112 | ||
| 111 | /* |
113 | /* |
| 112 | NOTE: This will now be an object instead of an associative array. To get |
114 | NOTE: This will now be an object instead of an associative array. To get |
| 113 | an associative array, you will need to cast it as such: |
115 | an associative array, you will need to cast it as such: |
| 114 | */ |
116 | */ |
| Line 119... | Line 121... | ||
| 119 | 121 | ||
| 120 | Example with a passphrase |
122 | Example with a passphrase |
| 121 | ------------------------- |
123 | ------------------------- |
| 122 | 124 | ||
| 123 | ```php |
125 | ```php |
| - | 126 | use Firebase\JWT\JWT; |
|
| - | 127 | use Firebase\JWT\Key; |
|
| - | 128 | ||
| 124 | // Your passphrase |
129 | // Your passphrase |
| 125 | $passphrase = '[YOUR_PASSPHRASE]'; |
130 | $passphrase = '[YOUR_PASSPHRASE]'; |
| 126 | 131 | ||
| 127 | // Your private key file with passphrase |
132 | // Your private key file with passphrase |
| 128 | // Can be generated with "ssh-keygen -t rsa -m pem" |
133 | // Can be generated with "ssh-keygen -t rsa -m pem" |
| Line 145... | Line 150... | ||
| 145 | echo "Encode:\n" . print_r($jwt, true) . "\n"; |
150 | echo "Encode:\n" . print_r($jwt, true) . "\n"; |
| 146 | 151 | ||
| 147 | // Get public key from the private key, or pull from from a file. |
152 | // Get public key from the private key, or pull from from a file. |
| 148 | $publicKey = openssl_pkey_get_details($privateKey)['key']; |
153 | $publicKey = openssl_pkey_get_details($privateKey)['key']; |
| 149 | 154 | ||
| 150 | $decoded = JWT::decode($jwt, $publicKey, array('RS256')); |
155 | $decoded = JWT::decode($jwt, new Key($publicKey, 'RS256')); |
| 151 | echo "Decode:\n" . print_r((array) $decoded, true) . "\n"; |
156 | echo "Decode:\n" . print_r((array) $decoded, true) . "\n"; |
| 152 | ``` |
157 | ``` |
| 153 | 158 | ||
| 154 | Example with EdDSA (libsodium and Ed25519 signature) |
159 | Example with EdDSA (libsodium and Ed25519 signature) |
| 155 | ---------------------------- |
160 | ---------------------------- |
| 156 | ```php |
161 | ```php |
| 157 | use Firebase\JWT\JWT; |
162 | use Firebase\JWT\JWT; |
| - | 163 | use Firebase\JWT\Key; |
|
| 158 | 164 | ||
| 159 | // Public and private keys are expected to be Base64 encoded. The last |
165 | // Public and private keys are expected to be Base64 encoded. The last |
| 160 | // non-empty line is used so that keys can be generated with |
166 | // non-empty line is used so that keys can be generated with |
| 161 | // sodium_crypto_sign_keypair(). The secret keys generated by other tools may |
167 | // sodium_crypto_sign_keypair(). The secret keys generated by other tools may |
| 162 | // need to be adjusted to match the input expected by libsodium. |
168 | // need to be adjusted to match the input expected by libsodium. |
| Line 175... | Line 181... | ||
| 175 | ); |
181 | ); |
| 176 | 182 | ||
| 177 | $jwt = JWT::encode($payload, $privateKey, 'EdDSA'); |
183 | $jwt = JWT::encode($payload, $privateKey, 'EdDSA'); |
| 178 | echo "Encode:\n" . print_r($jwt, true) . "\n"; |
184 | echo "Encode:\n" . print_r($jwt, true) . "\n"; |
| 179 | 185 | ||
| 180 | $decoded = JWT::decode($jwt, $publicKey, array('EdDSA')); |
186 | $decoded = JWT::decode($jwt, new Key($publicKey, 'EdDSA')); |
| 181 | echo "Decode:\n" . print_r((array) $decoded, true) . "\n"; |
187 | echo "Decode:\n" . print_r((array) $decoded, true) . "\n"; |
| 182 | ```` |
188 | ```` |
| 183 | 189 | ||
| 184 | Using JWKs |
190 | Using JWKs |
| 185 | ---------- |
191 | ---------- |
| Line 192... | Line 198... | ||
| 192 | // this endpoint: https://www.gstatic.com/iap/verify/public_key-jwk |
198 | // this endpoint: https://www.gstatic.com/iap/verify/public_key-jwk |
| 193 | $jwks = ['keys' => []]; |
199 | $jwks = ['keys' => []]; |
| 194 | 200 | ||
| 195 | // JWK::parseKeySet($jwks) returns an associative array of **kid** to private |
201 | // JWK::parseKeySet($jwks) returns an associative array of **kid** to private |
| 196 | // key. Pass this as the second parameter to JWT::decode. |
202 | // key. Pass this as the second parameter to JWT::decode. |
| - | 203 | // NOTE: The deprecated $supportedAlgorithm must be supplied when parsing from JWK. |
|
| 197 | JWT::decode($payload, JWK::parseKeySet($jwks), $supportedAlgorithm); |
204 | JWT::decode($payload, JWK::parseKeySet($jwks), $supportedAlgorithm); |
| 198 | ``` |
205 | ``` |
| 199 | 206 | ||
| 200 | Changelog |
207 | Changelog |
| 201 | --------- |
208 | --------- |