## adhocore/jwt
If you are new to JWT or want to refresh your familiarity with it, please check [jwt.io](https://jwt.io/)
[![Latest Version](https://img.shields.io/github/release/adhocore/php-jwt.svg?style=flat-square)](https://github.com/adhocore/php-jwt/releases)
[![Build](https://github.com/adhocore/php-jwt/actions/workflows/build.yml/badge.svg)](https://github.com/adhocore/php-jwt/actions/workflows/build.yml)
[![Scrutinizer CI](https://img.shields.io/scrutinizer/g/adhocore/php-jwt.svg?style=flat-square)](https://scrutinizer-ci.com/g/adhocore/php-jwt/?branch=master)
[![Codecov branch](https://img.shields.io/codecov/c/github/adhocore/php-jwt/master.svg?style=flat-square)](https://codecov.io/gh/adhocore/php-jwt)
[![StyleCI](https://styleci.io/repos/88168137/shield)](https://styleci.io/repos/88168137)
[![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE)
[![Donate 15](https://img.shields.io/badge/donate-paypal-blue.svg?style=flat-square&label=donate+15)](https://www.paypal.me/ji10/15usd)
[![Donate 25](https://img.shields.io/badge/donate-paypal-blue.svg?style=flat-square&label=donate+25)](https://www.paypal.me/ji10/25usd)
[![Donate 50](https://img.shields.io/badge/donate-paypal-blue.svg?style=flat-square&label=donate+50)](https://www.paypal.me/ji10/50usd)
[![Tweet](https://img.shields.io/twitter/url/http/shields.io.svg?style=social)](https://twitter.com/intent/tweet?text=Lightweight+JSON+Web+Token+JWT+library+for+PHP7&url=https://github.com/adhocore/php-jwt&hashtags=php,jwt,auth)
- Lightweight JSON Web Token (JWT) library for PHP7.
- Zero dependency (no vendor bloat).
- If you still use PHP5.6, use version [0.1.2](https://github.com/adhocore/php-jwt/releases/tag/0.1.2)
## Installation
```sh
# PHP7.0+
composer require adhocore/jwt
# PHP5.6
composer require adhocore/jwt:0.1.2
# For PHP5.4-5.5, use version 0.1.2 with a polyfill for https://php.net/hash_equals
```
## Features
- Six algorithms supported:
```
'HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512'
```
- `kid` support.
- Leeway support 0-120 seconds.
- Timestamp spoofing for tests.
- Passphrase support for `RS*` algos.
## Usage
```php
use Ahc\Jwt\JWT;
// Instantiate with key, algo, maxAge and leeway.
$jwt = new JWT('secret', 'HS256', 3600, 10);
```
> Only the key is required. Defaults will be used for the rest:
```php
$jwt = new JWT('secret');
// algo = HS256, maxAge = 3600, leeway = 0
```
> For `RS*` algo, the key should be either a resource like below:
```php
$key = openssl_pkey_new([
'digest_alg' => 'sha256',
'private_key_bits' => 1024,
'private_key_type' => OPENSSL_KEYTYPE_RSA,
]);
```
> OR, a string with full path to the RSA private key like below:
```php
$key = '/path/to/rsa.key';
// Then, instantiate JWT with this key and RS* as algo:
$jwt = new JWT($key, 'RS384');
```
***Pro***
You dont need to specify pub key path, that is deduced from priv key.
> Generate JWT token from payload array:
```php
$token = $jwt->encode([
'uid' => 1,
'aud' => 'http://site.com',
'scopes' => ['user'],
'iss' => 'http://api.mysite.com',
]);
```
> Retrieve the payload array:
```php
$payload = $jwt->decode($token);
```
> Oneliner:
```php
$token = (new JWT('topSecret', 'HS512', 1800))->encode(['uid' => 1, 'scopes' => ['user']]);
$payload = (new JWT('topSecret', 'HS512', 1800))->decode($token);
```
***Pro***
> Can pass extra headers into encode() with second parameter:
```php
$token = $jwt->encode($payload, ['hdr' => 'hdr_value']);
```
#### Test mocking
> Spoof time() for testing token expiry:
```php
$jwt->setTestTimestamp(time() + 10000);
// Throws Exception.
$jwt->parse($token);
```
> Call again without parameter to stop spoofing time():
```php
$jwt->setTestTimestamp();
```
#### Examples with `kid`
```php
$jwt = new JWT(['key1' => 'secret1', 'key2' => 'secret2']);
// Use key2
$token = $jwt->encode(['a' => 1, 'exp' => time() + 1000], ['kid' => 'key2']);
$payload = $jwt->decode($token);
$token = $jwt->encode(['a' => 1, 'exp' => time() + 1000], ['kid' => 'key3']);
// -> Exception with message Unknown key ID key3
```
## Stabillity
The library is now marked at version `1.*.*` as being stable in functionality and API.
### Integration
#### Phalcon
Check [adhocore/phalcon-ext](https://github.com/adhocore/phalcon-ext).
#### Laravel/Lumen
Coming soon [laravel-jwt](https://github.com/adhocore/laravel-jwt).
### Consideration
Be aware of some security related considerations as outlined [here](http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/) which can be valid for any JWT implementations.
没有合适的资源?快使用搜索试试~ 我知道了~
一个token的源码php-jwt
共44个文件
sample:13个
php:6个
head:4个
需积分: 5 2 下载量 171 浏览量
2023-01-13
17:59:05
上传
评论
收藏 135KB ZIP 举报
温馨提示
php-jwt是一个非常好用的token机制,它配合app可实现安全性的用户鉴权问题,但是token都有一个过期时间,如果过期了,如何让用户无感知进行刷新呢?其实这个主要是在前端进行判断,如果token过期,后端肯定会给前端返回一个过期提示,同时我们定义一个错误码来标识,如:1002,那前端拿到这个标识进行判断,如果过期,则去调用刷新接口,具体看下面的代码:
资源推荐
资源详情
资源评论
收起资源包目录
php-jwt.zip (44个子文件)
.editorconfig 384B
.github
dependabot.yml 156B
workflows
build.yml 1KB
FUNDING.yml 54B
phpunit.xml.dist 612B
src
JWTException.php 290B
JWT.php 8KB
ValidatesJWT.php 4KB
LICENSE 1KB
composer.json 888B
tests
JWTTest.php 7KB
bootstrap.php 248B
stubs
priv.key 2KB
.git
index 2KB
HEAD 21B
refs
heads
main 41B
tags
remotes
origin
HEAD 30B
objects
pack
pack-0626363678f14a8e622009517d81a6b036ef418e.pack 89KB
pack-0626363678f14a8e622009517d81a6b036ef418e.idx 14KB
info
description 73B
packed-refs 985B
info
exclude 240B
logs
HEAD 185B
refs
heads
main 185B
remotes
origin
HEAD 185B
hooks
post-update.sample 189B
prepare-commit-msg.sample 1KB
commit-msg.sample 896B
pre-receive.sample 544B
update.sample 4KB
pre-commit.sample 2KB
pre-rebase.sample 5KB
applypatch-msg.sample 478B
fsmonitor-watchman.sample 5KB
push-to-checkout.sample 3KB
pre-applypatch.sample 424B
pre-push.sample 1KB
pre-merge-commit.sample 416B
config 298B
CHANGELOG.md 4KB
VERSION 7B
test.php 6KB
.gitignore 87B
README.md 5KB
共 44 条
- 1
资源评论
flysent
- 粉丝: 1
- 资源: 22
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功