JSON Web Token implementation, based on this spec: https://tools.ietf.org/html/rfc7519
PHP version 5
- Full name:
\Firebase\JWT\JWT
See Also:
| Constant | Visibility | Type | Value |
|---|---|---|---|
ASN1_INTEGER |
private | 0x2 | |
ASN1_SEQUENCE |
private | 0x10 | |
ASN1_BIT_STRING |
private | 0x3 |
When checking nbf, iat or expiration times, we want to provide some extra leeway time to account for clock skew.
public static int $leeway- This property is static.
Allow the current timestamp to be specified.
public static ?int $timestampUseful for fixing a value within unit testing. Will default to PHP time() value if null.
- This property is static.
public static array<string,string[]> $supported_algs- This property is static.
Decodes a JWT string into a PHP object.
public static decode(string $jwt, \Firebase\JWT\Key|array<string,\Firebase\JWT\Key> $keyOrKeyArray): \stdClass- This method is static.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$jwt |
string | The JWT |
$keyOrKeyArray |
\Firebase\JWT\Key|array<string,\Firebase\JWT\Key> | The Key or associative array of key IDs (kid) to Key objects. If the algorithm used is asymmetric, this is the public key Each Key object contains an algorithm and matching key. Supported algorithms are 'ES384','ES256', 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', and 'RS512' |
Return Value:
The JWT's payload as a PHP object
Converts and signs a PHP object or array into a JWT string.
public static encode(array $payload, string|resource|\OpenSSLAsymmetricKey|\OpenSSLCertificate $key, string $alg, string $keyId = null, array<string,string> $head = null): string- This method is static.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$payload |
array | PHP array |
$key |
string|resource|\OpenSSLAsymmetricKey|\OpenSSLCertificate | The secret key. |
$alg |
string | Supported algorithms are 'ES384','ES256', 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', and 'RS512' |
$keyId |
string | |
$head |
array<string,string> | An array with header elements to attach |
Return Value:
A signed JWT
Sign a string with a given key and algorithm.
public static sign(string $msg, string|resource|\OpenSSLAsymmetricKey|\OpenSSLCertificate $key, string $alg): string- This method is static.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$msg |
string | The message to sign |
$key |
string|resource|\OpenSSLAsymmetricKey|\OpenSSLCertificate | The secret key. |
$alg |
string | Supported algorithms are 'ES384','ES256', 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', and 'RS512' |
Return Value:
An encrypted message
Verify a signature with the message, key and method. Not all methods are symmetric, so we must have a separate verify and sign method.
private static verify(string $msg, string $signature, string|resource|\OpenSSLAsymmetricKey|\OpenSSLCertificate $keyMaterial, string $alg): bool- This method is static.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$msg |
string | The original message (header and body) |
$signature |
string | The original signature |
$keyMaterial |
string|resource|\OpenSSLAsymmetricKey|\OpenSSLCertificate | For HS*, a string key works. for RS*, must be an instance of OpenSSLAsymmetricKey |
$alg |
string | The algorithm |
Decode a JSON string into a PHP object.
public static jsonDecode(string $input): mixed- This method is static.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$input |
string | JSON string |
Return Value:
The decoded JSON string
Encode a PHP array into a JSON string.
public static jsonEncode(array $input): string- This method is static.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$input |
array | A PHP array |
Return Value:
JSON representation of the PHP array
Decode a string with URL-safe Base64.
public static urlsafeB64Decode(string $input): string- This method is static.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$input |
string | A Base64 encoded string |
Return Value:
A decoded string
Encode a string with URL-safe Base64.
public static urlsafeB64Encode(string $input): string- This method is static.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$input |
string | The string you want encoded |
Return Value:
The base64 encode of what you passed in
Determine if an algorithm has been provided for each Key
private static getKey(\Firebase\JWT\Key|\ArrayAccess<string,\Firebase\JWT\Key>|array<string,\Firebase\JWT\Key> $keyOrKeyArray, string|null $kid): \Firebase\JWT\Key- This method is static.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$keyOrKeyArray |
\Firebase\JWT\Key|\ArrayAccess<string,\Firebase\JWT\Key>|array<string,\Firebase\JWT\Key> | |
$kid |
string|null |
public static constantTimeEquals(string $left, string $right): bool- This method is static.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$left |
string | The string of known length to compare against |
$right |
string | The user-supplied string |
Helper method to create a JSON error.
private static handleJsonError(int $errno): void- This method is static.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$errno |
int | An error number from json_last_error() |
Get the number of bytes in cryptographic strings.
private static safeStrlen(string $str): int- This method is static.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$str |
string |
Convert an ECDSA signature to an ASN.1 DER sequence
private static signatureToDER(string $sig): string- This method is static.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$sig |
string | The ECDSA signature to convert |
Return Value:
The encoded DER object
Encodes a value into a DER object.
private static encodeDER(int $type, string $value): string- This method is static.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$type |
int | DER tag |
$value |
string | the value to encode |
Return Value:
the encoded object
Encodes signature from a DER object.
private static signatureFromDER(string $der, int $keySize): string- This method is static.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$der |
string | binary signature in DER format |
$keySize |
int | the number of bits in the key |
Return Value:
the signature
Reads binary DER-encoded data and decodes into a single object
private static readDER(string $der, int $offset): array- This method is static.
Parameters:
| Parameter | Type | Description |
|---|---|---|
$der |
string | the binary data in DER format |
$offset |
int | the offset of the data stream containing the object to decode |