invenso/microsoft-jwt

一个简单的库,用于在PHP中验证和解码Microsoft Azure Active Directory (Azure AD)和Microsoft Active Directory Federation Services (ADFS)的JSON Web Tokens (JWT),符合RFC 7519

维护者

详细信息

github.com/InvensoGroup/microsoft-jwt

主页

源代码

安装量: 3,722

依赖者: 0

建议者: 0

安全: 0

星级: 0

关注者: 0

分支: 1,408

1.3.0-rc3 2022-09-06 08:17 UTC

Requires

Requires (Dev)

BSD-3-Clause 6a2ad53dd30de94b251c53254419923664f02aae

  • Jeroen Aalders <jeroen.aalders.woop@invenso.nl>
  • Invenso

phpOpenIdazuremicrosoftadjwtadfs

This package is auto-updated.

Last update: 2024-09-06 12:36:18 UTC

README

Packagist GitHub Test Coverage Status GitHub license
firebase/php-jwt Version

microsoft-jwt

一个简单的库,用于在PHP中验证和解码Microsoft Azure Active Directory (Azure AD)和Microsoft Active Directory Federation Services (ADFS)的JSON Web Tokens (JWT),符合RFC 7519

多租户支持

firebase/php-jwt分支而来

安装

使用composer管理依赖关系并下载microsoft-jwt

composer require Invenso/microsoft-jwt

示例

ADFS

<?php

use Invenso\Microsoft\JWT\Adfs\AdfsConfiguration;
use Invenso\Microsoft\JWT\Adfs\AdfsAccessTokenJWT;
use Invenso\Microsoft\JWT\Adfs\AdfsIdTokenJWT;

...

/**
 * AdfsConfiguration class will go to https://{your_asfs_hostname}/adfs/.well-known/openid-configuration to parse the configuration for your application
 *
 */
$config_options = [
  'client_id' => '{client_id}',
  'hostname' => '{your_asfs_hostname}',
];

/**
 * You can also specific the local configuration by
 */
// $config_options = [
//   'client_id' => '{client_id}',
//   'config_uri' => 'local_path_to_configuration_json',
// ];

$config = new AdfsConfiguration($config_options);

$id_token = 'adfs.id.token.jwt';
$access_token = 'adfs.access.token.jwt';

/**
 * If id token is invalid, exception will be thrown.
 */
$id_token_jwt = new AdfsIdTokenJWT($config, $id_token);
echo "\n";
// Getting payload from id token
print_r($id_token_jwt->getPayload());
echo "\n";
// Getting value from payload by attribute of id token
print_r($id_token_jwt->get('attribute_name'));
echo "\n";

/**
 * If id token is invalid, exception will be thrown.
 * To validate and decode access token jwt, you need to pass $audience (scope name of your app)
 */
$access_token_jwt = new AdfsAccessTokenJWT($config, $access_token, $audience);
echo "\n";
// Getting payload from access token
print_r($access_token_jwt->getPayload());
echo "\n";
// Getting value from payload by attribute of access token
print_r($access_token_jwt->get('attribute_name'));
echo "\n";

/**
 * You might want to 'cache' the tokens for expire validation
 * To check whether the access token and id token are expired, simply call
 */
echo ($id_token_jwt->isExpired()) ? 'Id token is expired' : 'Id token is valid';
echo ($id_token->isExpired()) ? 'Access token is expired' : 'Access token is valid';

Azure Ad

<?php

use Invenso\Microsoft\JWT\AzureAd\AzureAdConfiguration;
use Invenso\Microsoft\JWT\AzureAd\AzureAdAccessTokenJWT;
use Invenso\Microsoft\JWT\AzureAd\AzureAdIdTokenJWT;

...

/**
 * AzureAdConfiguration class will go to https://login.microsoftonline.com/{tenant}/v2.0/.well-known/openid-configuration to parse the configuration for your application
 */
$config_options = [
  'tenant' => '{tenant_id} | common | organizations | consumers',
  'tenant_id' => '{tenant_id}' | null,
  'client_id' => '{client_id}'
];

/**
 * You can also specific the local configuration by
 */
// $config_options = [
//   'tenant' => '{tenant_id} | common | organizations | consumers',
//   'tenant_id' => '{tenant_id}' | null, // leave empty when using common | organizations | consumers to support multi-tenant
//   'client_id' => '{client_id}'
//   'config_uri' => 'local_path_to_configuration_json',
// ];

$config = new AzureAdConfiguration($config_options);

$id_token = 'azure_ad.id.token.jwt';
$access_token = 'azure_ad.access.token.jwt';

/**
 * If id token is invalid, exception will be thrown.
 */
$id_token_jwt = new AzureAdIdTokenJWT($config, $id_token);
echo "\n";
/**
 * You could also pass $audience if needed
 */
// $id_token_jwt = new AzureAdIdTokenJWT($config, $id_token, $audience);
// echo "\n";

// Getting payload from id token
print_r($id_token_jwt->getPayload());
echo "\n";
// Getting value from payload by attribute of id token
print_r($id_token_jwt->get('attribute_name'));
echo "\n";

/**
 * If id token is invalid, exception will be thrown.
 * To validate and decode access token jwt, you need to pass $audience (scope name of your app)
 */
$access_token_jwt = new AzureAdAccessTokenJWT($config, $access_token, $audience);
echo "\n";
// Getting payload from access token
print_r($access_token_jwt->getPayload());
echo "\n";
// Getting value from payload by attribute of access token
print_r($access_token_jwt->get('attribute_name'));
echo "\n";

/**
 * You might want to 'cache' the tokens for expire validation
 * To check whether the access token and id token are expired, simply call
 */
echo ($id_token_jwt->isExpired()) ? 'Id token is expired' : 'Id token is valid';
echo ($id_token->isExpired()) ? 'Access token is expired' : 'Access token is valid';

缓存支持

我们提供了一个选项来缓存open id配置,以减少网络流量。您可以使用以下缓存选项之一

  • 文件
  • Redis
  • Memcached

ADFS

文件

$config_options = [
  'client_id' => '{client_id}',
  'hostname' => '{your_asfs_hostname}',
  'cache' => [
    'type' => 'file',
    'path' => '{cache_file_path}'
  ]
];
$config = new AdfsConfiguration($config_options);

Redis

客户端期望一个RedisPredis实例

$redis_client = new \Redis();
$redis_client->pconnect('redis', 6379);

$predis_client = new \Predis\Client([
  'scheme' => 'tcp',
  'host'   => 'redis',
  'port'   => 6379,
]);

$config_options = [
  'client_id' => '{client_id}',
  'hostname' => '{your_asfs_hostname}',
  'cache' => [
    'type' => 'redis',
    'client' => $redis_client // or $predis_client
  ]
];
$config = new AdfsConfiguration($config_options);

Memcached

客户端期望一个Memcached实例

$memcached_client = new \Memcached();
$memcached_client->addServer('memcached', 11211);

$config_options = [
  'client_id' => '{client_id}',
  'hostname' => '{your_asfs_hostname}',
  'cache' => [
    'type' => 'memcache',
    'client' => $memcached_client
  ]
];
$config = new AdfsConfiguration($config_options);

Azure Ad

文件

$config_options = [
  'tenant' => '{tenant_id} | common | organizations | consumers',
  'tenant_id' => '{tenant_id}',
  'client_id' => '{client_id}',
  'cache' => [
    'type' => 'file',
    'path' => '{cache_file_path}'
  ]
];

$config = new AzureAdConfiguration($config_options);

Redis

客户端期望一个RedisPredis实例

$redis_client = new \Redis();
$redis_client->pconnect('redis', 6379);

$predis_client = new \Predis\Client([
  'scheme' => 'tcp',
  'host'   => 'redis',
  'port'   => 6379,
]);

$config_options = [
  'tenant' => '{tenant_id} | common | organizations | consumers',
  'tenant_id' => '{tenant_id}',
  'client_id' => '{client_id}',
  'cache' => [
    'type' => 'redis',
    'client' => $redis_client // or $predis_client
  ]
];
$config = new AzureAdConfiguration($config_options);

Memcached

客户端期望一个Memcached实例

$memcached_client = new \Memcached();
$memcached_client->addServer('memcached', 11211);

$config_options = [
  'tenant' => '{tenant_id} | common | organizations | consumers',
  'tenant_id' => '{tenant_id}',
  'client_id' => '{client_id}',
  'cache' => [
    'type' => 'memcache',
    'client' => $memcached_client
  ]
];
$config = new AzureAdConfiguration($config_options);

测试

使用phpunit运行测试

$ composer install
$ composer run test

许可证

3-Clause BSD.