php-istio/jwt-payload-extractor

此包已被放弃且不再维护。未建议替代包。

库,用于从 Istio Envoy 代理中提取 JWT 负载。

维护者

详细信息

github.com/php-istio/jwt-payload-extractor

源代码

问题

安装次数: 27,919

依赖者: 1

建议者: 0

安全性: 0

星标: 2

关注者: 0

分支: 0

开放问题: 0

v1.1.1 2021-10-30 06:51 UTC

Requires

Requires (Dev)

MIT 38f1d31a32d281ab8e429ea3039dd072cd11e4cf

  • Minh Vuong <vuongxuongminh.woop@gmail.com>

This package is auto-updated.

Last update: 2023-08-29 02:41:35 UTC

README

unit tests coding standards codecov Latest Stable Version

关于

此库帮助从由 Istio Sidecar 转发的请求中提取可信的 JWT 负载。它基于 PSR-7 服务器请求消息,确保与其他包和框架的互操作性。

UML

需求

PHP 版本

  • PHP 8.0

安装

首先安装此库

composer require php-istio/jwt-payload-extractor

然后选择一个 PSR-7 实现包(例如:nyholm/psr7-server

composer require nyholm/psr7 nyholm/psr7-server

使用

Istio JWTRulesRequestAuthentication CRD(自定义资源定义)的一部分,支持转发原始令牌(forwardOriginalToken 选项),或者仅通过指定头名称(outputPayloadToHeader 选项)转发 base64 负载,根据您的策略,您需要选择从转发请求中提取可信 JWT 负载的方法

  • 从头中的原始令牌提取
<?php
$psr17Factory = new \Nyholm\Psr7\Factory\Psr17Factory();

$creator = new \Nyholm\Psr7Server\ServerRequestCreator(
    $psr17Factory, // ServerRequestFactory
    $psr17Factory, // UriFactory
    $psr17Factory, // UploadedFileFactory
    $psr17Factory  // StreamFactory
);

$serverRequest = $creator->fromGlobals();
$extractor = \Istio\JWTPayloadExtractor\ExtractorFactory::fromOriginTokenHeader('issuer.example');
$payload = $extractor->extract($serverRequest);

if(null !== $payload) {
    var_dump($payload);
}

// by default it extract token from `authorization` header with `Bearer ` prefix, you can change it via next args:

$extractor = \Istio\JWTPayloadExtractor\ExtractorFactory::fromOriginTokenHeader('issuer.example', 'x-token', 'yourPrefix ');
  • 从查询参数中的原始令牌提取
<?php
//......
$extractor = \Istio\JWTPayloadExtractor\ExtractorFactory::fromOriginTokenQueryParam('issuer.example', 'token');
$payload = $extractor->extract($serverRequest);
//......
  • 从头中的 base64 负载提取
<?php
//......
$extractor = \Istio\JWTPayloadExtractor\ExtractorFactory::fromBase64Header('issuer.example', 'x-istio-jwt-payload');
$payload = $extractor->extract($serverRequest);
//......
  • 如果您的应用程序有多个 JWT 发行者或多个提取策略
<?php
//......
$extractor = \Istio\JWTPayloadExtractor\ExtractorFactory::fromExtractors(
    \Istio\JWTPayloadExtractor\ExtractorFactory::fromBase64Header('issuer1.example', 'x-istio-jwt-payload'),
    \Istio\JWTPayloadExtractor\ExtractorFactory::fromOriginTokenQueryParam('issuer1.example', 'token'),
    \Istio\JWTPayloadExtractor\ExtractorFactory::fromOriginTokenHeader('issuer2.example', 'authorization'),
    \Istio\JWTPayloadExtractor\ExtractorFactory::fromOriginTokenQueryParam('issuer3.example', 'token'),
);
$payload = $extractor->extract($serverRequest);
//......

测试

此库使用 PHPUnit 进行单元测试

vendor/bin/phpunit

致谢