通过以下链接搜索 
云创 / php-jwt
一个简单的PHP库,用于编码和解码JSON Web Tokens (JWT)。应符合当前规范。
1.0.0
2019-04-24 09:38 UTC
Requires
- php: >=5.3.0
Requires (Dev)
- phpunit/phpunit: 4.8.35
This package is auto-updated.
Last update: 2024-09-24 21:29:26 UTC
README
从 firebase/php-jwt 分支,添加 ES256 支持。
PHP-JWT
一个简单的PHP库,用于编码和解码JSON Web Tokens (JWT),符合 RFC 7519。
安装
使用composer管理您的依赖并下载PHP-JWT
composer require yunchuang/php-jwt
示例
<?php use \Firebase\JWT\JWT; $key = "example_key"; $token = array( "iss" => "http://example.org", "aud" => "http://example.com", "iat" => 1356999524, "nbf" => 1357000000 ); /** * IMPORTANT: * You must specify supported algorithms for your application. See * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40 * for a list of spec-compliant algorithms. */ $jwt = JWT::encode($token, $key); $decoded = JWT::decode($jwt, $key, array('HS256')); print_r($decoded); /* NOTE: This will now be an object instead of an associative array. To get an associative array, you will need to cast it as such: */ $decoded_array = (array) $decoded; /** * You can add a leeway to account for when there is a clock skew times between * the signing and verifying servers. It is recommended that this leeway should * not be bigger than a few minutes. * * Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef */ JWT::$leeway = 60; // $leeway in seconds $decoded = JWT::decode($jwt, $key, array('HS256')); ?>
RS256 (openssl) 示例
<?php use \Firebase\JWT\JWT; $privateKey = <<<EOD -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQC8kGa1pSjbSYZVebtTRBLxBz5H4i2p/llLCrEeQhta5kaQu/Rn vuER4W8oDH3+3iuIYW4VQAzyqFpwuzjkDI+17t5t0tyazyZ8JXw+KgXTxldMPEL9 5+qVhgXvwtihXC1c5oGbRlEDvDF6Sa53rcFVsYJ4ehde/zUxo6UvS7UrBQIDAQAB AoGAb/MXV46XxCFRxNuB8LyAtmLDgi/xRnTAlMHjSACddwkyKem8//8eZtw9fzxz bWZ/1/doQOuHBGYZU8aDzzj59FZ78dyzNFoF91hbvZKkg+6wGyd/LrGVEB+Xre0J Nil0GReM2AHDNZUYRv+HYJPIOrB0CRczLQsgFJ8K6aAD6F0CQQDzbpjYdx10qgK1 cP59UHiHjPZYC0loEsk7s+hUmT3QHerAQJMZWC11Qrn2N+ybwwNblDKv+s5qgMQ5 5tNoQ9IfAkEAxkyffU6ythpg/H0Ixe1I2rd0GbF05biIzO/i77Det3n4YsJVlDck ZkcvY3SK2iRIL4c9yY6hlIhs+K9wXTtGWwJBAO9Dskl48mO7woPR9uD22jDpNSwe k90OMepTjzSvlhjbfuPN1IdhqvSJTDychRwn1kIJ7LQZgQ8fVz9OCFZ/6qMCQGOb qaGwHmUK6xzpUbbacnYrIM6nLSkXgOAwv7XXCojvY614ILTK3iXiLBOxPu5Eu13k eUz9sHyD6vkgZzjtxXECQAkp4Xerf5TGfQXGXhxIX52yH+N2LtujCdkQZjXAsGdm B2zNzvrlgRmgBrklMTrMYgm1NPcW+bRLGcwgW2PTvNM= -----END RSA PRIVATE KEY----- EOD; $publicKey = <<<EOD -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8kGa1pSjbSYZVebtTRBLxBz5H 4i2p/llLCrEeQhta5kaQu/RnvuER4W8oDH3+3iuIYW4VQAzyqFpwuzjkDI+17t5t 0tyazyZ8JXw+KgXTxldMPEL95+qVhgXvwtihXC1c5oGbRlEDvDF6Sa53rcFVsYJ4 ehde/zUxo6UvS7UrBQIDAQAB -----END PUBLIC KEY----- EOD; $token = array( "iss" => "example.org", "aud" => "example.com", "iat" => 1356999524, "nbf" => 1357000000 ); $jwt = JWT::encode($token, $privateKey, 'RS256'); echo "Encode:\n" . print_r($jwt, true) . "\n"; $decoded = JWT::decode($jwt, $publicKey, array('RS256')); /* NOTE: This will now be an object instead of an associative array. To get an associative array, you will need to cast it as such: */ $decoded_array = (array) $decoded; echo "Decode:\n" . print_r($decoded_array, true) . "\n"; ?>
变更日志
5.0.0 / 2017-06-26
- 支持RS384和RS512。见 #117。感谢 @joostfaassen!
- 添加RS256 openssl的示例。见 #125。感谢 @akeeman!
- 检测签名中的无效Base64编码。见 #162。感谢 @psignoret!
- 更新
JWT::verify以处理OpenSSL错误。见 #159。感谢 @bshaffer! - 为
decode方法添加array类型提示。见 #101。感谢 @hywak! - 添加所有JSON错误类型。见 #110。感谢 @gbalduzzi!
- 修复 'kid' 不在给定的密钥列表中的问题。见 #129。感谢 @stampycode!
- 其他清理、文档和测试修复。见 #107、#115、#160、#161 和 #165。感谢 @akeeman、@chinedufn 和 @bshaffer!
4.0.0 / 2016-07-17
- 添加对延迟静态绑定的支持。见 #88 获取详细信息。感谢 @chappy84!
- 使用静态
$timestamp代替time()以提高单元测试。见 #93 获取详细信息。感谢 @josephmcdermott! - 修复异常类的问题。见 #81 获取详细信息。感谢 @Maks3w!
- 修复PHPDoc。见 #76 获取详细信息。感谢 @akeeman!
3.0.0 / 2015-07-22
- 最低PHP版本已从
5.2.0更新到5.3.0。 - 添加了
\Firebase\JWT命名空间。有关详细信息,请参阅#59。感谢@Dashron! - 解码和验证JWT时需要非空密钥。有关详细信息,请参阅#60。感谢@sjones608!
- 在代码中清理了文档块。有关详细信息,请参阅#62。感谢@johanderuijter!
2.2.0 / 2015-06-22
2.1.0 / 2015-05-20
- 为
JWT:decode()添加了支持添加一个容差值,该值考虑了签名和验证实体之间的时钟偏差。感谢@lcabral! - 为
JWT::decode()中的$keys参数添加了支持传递实现ArrayAccess接口的对象。感谢@aztech-dev!
2.0.0 / 2015-04-01
- 注意:强烈建议您更新到> v2.0.0,以解决在使用对称和非对称密钥同时使用时,先版本中已知的安全漏洞。
- 更新了
JWT::decode(...)的签名,以要求使用支持算法的数组来验证令牌签名。
测试
使用phpunit运行测试
$ pear install PHPUnit $ phpunit --configuration phpunit.xml.dist PHPUnit 3.7.10 by Sebastian Bergmann. ..... Time: 0 seconds, Memory: 2.50Mb OK (5 tests, 5 assertions)
私有密钥中的新行
如果您的私有密钥包含\n字符,请确保将其用双引号""括起来,而不是用单引号'',以便正确解释转义字符。