Introduction
This document is available online at https://web-token.spomky-labs.com.
JWT Framework
This framework provides an implementation of:
This framework is not just a library, it also contains a Symfony bundle for easy integration into your application. It also provides a standalone console command that will help you to manage your keys and key sets.
Provided Features
Supported Input Types:
JWS or JWE objects support every input that can be encoded into JSON:
string
,array
,integer
,float
...Objects that implement the
\JsonSerializable
interface such asJWK
orJWKSet
The detached payload is supported.
Supported Serialization Modes
Compact JSON Serialization Syntax for JWS and JWE
Flattened JSON Serialization Syntax for JWS and JWE
General JSON Serialization Syntax for JWS and JWE
Supported Compression Methods
Supported Key Types (JWK)
JWK objects support JSON Web Key Thumbprint (RFC 7638).
Note: we use a none
key type for the none
algorithm only.
Key Sets (JWKSet)
JWKSet is fully supported.
Supported Signature Algorithms
Supported Key Encryption Algorithms
Supported Content Encryption Algorithms
Prerequisites
This framework needs at least:
GMP extension.
MBString extension.
Depending on the algorithms you using, other PHP extensions may be required (e.g. OpenSSL).
Please also consider the following optional requirements:
If you intent to use
EdDSA
orECDH-ES
algorithm withEd25519
/X25519
curves on PHP 7.1, please install this third party extension
Continuous Integration
It has been successfully tested using PHP 7.1
, PHP 7.2
and nightly
with all algorithms.
Tests vectors from the RFC 7520 are fully implemented and all tests pass. Other test vector sources may be used (e.g. new algorithm specifications).
We also track bugs and code quality using Scrutinizer-CI and Sensio Insight.
Coding Standards are verified by StyleCI.
Code coverage is analyzed by Coveralls.io.
How to use
Security Recommendations
To avoid security issues on your application, please follow these Security Recommendations carefully.
Performances
Please read the performance page to know how to test the algorithms of the framework.
You can also see the last benchmarks made with our development environment.
Contributing
Requests for new features, bug fixed and all other ideas to make this framework useful are welcome. If you feel comfortable writing code, you could try to fix opened issues where help is wanted or those that are easy to fix.
Do not forget to follow these best practices.
If you think you have found a security issue, DO NOT open an issue. You MUST submit your issue here.
Licence
This project is release under MIT licence.
Last updated