JWT Framework
v2.x
v2.x
  • Introduction
  • Introduction
    • Provided Features
    • Pre-requisite
    • Continous Integration
    • Contributing
  • The Easy Way
    • The "Easy" Way
  • The Components
    • Algorithm Management (JWA)
    • Key (JWK) and Key Set (JWKSet)
      • Key (JWK)
      • Key Set (JWKSet)
    • Header Checker
    • Claim Checker
    • Signed Tokens (JWS)
      • Signature Algorithms
      • JWS Creation
      • JWS Loading
    • Encrypted Tokens (JWE)
      • Encryption Algorithms
      • JWE Creation
      • JWE Loading
  • The Symfony Bundle
    • Symfony Bundle
    • Algorithm Management
    • Key and Key Set Management
      • Key Management (JWK)
      • Key Set Management (JWKSet)
    • Header and Claim Checker Management
    • Signed Tokens
      • JWS serializers
      • JWS creation
      • JWS verification
    • Encrypted Tokens
      • JWE serializers
      • JWE creation
      • JWE decryption
    • Configuration Helper
    • Events
    • Profiling/Debugging
  • Console Command
    • Console
    • Standalone Application
    • PHAR Application
    • Symfony Console
  • Advanced Topics
    • Security Recommendations
    • Nested Tokens
    • Serialization
    • Custom Algorithm
    • Signed tokens and
      • Unprotected Header
      • Multiple Signatures
      • Detached Payload
      • Unencoded Payload
    • Encrypted tokens and
      • Unprotected Headers
      • Multiple Recipients
      • Additional Authentication Data (AAD)
  • Benchmark
    • How To
    • Result table
  • Migration
    • Migration
      • From v1.x to v2.0
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
Export as PDF
  1. Advanced Topics
  2. Encrypted tokens and

Unprotected Headers

PreviousEncrypted tokens andNextMultiple Recipients

Last updated 6 years ago

Was this helpful?

As well as the , the encrypted tokens also have unprotected header. But with one difference: there are two unprotected headers:

  • Shared unprotected header applicable to all recipients.

  • Per-recipient unprotected header.

With the example below, we will create an encrypted token for two recipient and some unprotected header parameters:

$jwe = $jweBuilder
    ->create()
    ->withPayload('...')
    ->withSharedProtectedHeader(['enc' => 'A256GCM', 'alg' => 'A256KW'])
    ->withSharedHeader(['author' => 'John Doe'])
    ->addRecipient($recipient_public_key_1, ['message' => 'Hello World!'])
    ->addRecipient($recipient_public_key_2, ['description' => 'Nice song for you'])
    ->build();

The variable $jwe will be a valid JWE object built for two recipients. The unprotected header parameter author is applicable to the whole token while message and description are available only for the first and second recipient respectively.

Note: when an unprotected header is set, the Compact Serialization mode is not available.

signed tokens