JWT Framework
v2.x
v2.x
  • Introduction
  • Introduction
    • Provided Features
    • Pre-requisite
    • Continous Integration
    • Contributing
  • The Easy Way
    • The "Easy" Way
  • The Components
    • Algorithm Management (JWA)
    • Key (JWK) and Key Set (JWKSet)
      • Key (JWK)
      • Key Set (JWKSet)
    • Header Checker
    • Claim Checker
    • Signed Tokens (JWS)
      • Signature Algorithms
      • JWS Creation
      • JWS Loading
    • Encrypted Tokens (JWE)
      • Encryption Algorithms
      • JWE Creation
      • JWE Loading
  • The Symfony Bundle
    • Symfony Bundle
    • Algorithm Management
    • Key and Key Set Management
      • Key Management (JWK)
      • Key Set Management (JWKSet)
    • Header and Claim Checker Management
    • Signed Tokens
      • JWS serializers
      • JWS creation
      • JWS verification
    • Encrypted Tokens
      • JWE serializers
      • JWE creation
      • JWE decryption
    • Configuration Helper
    • Events
    • Profiling/Debugging
  • Console Command
    • Console
    • Standalone Application
    • PHAR Application
    • Symfony Console
  • Advanced Topics
    • Security Recommendations
    • Nested Tokens
    • Serialization
    • Custom Algorithm
    • Signed tokens and
      • Unprotected Header
      • Multiple Signatures
      • Detached Payload
      • Unencoded Payload
    • Encrypted tokens and
      • Unprotected Headers
      • Multiple Recipients
      • Additional Authentication Data (AAD)
  • Benchmark
    • How To
    • Result table
  • Migration
    • Migration
      • From v1.x to v2.0
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
Export as PDF
  1. Advanced Topics
  2. Signed tokens and

Multiple Signatures

When you need to sign the same payload for several audiences, you may want to do it at once. The JWS Builder supports multiple signatures.

With the example below, we will create three signatures using three different algorithms (and signature keys):

$jws = $jwsBuilder
    ->create()
    ->withPayload('...')
    ->addSignature($signature_key1, ['alg' => 'HS256'])
    ->addSignature($signature_key2, ['alg' => 'RS384'])
    ->addSignature($signature_key3, ['alg' => 'ES512'])
    ->build();

The variable $jws will be a valid JWS object with all computed signatures. Next step is the serialization of these signatures.

use Jose\Component\Signature\Serializer;

$manager = Serializer\JWSSerializerManager::create([
    new Serializer\CompactSerializer(),
    new Serializer\JsonFlattenedSerializer(),
    new Serializer\JsonGeneralSerializer(),
]);

$tokenWithAllSignatures = $manager->serialize('jws_json_general', $jws);
$compactTokenWithSignatureAtIndex1 = $manager->serialize('jws_compact', $jws, 1);
$flattenedTokenWithSignatureAtIndex2 = $manager->serialize('jws_json_flattened', $jws, 2);
PreviousUnprotected HeaderNextDetached Payload

Last updated 6 years ago

Was this helpful?