1 of 4

Encrypted Tokens

To use the encrypted tokens (JWE), you have to install the web-token/jwt-encryption component.

composer require web-token/jwt-encryption

When this component is installed, encryption algorithms are automatically handles by the Algorithm Manager Factory.

JWE serializers,
JWE creation,
JWE decryption.

You can use symfony/serializer to serialize/unserialize your tokens:

// $serializer corresponds to the Symfony serializer
$serializer->serialize($data, 'jwe_compact');

JWE serializers

JWE Serializer Manager Factory Service

A JWESerializerManagerFactory is available as a service in your application container:

<?php
use Jose\Component\Encryption\JWESerializerManagerFactory;

$jweSerializerManagerFactory = $container->get(JWESerializerManagerFactory::class);

With this factory, you will be able to create the JWESerializerManager you need:

$jweSerializerManager = $jweSerializerManagerFactory->create(['jwe_compact']);

You can now use the JWESerializerManager as explained in the JWE Creation/Loading section.

Available JWE serialization modes are:

jwe_compact
jwe_json_general
jwe_json_flattened

JWE Serializer Manager As Service

There is also another way to create a JWESerializerManager object: using the bundle configuration.

jose:
    jwe:
        serializers:
            serializer1:
                serializers: ['jwe_compact']
                is_public: true

With the previous configuration, the bundle will create a public JWE Serializer Manager service named jose.jwe_serializer.serializer1 with selected serialization modes.

<?php
$jweSerializerManager = $container->get('jose.jwe_serializer.serializer1');

Custom Tags

You can add custom tags and attributes to the services you create.

jose:
    jwe:
        serializers:
            serializer1:
                serializers: ['jwe_compact']
                tags:
                    tag_name1: ~
                    tag_name2: {attribute1: 'foo'}

JWE creation

JWE Builder Factory Service

A JWEBuilderFactory is available as a service in your application container:

<?php
use Jose\Component\Encryption\JWEBuilderFactory;

$jweBuilderFactory = $container->get(JWEBuilderFactory::class);

With this factory, you will be able to create the JWEBuilder you need:

$jweBuilder = $jweBuilderFactory->create(
    ['A256GCMKW'],
    ['A256CBC-HS256'],
    ['DEF'] // Compression methods
);

Available compression methods are:

DEF: deflate (recommended)
GZ: gzip
ZLIB: zlib

You can now use the JWEBuilder as explained in the JWE Creation section.

JWE Builder As Service

There is also another way to create a JWEBuilder object: using the bundle configuration.

jose:
    jwe:
        builders:
            builder1:
                key_encryption_algorithms: ['A256GCMKW']
                content_encryption_algorithms: ['A256CBC-HS256']
                compression_methods: ['DEF']
                is_public: true

With the previous configuration, the bundle will create a public JWE Builder service named jose.jwe_builder.builder1 with selected encryption algorithms.

<?php
$jweBuilder = $container->get('jose.jwe_builder.builder1');

Custom Tags

You can add custom tags and attributes to the services you create.

jose:
    jwe:
        builders:
            builder1:
                key_encryption_algorithms: ['A256GCMKW']
                content_encryption_algorithms: ['A256CBC-HS256']
                compression_methods: ['DEF']
                tags:
                    tag_name1: ~
                    tag_name2: {attribute1: 'foo'}

JWE decryption

JWE Decrypter Factory Service

A JWEDecrypterFactory is available as a service in your application container:

With this factory, you will be able to create the JWEDecrypter you need:

You can now use the JWEDecrypter as explained in the JWE Creation section.

Reminder: it is important to check the token headers. See the checker section of this documentation.

JWE Decrypter As Service

There is also another way to create a JWEDecrypter object: using the bundle configuration.

With the previous configuration, the bundle will create a public JWE Decrypter service named jose.jwe_decrypter.decrypter1 with selected encryption algorithms.

Custom Tags

This feature was introduced in version 1.1.

You can add custom tags and attributes to the services you create.

JWE Loader Service

The is available as a public service. You can retrieve it using the container or inject it into your services. It will help you to create JWELoader objects on demand.

You can also create JWELoader objects as services using the configuration of the bundle.

Or using the .

JWE creation

JWE Builder Factory Service

A JWEBuilderFactory is available as a service in your application container:

<?php
use Jose\Component\Encryption\JWEBuilderFactory;

$jweBuilderFactory = $container->get(JWEBuilderFactory::class);

With this factory, you will be able to create the JWEBuilder you need:

$jweBuilder = $jweBuilderFactory->create(
    ['A256GCMKW'],
    ['A256CBC-HS256'],
    ['DEF'] // Compression methods
);

Available compression methods are:

DEF: deflate (recommended)
GZ: gzip
ZLIB: zlib

You can now use the JWEBuilder as explained in the JWE Creation section.

JWE Builder As Service

There is also another way to create a JWEBuilder object: using the bundle configuration.

jose:
    jwe:
        builders:
            builder1:
                key_encryption_algorithms: ['A256GCMKW']
                content_encryption_algorithms: ['A256CBC-HS256']
                compression_methods: ['DEF']
                is_public: true

With the previous configuration, the bundle will create a public JWE Builder service named jose.jwe_builder.builder1 with selected encryption algorithms.

<?php
$jweBuilder = $container->get('jose.jwe_builder.builder1');

Custom Tags

You can add custom tags and attributes to the services you create.

jose:
    jwe:
        builders:
            builder1:
                key_encryption_algorithms: ['A256GCMKW']
                content_encryption_algorithms: ['A256CBC-HS256']
                compression_methods: ['DEF']
                tags:
                    tag_name1: ~
                    tag_name2: {attribute1: 'foo'}

JWE serializers

JWE Serializer Manager Factory Service

A JWESerializerManagerFactory is available as a service in your application container:

<?php
use Jose\Component\Encryption\JWESerializerManagerFactory;

$jweSerializerManagerFactory = $container->get(JWESerializerManagerFactory::class);

With this factory, you will be able to create the JWESerializerManager you need:

$jweSerializerManager = $jweSerializerManagerFactory->create(['jwe_compact']);

You can now use the JWESerializerManager as explained in the JWE Creation/Loading section.

Available JWE serialization modes are:

jwe_compact
jwe_json_general
jwe_json_flattened

JWE Serializer Manager As Service

There is also another way to create a JWESerializerManager object: using the bundle configuration.

jose:
    jwe:
        serializers:
            serializer1:
                serializers: ['jwe_compact']
                is_public: true

With the previous configuration, the bundle will create a public JWE Serializer Manager service named jose.jwe_serializer.serializer1 with selected serialization modes.

<?php
$jweSerializerManager = $container->get('jose.jwe_serializer.serializer1');

Custom Tags

You can add custom tags and attributes to the services you create.

jose:
    jwe:
        serializers:
            serializer1:
                serializers: ['jwe_compact']
                tags:
                    tag_name1: ~
                    tag_name2: {attribute1: 'foo'}