JWT Framework
v3.2
v3.2
  • Introduction
  • Introduction
    • Provided Features
    • Security Recommendations
    • The Framework
    • Pre-requisite
    • Continous Integration
    • Contributing
  • The Components
    • Algorithm Management (JWA)
    • Key (JWK) and Key Set (JWKSet)
      • Key (JWK)
      • Key Set (JWKSet)
    • Header Checker
    • Claim Checker
    • Signed Tokens (JWS)
      • Signature Algorithms
      • JWS Creation
      • JWS Loading
    • Encrypted Tokens (JWE)
      • Encryption Algorithms
      • JWE Creation
      • JWE Loading
  • The Symfony Bundle
    • Symfony Bundle
    • Algorithm Management
    • Key and Key Set Management
      • Key Management (JWK)
      • Key Set Management (JWKSet)
    • Header and Claim Checker Management
    • Signed Tokens
      • JWS serializers
      • JWS creation
      • JWS verification
    • Encrypted Tokens
      • JWE serializers
      • JWE creation
      • JWE decryption
    • Configuration Helper
    • Events
  • Console Command
    • Console
    • Standalone Application
    • PHAR Application
    • Symfony Console
  • Advanced Topics
    • Nested Tokens
    • Serialization
    • Custom Algorithm
    • Signed tokens and
      • Unprotected Header
      • Multiple Signatures
      • Detached Payload
      • Unencoded Payload
    • Encrypted tokens and
      • Unprotected Headers
      • Multiple Recipients
      • Additional Authentication Data (AAD)
  • Benchmark
    • How To
    • Result table
  • Migration
    • From v1.x to v2.0
    • From v2.x to v3.0
    • From v3.x to v4.0
Powered by GitBook
On this page
  • Supported Input Types:
  • Supported Serialization Modes
  • Supported Compression Methods
  • Supported Key Types (JWK)
  • Key Sets (JWKSet)
  • Supported Signature Algorithms
  • Supported Key Encryption Algorithms
  • Supported Content Encryption Algorithms

Was this helpful?

Edit on GitHub
Export as PDF
  1. Introduction

Provided Features

PreviousIntroductionNextSecurity Recommendations

Last updated 10 months ago

Was this helpful?

Supported Input Types:

JWS or JWE objects support every input that can be encoded into JSON:

  • string, array, integer, float...

  • Objects that implement the \JsonSerializable interface such as JWK or JWKSet

The is supported.

Supported Serialization Modes

Serialization syntax
JWS
JWE

Compact

YES

YES

Flattened JSON

YES

YES

General JSON

YES

YES

Supported Compression Methods

Compression mode
Supported

Deflate (DEF)

YES

Compression is not recommended. Please avoid its use. See for more information.

Supported Key Types (JWK)

Key Type
Supported
Comment

oct

YES

Symmetric keys

RSA

YES

RSA based asymmetric keys

EC

YES

Elliptic Curves based asymmetric keys

OKP

YES

Octet Key Pair based asymmetric keys

A none key type for the none algorithm. It is used to explicitly allow this unsecured algorithm.

Key Sets (JWKSet)

JWKSet is fully supported.

Supported Signature Algorithms

Signature Algorithm
Supported
Comment

HS256

HS384

HS512

YES

ES256

ES384

ES512

YES

RS256

RS384

RS512

YES

PS256

PS384

PS512

YES

GMP or BCMath extension is highly recommended

none

YES

Please note that this is not a secured algorithm. USE IT WITH CAUTION!

EdDSA with Ed25519 curve

YES

SODIUM extension is highly required

EdDSA with Ed448 curve

NO

No extension or built-in implementation available

Other signature algorithms like RS1, HS1 or HS256/64 are also available. These algorithms should be used for testing purpose only or for compatibility with old systems

Supported Key Encryption Algorithms

Key Encryption Algorithm
Supported

dir

YES

RSA1_5

RSA-OAEP

RSA-OAEP-256

YES

GMP or BCMath extension is highly recommended Read note below!

ECDH-ES

ECDH-ES+A128KW

ECDH-ES+A192KW

ECDH-ES+A256KW

YES

spomky-labs/aes-key-wrap is required for *KW algorithms

ECDH-SS

ECDH-SS+A128KW

ECDH-SS+A192KW

ECDH-SS+A256KW

YES

spomky-labs/aes-key-wrap is required for *KW algorithms

A128KW

A192KW

A256KW

YES

spomky-labs/aes-key-wrap is required

PBES2-HS256+A128KW

PBES2-HS384+A192KW

PBES2-HS512+A256KW

YES

spomky-labs/aes-key-wrap is required

A128GCMKW

A192GCMKW

A256GCMKW

YES

spomky-labs/aes-key-wrap is required

ECDH-ES with X25519 curve

YES

SODIUM extension is highly required

ECDH-ES with X448 curve

NO

No extension or built-in implementation available

Other encryption algorithms like RSA-OEAP-384 or ChaCha20-Poly1305 are also available. These algorithms should be used for testing purpose only or for compatibility with old systems

The algorithms RSA1_5 and RSA-OAEP are now deprecated. Please use with caution.

Supported Content Encryption Algorithms

Content Encryption Algorithm
Supported

A128CBC+HS256

A192CBC+HS384

A256CBC+HS512

YES

A128GCM

A192GCM

A256GCM

YES

Other encryption algorithms like A128CTR, A192CTR and A256CTR are also available. These algorithms should be used for testing purpose only or for compatibility with old systems

JWK objects support JSON Web Key Thumbprint ().

detached payload
RFC8725
RFC 7638