JWT Framework
JWT Framework
JWT Framework
JWT Framework
Introduction
Introduction
Provided Features
Pre-requisite
Continous Integration
Contributing
The Easy Way
The "Easy" Way
The Components
Algorithm Management (JWA)
Key (JWK) and Key Set (JWKSet)
Header Checker
Claim Checker
Signed Tokens (JWS)
Encrypted Tokens (JWE)
The Symfony Bundle
Symfony Bundle
Algorithm Management
Key and Key Set Management
Header and Claim Checker Management
Signed Tokens
Encrypted Tokens
Configuration Helper
Events
Profiling/Debugging
Console Command
Console
Standalone Application
PHAR Application
Symfony Console
Advanced Topics
Security Recommendations
Nested Tokens
Serialization
Custom Algorithm
Signed tokens and
Encrypted tokens and
Benchmark
How To
Result table
Migration
Migration
Powered by GitBook

Provided Features

Supported Input Types:

JWS or JWE objects support every input that can be encoded into JSON:

  • string, array, integer, float...

  • Objects that implement the \JsonSerializable interface such as JWK or JWKSet

The detached payload is supported.

Supported Serialization Modes

  • Compact JSON Serialization Syntax for JWS and JWE

  • Flattened JSON Serialization Syntax for JWS and JWE

  • General JSON Serialization Syntax for JWS and JWE

Supported Compression Methods

Compression Method

Supported

Deflate (DEF)

YES

Supported Key Types (JWK)

Key Type

Supported

Comment

oct

YES

Symmetric keys

RSA

YES

RSA based asymmetric keys

EC

YES

Elliptic Curves based asymmetric keys

OKP

YES

Octet Key Pair based asymmetric keys

JWK objects support JSON Web Key Thumbprint (RFC 7638).

A none key type for the none algorithm. It is used to explicitly allow this unsecured algorithm.

Key Sets (JWKSet)

JWKSet is fully supported.

Supported Signature Algorithms

Signature Algorithm

Supported

Comment

HS256, HS384 and HS512

YES

​

ES256, ES384 and ES512

YES

​

RS256, RS384 and RS512

YES

​

PS256, PS384 and PS512

YES

​

none

YES

Please note that this is not a secured algorithm. USE IT WITH CAUTION!

EdDSA with Ed25519 curve

YES

​With PHP 7.1, third party extension highly recommended​

EdDSA with Ed448 curve

NO

No extension or built-in implementation available

Other signature algorithms like RS1, HS1 or HS256/64 are also available. These algorithms should be used for testing purpose only or for compatibility with old systems

Supported Key Encryption Algorithms

Key Encryption Algorithm

Supported

dir

YES

RSA1_5, RSA-OAEP and RSA-OAEP-256

YES

ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW and ECDH-ES+A256KW

YES

A128KW, A192KW and A256KW

YES

PBES2-HS256+A128KW, PBES2-HS384+A192KW and PBES2-HS512+A256KW

YES

A128GCMKW, A192GCMKW and A256GCMKW

YES

ECDH-ES with X25519 curve

YES

ECDH-ES with X448 curve

NO

Other encryption algorithms like RSA-OEAP-384 or ChaCha20-Poly1305 are also available. These algorithms should be used for testing purpose only or for compatibility with old systems

For the ECDH-ES with X25519 curve with PHP 7.1, the third party extension highly recommended​

The algorithms RSA1_5 and RSA-OAEP are now deprecated. Please use with caution.

Supported Content Encryption Algorithms

Content Encryption Algorithm

Supported

A128CBC+HS256, A192CBC+HS384 and A256CBC+HS512

YES

A128GCM, A192GCM and A256GCM

YES

Other encryption algorithms like A128CTR, A192CTR and A256CTR are also available. These algorithms should be used for testing purpose only or for compatibility with old systems

Previous
Introduction
Next - Introduction
Pre-requisite
Last updated 2 years ago
Edit on GitHub
Contents
Supported Input Types:
Supported Serialization Modes
Supported Compression Methods
Supported Key Types (JWK)
Key Sets (JWKSet)
Supported Signature Algorithms
Supported Key Encryption Algorithms
Supported Content Encryption Algorithms