JWT Framework
Search…
JWE Creation
The computation of a JWE is done by the JWEBuilder object. This object requires the following services:
    an algorithm manager with key encryption algorithms
    an algorithm manager with content encryption algorithms
    a compression method manager. No compression method is needed if you do not intent to compress the payload.
1
<?php
2
3
use Jose\Component\Core\AlgorithmManager;
4
use Jose\Component\Encryption\Algorithm\KeyEncryption\A256KW;
5
use Jose\Component\Encryption\Algorithm\ContentEncryption\A256CBCHS512;
6
use Jose\Component\Encryption\Compression\CompressionMethodManager;
7
use Jose\Component\Encryption\Compression\Deflate;
8
use Jose\Component\Encryption\JWEBuilder;
9
10
// The key encryption algorithm manager with the A256KW algorithm.
11
$keyEncryptionAlgorithmManager = new AlgorithmManager([
12
new A256KW(),
13
]);
14
15
// The content encryption algorithm manager with the A256CBC-HS256 algorithm.
16
$contentEncryptionAlgorithmManager = new AlgorithmManager([
17
new A256CBCHS512(),
18
]);
19
20
// The compression method manager with the DEF (Deflate) method.
21
$compressionMethodManager = new CompressionMethodManager([
22
new Deflate(),
23
]);
24
25
// We instantiate our JWE Builder.
26
$jweBuilder = new JWEBuilder(
27
$keyEncryptionAlgorithmManager,
28
$contentEncryptionAlgorithmManager,
29
$compressionMethodManager
30
);
Copied!
Now let's create our first JWE object.
1
use Jose\Component\Core\JWK;
2
3
// Our key.
4
$jwk = new JWK([
5
'kty' => 'oct',
6
'k' => 'dzI6nbW4OcNF-AtfxGAmuyz7IpHRudBI0WgGjZWgaRJt6prBn3DARXgUR8NVwKhfL43QBIU2Un3AvCGCHRgY4TbEqhOi8-i98xxmCggNjde4oaW6wkJ2NgM3Ss9SOX9zS3lcVzdCMdum-RwVJ301kbin4UtGztuzJBeg5oVN00MGxjC2xWwyI0tgXVs-zJs5WlafCuGfX1HrVkIf5bvpE0MQCSjdJpSeVao6-RSTYDajZf7T88a2eVjeW31mMAg-jzAWfUrii61T_bYPJFOXW8kkRWoa1InLRdG6bKB9wQs9-VdXZP60Q4Yuj_WZ-lO7qV9AEFrUkkjpaDgZT86w2g',
7
]);
8
9
// The payload we want to encrypt. It MUST be a string.
10
$payload = json_encode([
11
'iat' => time(),
12
'nbf' => time(),
13
'exp' => time() + 3600,
14
'iss' => 'My service',
15
'aud' => 'Your application',
16
]);
17
18
$jwe = $jweBuilder
19
->create() // We want to create a new JWE
20
->withPayload($payload) // We set the payload
21
->withSharedProtectedHeader([
22
'alg' => 'A256KW', // Key Encryption Algorithm
23
'enc' => 'A256CBC-HS512', // Content Encryption Algorithm
24
'zip' => 'DEF' // We enable the compression (irrelevant as the payload is small, just for the example).
25
])
26
->addRecipient($jwk) // We add a recipient (a shared key or public key).
27
->build(); // We build it
Copied!
Great! If everything is fine you will get a JWE object with one recipient. We want to send it to the audience. Before that, it must be serialized.
We will use the compact serialization mode. This is the most common mode as it is URL safe and very compact. Perfect for a use in a web context!
1
use Jose\Component\Encryption\Serializer\CompactSerializer;
2
3
$serializer = new CompactSerializer(); // The serializer
4
5
$token = $serializer->serialize($jwe, 0); // We serialize the recipient at index 0 (we only have one recipient).
Copied!
All good! The variable $token now contains a string that should be something like that:
1
eyJhbGciOiJBMjU2S1ciLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIiwiemlwIjoiREVGIn0.9RLpf3Gauf05QPNCMzPcH4XNBLmH0s3e-YWwOe57MTG844gnc-g2ywfXt_R0Q9qsR6WhkmQEhdLk2CBvfqr4ob4jFlvJK0yW.CCvfoTKO9tQlzCvbAuFAJg.PxrDlsbSRcxC5SuEJ84i9E9_R3tCyDQsEPTIllSCVxVcHiPOC2EdDlvUwYvznirYP6KMTdKMgLqxB4BwI3CWtys0fceSNxrEIu_uv1WhzJg.4DnyeLEAfB4I8Eq0UobnP8ymlX1UIfSSADaJCXr3RlU
Copied!
Last modified 1yr ago
Copy link