Signed Tokens (JWS)

Sign a Token with HMAC (HS256)

The simplest approach: a shared secret key is used to both sign and verify the token.

<?php

use Jose\Component\Core\AlgorithmManager;
use Jose\Component\Core\JWK;
use Jose\Component\Signature\Algorithm\HS256;
use Jose\Component\Signature\JWSBuilder;
use Jose\Component\Signature\Serializer\CompactSerializer;

require_once 'vendor/autoload.php';

// Create a symmetric key (shared secret)
$jwk = new JWK([
    'kty' => 'oct',
    'k' => base64_encode(random_bytes(32)), // 256-bit key
]);

$algorithmManager = new AlgorithmManager([new HS256()]);
$jwsBuilder = new JWSBuilder($algorithmManager);

$payload = json_encode([
    'iss' => 'https://my-app.example.com',
    'aud' => 'https://api.example.com',
    'sub' => 'user-42',
    'iat' => time(),
    'exp' => time() + 3600,
]);

$jws = $jwsBuilder
    ->create()
    ->withPayload($payload)
    ->addSignature($jwk, ['alg' => 'HS256'])
    ->build();

$token = (new CompactSerializer())->serialize($jws);
// eyJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL215LWFwcC...

Verify the Token

<?php

use Jose\Component\Core\AlgorithmManager;
use Jose\Component\Core\JWK;
use Jose\Component\Signature\Algorithm\HS256;
use Jose\Component\Signature\JWSVerifier;
use Jose\Component\Signature\Serializer\CompactSerializer;

require_once 'vendor/autoload.php';

$jwk = /* the same shared key used for signing */;

$algorithmManager = new AlgorithmManager([new HS256()]);
$jwsVerifier = new JWSVerifier($algorithmManager);

$jws = (new CompactSerializer())->unserialize($token);

$isValid = $jwsVerifier->verifyWithKey($jws, $jwk, 0);
// $isValid is true if the signature is valid

Sign a Token with RSA (RS256)

RSA keys allow the signer and the verifier to use different keys: a private key to sign, a public key to verify.

<?php

use Jose\Component\Core\AlgorithmManager;
use Jose\Component\KeyManagement\JWKFactory;
use Jose\Component\Signature\Algorithm\RS256;
use Jose\Component\Signature\JWSBuilder;
use Jose\Component\Signature\Serializer\CompactSerializer;

require_once 'vendor/autoload.php';

// Generate an RSA key pair (2048-bit minimum recommended)
$privateKey = JWKFactory::createRSAKey(2048, ['alg' => 'RS256', 'use' => 'sig']);

$algorithmManager = new AlgorithmManager([new RS256()]);
$jwsBuilder = new JWSBuilder($algorithmManager);

$payload = json_encode([
    'iss' => 'https://auth.example.com',
    'aud' => 'https://api.example.com',
    'sub' => 'user-42',
    'iat' => time(),
    'exp' => time() + 3600,
]);

$jws = $jwsBuilder
    ->create()
    ->withPayload($payload)
    ->addSignature($privateKey, ['alg' => 'RS256'])
    ->build();

$token = (new CompactSerializer())->serialize($jws);

Verify with the Public Key

<?php

use Jose\Component\Core\AlgorithmManager;
use Jose\Component\Signature\Algorithm\RS256;
use Jose\Component\Signature\JWSVerifier;
use Jose\Component\Signature\Serializer\CompactSerializer;

require_once 'vendor/autoload.php';

// Extract the public key from the private key
$publicKey = $privateKey->toPublic();

$algorithmManager = new AlgorithmManager([new RS256()]);
$jwsVerifier = new JWSVerifier($algorithmManager);

$jws = (new CompactSerializer())->unserialize($token);

$isValid = $jwsVerifier->verifyWithKey($jws, $publicKey, 0);

Sign a Token with Elliptic Curve (ES256)

ECDSA keys are smaller and faster than RSA for the same security level.

<?php

use Jose\Component\Core\AlgorithmManager;
use Jose\Component\KeyManagement\JWKFactory;
use Jose\Component\Signature\Algorithm\ES256;
use Jose\Component\Signature\JWSBuilder;
use Jose\Component\Signature\Serializer\CompactSerializer;

require_once 'vendor/autoload.php';

// Generate an EC key on the P-256 curve
$privateKey = JWKFactory::createECKey('P-256', ['alg' => 'ES256', 'use' => 'sig']);

$algorithmManager = new AlgorithmManager([new ES256()]);
$jwsBuilder = new JWSBuilder($algorithmManager);

$payload = json_encode([
    'iss' => 'https://auth.example.com',
    'aud' => 'https://api.example.com',
    'sub' => 'user-42',
    'iat' => time(),
    'exp' => time() + 3600,
]);

$jws = $jwsBuilder
    ->create()
    ->withPayload($payload)
    ->addSignature($privateKey, ['alg' => 'ES256'])
    ->build();

$token = (new CompactSerializer())->serialize($jws);

Verify with the Public Key

<?php

use Jose\Component\Core\AlgorithmManager;
use Jose\Component\Signature\Algorithm\ES256;
use Jose\Component\Signature\JWSVerifier;
use Jose\Component\Signature\Serializer\CompactSerializer;

require_once 'vendor/autoload.php';

$publicKey = $privateKey->toPublic();

$algorithmManager = new AlgorithmManager([new ES256()]);
$jwsVerifier = new JWSVerifier($algorithmManager);

$jws = (new CompactSerializer())->unserialize($token);

$isValid = $jwsVerifier->verifyWithKey($jws, $publicKey, 0);

Sign a Token with EdDSA (Ed25519)

EdDSA with Ed25519 provides high performance and strong security. Requires the sodium extension.

<?php

use Jose\Component\Core\AlgorithmManager;
use Jose\Component\KeyManagement\JWKFactory;
use Jose\Component\Signature\Algorithm\EdDSA;
use Jose\Component\Signature\JWSBuilder;
use Jose\Component\Signature\Serializer\CompactSerializer;

require_once 'vendor/autoload.php';

// Generate an Ed25519 key pair (requires ext-sodium)
$privateKey = JWKFactory::createOKPKey('Ed25519', ['alg' => 'EdDSA', 'use' => 'sig']);

$algorithmManager = new AlgorithmManager([new EdDSA()]);
$jwsBuilder = new JWSBuilder($algorithmManager);

$payload = json_encode([
    'iss' => 'https://auth.example.com',
    'sub' => 'user-42',
    'iat' => time(),
    'exp' => time() + 3600,
]);

$jws = $jwsBuilder
    ->create()
    ->withPayload($payload)
    ->addSignature($privateKey, ['alg' => 'EdDSA'])
    ->build();

$token = (new CompactSerializer())->serialize($jws);

// Verification
$publicKey = $privateKey->toPublic();
$jwsVerifier = new \Jose\Component\Signature\JWSVerifier($algorithmManager);
$jws = (new CompactSerializer())->unserialize($token);
$isValid = $jwsVerifier->verifyWithKey($jws, $publicKey, 0);

Using the JWSLoader (Recommended)

The JWSLoader combines deserialization, header checking, and signature verification in a single step. This is the recommended approach for loading tokens.

<?php

use Jose\Component\Checker\AlgorithmChecker;
use Jose\Component\Checker\HeaderCheckerManager;
use Jose\Component\Core\AlgorithmManager;
use Jose\Component\Core\JWK;
use Jose\Component\Signature\Algorithm\HS256;
use Jose\Component\Signature\JWSLoader;
use Jose\Component\Signature\JWSTokenSupport;
use Jose\Component\Signature\JWSVerifier;
use Jose\Component\Signature\Serializer\CompactSerializer;
use Jose\Component\Signature\Serializer\JWSSerializerManager;

require_once 'vendor/autoload.php';

$jwk = /* your verification key */;

$algorithmManager = new AlgorithmManager([new HS256()]);

$jwsLoader = new JWSLoader(
    new JWSSerializerManager([new CompactSerializer()]),
    new JWSVerifier($algorithmManager),
    new HeaderCheckerManager(
        [new AlgorithmChecker(['HS256'])],  // Only allow HS256
        [new JWSTokenSupport()]
    )
);

$signature = null;
$jws = $jwsLoader->loadAndVerifyWithKey($token, $jwk, $signature);

$payload = json_decode($jws->getPayload(), true);

After verifying the signature, you should also validate the claims (exp, iss, aud, etc.). See the Claim and Header Validation page.

PreviousExamples NextEncrypted Tokens (JWE)

Last updated 2 days ago

Was this helpful?

hashtagSign a Token with HMAC (HS256)

hashtagVerify the Token

hashtagSign a Token with RSA (RS256)

hashtagVerify with the Public Key

hashtagSign a Token with Elliptic Curve (ES256)

hashtagVerify with the Public Key

hashtagSign a Token with EdDSA (Ed25519)

hashtagUsing the JWSLoader (Recommended)

Sign a Token with HMAC (HS256)

Verify the Token

Sign a Token with RSA (RS256)

Verify with the Public Key

Sign a Token with Elliptic Curve (ES256)

Verify with the Public Key

Sign a Token with EdDSA (Ed25519)

Using the JWSLoader (Recommended)