JWT Framework
Search…
JWS Loading
Signed tokens are loaded by a serializer or the serializer manager and verified by the JWSVerifier object. This JWSVerifier object just requires an algorithm manager.

Serializer And Verifier

In the following example, we will try to load a signed token. We will only use the HS256 algorithm.
1
<?php
2
3
use Jose\Component\Core\AlgorithmManager;
4
use Jose\Component\Signature\Algorithm\HS256;
5
use Jose\Component\Signature\JWSVerifier;
6
7
// The algorithm manager with the HS256 algorithm.
8
$algorithmManager = new AlgorithmManager([
9
new HS256(),
10
]);
11
12
// We instantiate our JWS Verifier.
13
$jwsVerifier = new JWSVerifier(
14
$algorithmManager
15
);
Copied!
Now we can deserialize the input we receive and check the signature using our key. We will continue with the data we got in the JWS creation section.
We do not check header parameters here, but it is very important to do it. This step is described in the Header Checker section.
Note: we do not check header parameters here, but it is very important to do it. This step is described in the Header Checker section.
1
<?php
2
3
use Jose\Component\Core\JWK;
4
use Jose\Component\Signature\Serializer\JWSSerializerManager;
5
use Jose\Component\Signature\Serializer\CompactSerializer;
6
7
// Our key.
8
$jwk = new JWK([
9
'kty' => 'oct',
10
'k' => 'dzI6nbW4OcNF-AtfxGAmuyz7IpHRudBI0WgGjZWgaRJt6prBn3DARXgUR8NVwKhfL43QBIU2Un3AvCGCHRgY4TbEqhOi8-i98xxmCggNjde4oaW6wkJ2NgM3Ss9SOX9zS3lcVzdCMdum-RwVJ301kbin4UtGztuzJBeg5oVN00MGxjC2xWwyI0tgXVs-zJs5WlafCuGfX1HrVkIf5bvpE0MQCSjdJpSeVao6-RSTYDajZf7T88a2eVjeW31mMAg-jzAWfUrii61T_bYPJFOXW8kkRWoa1InLRdG6bKB9wQs9-VdXZP60Q4Yuj_WZ-lO7qV9AEFrUkkjpaDgZT86w2g',
11
]);
12
13
// The serializer manager. We only use the JWS Compact Serialization Mode.
14
$serializerManager = new JWSSerializerManager([
15
new CompactSerializer(),
16
]);
17
18
// The input we want to check
19
$token = 'eyJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1MDc4OTY5OTIsIm5iZiI6MTUwNzg5Njk5MiwiZXhwIjoxNTA3OTAwNTkyLCJpc3MiOiJNeSBzZXJ2aWNlIiwiYXVkIjoiWW91ciBhcHBsaWNhdGlvbiJ9.eycp9PTdgO4WA-68-AMoHPwsKDr68NhjIQKz4lUkiI0';
20
21
// We try to load the token.
22
$jws = $serializerManager->unserialize($token);
23
24
// We verify the signature. This method does NOT check the header.
25
// The arguments are:
26
// - The JWS object,
27
// - The key,
28
// - The index of the signature to check. See
29
$isVerified = $jwsVerifier->verifyWithKey($jws, $jwk, 0);
Copied!
The method verifyWithKey returns a boolean. If true, then your token signature is valid. You can then check the claims (if any) using the claim checker manager.

JWSLoader Object

To avoid duplication of code lines, you can create a JWSLoader object. This object contains a serializer, a verifier and an optional header checker (highly recommended).
In the following example, the JWSLoader object will try to unserialize the token $token, check the header parameters and verify the signature with the key $jwk. The variable $payload corresponds to the detached payload (null by default).
If the verification succeeded, the variable $signature will be set with the signature index and should be in case of multiple signatures. The method returns the JWS object.
1
<?php
2
3
use Jose\Component\Signature\JWSLoader;
4
5
$jwsLoader = new JWSLoader(
6
$serializerManager,
7
$jwsVerifier,
8
$headerCheckerManager
9
);
10
11
$jws = $jwsLoader->loadAndVerifyWithKey($token, $jwk, $signature, $payload);
Copied!
In case you use a key set, you can use the method loadAndVerifyWithKeySet.

JWSLoaderFactory Object

This feature was introduced in version 1.1.
The JWSLoaderFactory object is able to create JWSLoader objects on demand. It requires the following factories:
    JWSSerializerManagerFactory
    JWSVerifierFactory
    HeaderCheckerManagerFactory (optional)
1
<?php
2
3
use Jose\Component\Signature\JWSLoaderFactory;
4
5
$jwsLoaderFactory = new JWSLoaderFactory(
6
$jwsSerializerManagerFactory,
7
$jwsVerifierFactory,
8
$headerCheckerManagerFactory
9
);
10
11
$jwsLoader = $jwsLoaderFactory->create(
12
['jws_compact'], // List of serializer aliases
13
['HS256'], // List of signature algorithm aliases
14
['alg'] // Optional list of header checker aliases
15
);
Copied!
Last modified 1yr ago