This library aims to provide an implementation of:
- JWS JSON Web Signature (RFC 7515),
- JWT JSON Web Token (RFC 7519),
- JWE JSON Web Encryption (RFC 7516),
- JWA JSON Web Algorithms (RFC 7518).
- JWK JSON Web Key (RFC 7517).
Tests vectors from RFC 7520 are partially implemented.
The release process is described here.
This library needs at least:
.
Depending on algorithms you want to use, please consider the following optional requirements:
- Elliptic Curves based algorithms (
ESxxxsignatures,ECDHESencryptions):mdanter/ecc(v0.3) library.
- RSA based algorithms (
RSxxxorPSxxxsignatures,RSA1_5,RSA_OAEP,RSA_OAEP-256...):phpseclib/phpseclib(v2.0.x).
- Password Based Key Derivation Function 2 (PBKDF2) based algorithms (
PBES2-*): - Key Wrapped based algorithms (
A128KW,PBES2-HS256+A128KW...): - AES based algorithms (excluding
AES-GCM):OpenSSLlibrary for AES algorithms.- or
MCryptlibrary for AES algorithms. - or
phpseclib/phpseclib(v2.0.x).
- AES-GCM based algorithms:
- PHP Crypto Extension for AES GCM algorithms (not available on
PHP 7andHHVM).
- PHP Crypto Extension for AES GCM algorithms (not available on
It has been successfully tested using PHP 5.4 to PHP 5.6 with all algorithms.
Tests with PHP 7 and HHVM are incomplete because of PHP Crypto.
The preferred way to install this library is to rely on Composer:
composer require spomky-labs/jose "1.0.0@dev"This library only contains the logic. You must extend classes (algorithms, compression, managers...) to define setters and getters.
Look at Extend classes for more information and examples.
Your classes are ready to use? Have a look at How to use to create or load your first JWT objects.
This library supports unsecured JWS (none algorithm).
Unsecured JWS is something you probably do not want to use.
After you loaded data you received, you should verify that the algorithm used is not none.
Requests for new features, bug fixed and all other ideas to make this library useful are welcome. Please follow these best practices.
This software is release under MIT licence.