{"id":49191022,"url":"https://github.com/googleapis/php-jwt","last_synced_at":"2026-05-09T14:01:53.611Z","repository":{"id":6161809,"uuid":"7391446","full_name":"googleapis/php-jwt","owner":"googleapis","description":"PHP package for JWT","archived":false,"fork":true,"pushed_at":"2026-04-01T20:38:27.000Z","size":527,"stargazers_count":9790,"open_issues_count":15,"forks_count":1274,"subscribers_count":223,"default_branch":"main","last_synced_at":"2026-04-28T09:51:53.716Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"luciferous/jwt","license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/googleapis.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2012-12-31T22:30:39.000Z","updated_at":"2026-04-28T03:57:36.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/googleapis/php-jwt","commit_stats":{"total_commits":204,"total_committers":71,"mean_commits":"2.8732394366197185","dds":0.7205882352941176,"last_synced_commit":"705d6a3264aa2f742eccb92f7bf131ce56ebbad4"},"previous_names":["googleapis/php-jwt"],"tags_count":31,"template":false,"template_full_name":null,"purl":"pkg:github/googleapis/php-jwt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/googleapis%2Fphp-jwt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/googleapis%2Fphp-jwt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/googleapis%2Fphp-jwt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/googleapis%2Fphp-jwt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/googleapis","download_url":"https://codeload.github.com/googleapis/php-jwt/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/googleapis%2Fphp-jwt/sbom","scorecard":{"id":400694,"data":{"date":"2025-08-11","repo":{"name":"github.com/firebase/php-jwt","commit":"4dbfac0260eeb0e9e643063c99998e3219cc539b"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6.2,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":9,"reason":"Found 22/23 approved changesets -- score normalized to 9","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":2,"reason":"2 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: BSD 3-Clause \"New\" or \"Revised\" License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/firebase/.github/SECURITY.md:1","Info: Found linked content: github.com/firebase/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/firebase/.github/SECURITY.md:1","Info: Found text in security policy: github.com/firebase/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-18T20:00:46.761Z","repository_id":6161809,"created_at":"2025-08-18T20:00:46.762Z","updated_at":"2025-08-18T20:00:46.762Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32821912,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-08T08:22:46.396Z","status":"online","status_checked_at":"2026-05-09T02:00:06.633Z","response_time":123,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-04-23T07:00:20.154Z","updated_at":"2026-05-09T14:01:53.601Z","avatar_url":"https://github.com/googleapis.png","language":"PHP","funding_links":[],"categories":["PHP"],"sub_categories":[],"readme":"![Build Status](https://github.com/firebase/php-jwt/actions/workflows/tests.yml/badge.svg)\n[![Latest Stable Version](https://poser.pugx.org/firebase/php-jwt/v/stable)](https://packagist.org/packages/firebase/php-jwt)\n[![Total Downloads](https://poser.pugx.org/firebase/php-jwt/downloads)](https://packagist.org/packages/firebase/php-jwt)\n[![License](https://poser.pugx.org/firebase/php-jwt/license)](https://packagist.org/packages/firebase/php-jwt)\n\nPHP-JWT\n=======\nA simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming to [RFC 7519](https://tools.ietf.org/html/rfc7519).\n\nInstallation\n------------\n\nUse composer to manage your dependencies and download PHP-JWT:\n\n```bash\ncomposer require firebase/php-jwt\n```\n\nOptionally, install the `paragonie/sodium_compat` package from composer if your\nphp env does not have libsodium installed:\n\n```bash\ncomposer require paragonie/sodium_compat\n```\n\n## Example\n\n```php\nuse Firebase\\JWT\\JWT;\nuse Firebase\\JWT\\Key;\n\n$key = 'example_key_of_sufficient_length';\n$payload = [\n    'iss' =\u003e 'example.org',\n    'aud' =\u003e 'example.com',\n    'iat' =\u003e 1356999524,\n    'nbf' =\u003e 1357000000\n];\n\n/**\n * IMPORTANT:\n * You must specify supported algorithms for your application. See\n * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40\n * for a list of spec-compliant algorithms.\n */\n$jwt = JWT::encode($payload, $key, 'HS256');\n$decoded = JWT::decode($jwt, new Key($key, 'HS256'));\nprint_r($decoded);\n\n// Pass a stdClass in as the third parameter to get the decoded header values\n$headers = new stdClass();\n$decoded = JWT::decode($jwt, new Key($key, 'HS256'), $headers);\nprint_r($headers);\n\n/*\n NOTE: This will now be an object instead of an associative array. To get\n an associative array, you will need to cast it as such:\n*/\n\n$decoded_array = (array) $decoded;\n\n/**\n * You can add a leeway to account for when there is a clock skew times between\n * the signing and verifying servers. It is recommended that this leeway should\n * not be bigger than a few minutes.\n *\n * Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef\n */\nJWT::$leeway = 60; // $leeway in seconds\n$decoded = JWT::decode($jwt, new Key($key, 'HS256'));\n```\n\n## Example encode/decode headers\n\nDecoding the JWT headers without verifying the JWT first is NOT recommended, and is not supported by\nthis library. This is because without verifying the JWT, the header values could have been tampered with.\nAny value pulled from an unverified header should be treated as if it could be any string sent in from an\nattacker.  If this is something you still want to do in your application for whatever reason, it's possible to\ndecode the header values manually simply by calling `json_decode` and `base64_decode` on the JWT\nheader part:\n```php\nuse Firebase\\JWT\\JWT;\n\n$key = 'example_key_of_sufficient_length';\n$payload = [\n    'iss' =\u003e 'example.org',\n    'aud' =\u003e 'example.com',\n    'iat' =\u003e 1356999524,\n    'nbf' =\u003e 1357000000\n];\n\n$headers = [\n    'x-forwarded-for' =\u003e 'www.google.com'\n];\n\n// Encode headers in the JWT string\n$jwt = JWT::encode($payload, $key, 'HS256', null, $headers);\n\n// Decode headers from the JWT string WITHOUT validation\n// **IMPORTANT**: This operation is vulnerable to attacks, as the JWT has not yet been verified.\n// These headers could be any value sent by an attacker.\nlist($headersB64, $payloadB64, $sig) = explode('.', $jwt);\n$decoded = json_decode(base64_decode($headersB64), true);\n\nprint_r($decoded);\n```\n\n## Example with RS256 (openssl)\n\n```php\nuse Firebase\\JWT\\JWT;\nuse Firebase\\JWT\\Key;\n\n$privateKey = \u003c\u003c\u003cEOD\n-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAuzWHNM5f+amCjQztc5QTfJfzCC5J4nuW+L/aOxZ4f8J3Frew\nM2c/dufrnmedsApb0By7WhaHlcqCh/ScAPyJhzkPYLae7bTVro3hok0zDITR8F6S\nJGL42JAEUk+ILkPI+DONM0+3vzk6Kvfe548tu4czCuqU8BGVOlnp6IqBHhAswNMM\n78pos/2z0CjPM4tbeXqSTTbNkXRboxjU29vSopcT51koWOgiTf3C7nJUoMWZHZI5\nHqnIhPAG9yv8HAgNk6CMk2CadVHDo4IxjxTzTTqo1SCSH2pooJl9O8at6kkRYsrZ\nWwsKlOFE2LUce7ObnXsYihStBUDoeBQlGG/BwQIDAQABAoIBAFtGaOqNKGwggn9k\n6yzr6GhZ6Wt2rh1Xpq8XUz514UBhPxD7dFRLpbzCrLVpzY80LbmVGJ9+1pJozyWc\nVKeCeUdNwbqkr240Oe7GTFmGjDoxU+5/HX/SJYPpC8JZ9oqgEA87iz+WQX9hVoP2\noF6EB4ckDvXmk8FMwVZW2l2/kd5mrEVbDaXKxhvUDf52iVD+sGIlTif7mBgR99/b\nc3qiCnxCMmfYUnT2eh7Vv2LhCR/G9S6C3R4lA71rEyiU3KgsGfg0d82/XWXbegJW\nh3QbWNtQLxTuIvLq5aAryV3PfaHlPgdgK0ft6ocU2de2FagFka3nfVEyC7IUsNTK\nbq6nhAECgYEA7d/0DPOIaItl/8BWKyCuAHMss47j0wlGbBSHdJIiS55akMvnAG0M\n39y22Qqfzh1at9kBFeYeFIIU82ZLF3xOcE3z6pJZ4Dyvx4BYdXH77odo9uVK9s1l\n3T3BlMcqd1hvZLMS7dviyH79jZo4CXSHiKzc7pQ2YfK5eKxKqONeXuECgYEAyXlG\nvonaus/YTb1IBei9HwaccnQ/1HRn6MvfDjb7JJDIBhNClGPt6xRlzBbSZ73c2QEC\n6Fu9h36K/HZ2qcLd2bXiNyhIV7b6tVKk+0Psoj0dL9EbhsD1OsmE1nTPyAc9XZbb\nOPYxy+dpBCUA8/1U9+uiFoCa7mIbWcSQ+39gHuECgYAz82pQfct30aH4JiBrkNqP\nnJfRq05UY70uk5k1u0ikLTRoVS/hJu/d4E1Kv4hBMqYCavFSwAwnvHUo51lVCr/y\nxQOVYlsgnwBg2MX4+GjmIkqpSVCC8D7j/73MaWb746OIYZervQ8dbKahi2HbpsiG\n8AHcVSA/agxZr38qvWV54QKBgCD5TlDE8x18AuTGQ9FjxAAd7uD0kbXNz2vUYg9L\nhFL5tyL3aAAtUrUUw4xhd9IuysRhW/53dU+FsG2dXdJu6CxHjlyEpUJl2iZu/j15\nYnMzGWHIEX8+eWRDsw/+Ujtko/B7TinGcWPz3cYl4EAOiCeDUyXnqnO1btCEUU44\nDJ1BAoGBAJuPD27ErTSVtId90+M4zFPNibFP50KprVdc8CR37BE7r8vuGgNYXmnI\nRLnGP9p3pVgFCktORuYS2J/6t84I3+A17nEoB4xvhTLeAinAW/uTQOUmNicOP4Ek\n2MsLL2kHgL8bLTmvXV4FX+PXphrDKg1XxzOYn0otuoqdAQrkK4og\n-----END RSA PRIVATE KEY-----\nEOD;\n\n$publicKey = \u003c\u003c\u003cEOD\n-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzWHNM5f+amCjQztc5QT\nfJfzCC5J4nuW+L/aOxZ4f8J3FrewM2c/dufrnmedsApb0By7WhaHlcqCh/ScAPyJ\nhzkPYLae7bTVro3hok0zDITR8F6SJGL42JAEUk+ILkPI+DONM0+3vzk6Kvfe548t\nu4czCuqU8BGVOlnp6IqBHhAswNMM78pos/2z0CjPM4tbeXqSTTbNkXRboxjU29vS\nopcT51koWOgiTf3C7nJUoMWZHZI5HqnIhPAG9yv8HAgNk6CMk2CadVHDo4IxjxTz\nTTqo1SCSH2pooJl9O8at6kkRYsrZWwsKlOFE2LUce7ObnXsYihStBUDoeBQlGG/B\nwQIDAQAB\n-----END PUBLIC KEY-----\nEOD;\n\n$payload = [\n    'iss' =\u003e 'example.org',\n    'aud' =\u003e 'example.com',\n    'iat' =\u003e 1356999524,\n    'nbf' =\u003e 1357000000\n];\n\n$jwt = JWT::encode($payload, $privateKey, 'RS256');\necho \"Encode:\\n\" . print_r($jwt, true) . \"\\n\";\n\n$decoded = JWT::decode($jwt, new Key($publicKey, 'RS256'));\n\n/*\n NOTE: This will now be an object instead of an associative array. To get\n an associative array, you will need to cast it as such:\n*/\n\n$decoded_array = (array) $decoded;\necho \"Decode:\\n\" . print_r($decoded_array, true) . \"\\n\";\n```\n\n## Example with a passphrase\n\n```php\nuse Firebase\\JWT\\JWT;\nuse Firebase\\JWT\\Key;\n\n// Your passphrase\n$passphrase = '[YOUR_PASSPHRASE]';\n\n// Your private key file with passphrase\n// Can be generated with \"ssh-keygen -t rsa -m pem\"\n$privateKeyFile = '/path/to/key-with-passphrase.pem';\n\n/** @var OpenSSLAsymmetricKey $privateKey */\n$privateKey = openssl_pkey_get_private(\n    file_get_contents($privateKeyFile),\n    $passphrase\n);\n\n$payload = [\n    'iss' =\u003e 'example.org',\n    'aud' =\u003e 'example.com',\n    'iat' =\u003e 1356999524,\n    'nbf' =\u003e 1357000000\n];\n\n$jwt = JWT::encode($payload, $privateKey, 'RS256');\necho \"Encode:\\n\" . print_r($jwt, true) . \"\\n\";\n\n// Get public key from the private key, or pull from from a file.\n$publicKey = openssl_pkey_get_details($privateKey)['key'];\n\n$decoded = JWT::decode($jwt, new Key($publicKey, 'RS256'));\necho \"Decode:\\n\" . print_r((array) $decoded, true) . \"\\n\";\n```\n\n## Example with EdDSA (libsodium and Ed25519 signature)\n\n```php\nuse Firebase\\JWT\\JWT;\nuse Firebase\\JWT\\Key;\n\n// Public and private keys are expected to be Base64 encoded. The last\n// non-empty line is used so that keys can be generated with\n// sodium_crypto_sign_keypair(). The secret keys generated by other tools may\n// need to be adjusted to match the input expected by libsodium.\n\n$keyPair = sodium_crypto_sign_keypair();\n\n$privateKey = base64_encode(sodium_crypto_sign_secretkey($keyPair));\n\n$publicKey = base64_encode(sodium_crypto_sign_publickey($keyPair));\n\n$payload = [\n    'iss' =\u003e 'example.org',\n    'aud' =\u003e 'example.com',\n    'iat' =\u003e 1356999524,\n    'nbf' =\u003e 1357000000\n];\n\n$jwt = JWT::encode($payload, $privateKey, 'EdDSA');\necho \"Encode:\\n\" . print_r($jwt, true) . \"\\n\";\n\n$decoded = JWT::decode($jwt, new Key($publicKey, 'EdDSA'));\necho \"Decode:\\n\" . print_r((array) $decoded, true) . \"\\n\";\n```\n\n## Example with multiple keys\n\n```php\nuse Firebase\\JWT\\JWT;\nuse Firebase\\JWT\\Key;\n\n// Example RSA keys from previous example\n// $privateRsKey = '...';\n// $publicRsKey = '...';\n\n// Example EdDSA keys from previous example\n// $privateEcKey = '...';\n// $publicEcKey = '...';\n\n$payload = [\n    'iss' =\u003e 'example.org',\n    'aud' =\u003e 'example.com',\n    'iat' =\u003e 1356999524,\n    'nbf' =\u003e 1357000000\n];\n\n$jwt1 = JWT::encode($payload, $privateRsKey, 'RS256', 'kid1');\n$jwt2 = JWT::encode($payload, $privateEcKey, 'EdDSA', 'kid2');\necho \"Encode 1:\\n\" . print_r($jwt1, true) . \"\\n\";\necho \"Encode 2:\\n\" . print_r($jwt2, true) . \"\\n\";\n\n$keys = [\n    'kid1' =\u003e new Key($publicRsKey, 'RS256'),\n    'kid2' =\u003e new Key($publicEcKey, 'EdDSA'),\n];\n\n$decoded1 = JWT::decode($jwt1, $keys);\n$decoded2 = JWT::decode($jwt2, $keys);\n\necho \"Decode 1:\\n\" . print_r((array) $decoded1, true) . \"\\n\";\necho \"Decode 2:\\n\" . print_r((array) $decoded2, true) . \"\\n\";\n```\n\n## Using JWKs\n\n```php\nuse Firebase\\JWT\\JWK;\nuse Firebase\\JWT\\JWT;\n\n// Set of keys. The \"keys\" key is required. For example, the JSON response to\n// this endpoint: https://www.gstatic.com/iap/verify/public_key-jwk\n$jwks = ['keys' =\u003e []];\n\n// JWK::parseKeySet($jwks) returns an associative array of **kid** to Firebase\\JWT\\Key\n// objects. Pass this as the second parameter to JWT::decode.\n$decoded = JWT::decode($jwt, JWK::parseKeySet($jwks));\nprint_r($decoded);\n```\n\n## Using Cached Key Sets\n\nThe `CachedKeySet` class can be used to fetch and cache JWKS (JSON Web Key Sets) from a public URI.\nThis has the following advantages:\n\n1. The results are cached for performance.\n2. If an unrecognized key is requested, the cache is refreshed, to accomodate for key rotation.\n3. If rate limiting is enabled, the JWKS URI will not make more than 10 requests a second.\n\n```php\nuse Firebase\\JWT\\CachedKeySet;\nuse Firebase\\JWT\\JWT;\n\n// The URI for the JWKS you wish to cache the results from\n$jwksUri = 'https://www.gstatic.com/iap/verify/public_key-jwk';\n\n// Create an HTTP client (can be any PSR-7 compatible HTTP client)\n$httpClient = new GuzzleHttp\\Client();\n\n// Create an HTTP request factory (can be any PSR-17 compatible HTTP request factory)\n$httpFactory = new GuzzleHttp\\Psr7\\HttpFactory();\n\n// Create a cache item pool (can be any PSR-6 compatible cache item pool)\n$cacheItemPool = Phpfastcache\\CacheManager::getInstance('files');\n\n$keySet = new CachedKeySet(\n    $jwksUri,\n    $httpClient,\n    $httpFactory,\n    $cacheItemPool,\n    null, // $expiresAfter int seconds to set the JWKS to expire\n    true  // $rateLimit    true to enable rate limit of 10 RPS on lookup of invalid keys\n);\n\n$jwt = 'eyJhbGci...'; // Some JWT signed by a key from the $jwkUri above\n$decoded = JWT::decode($jwt, $keySet);\n```\n\nMiscellaneous\n-------------\n\n#### Exception Handling\n\nWhen a call to `JWT::decode` is invalid, it will throw one of the following exceptions:\n\n```php\nuse Firebase\\JWT\\JWT;\nuse Firebase\\JWT\\SignatureInvalidException;\nuse Firebase\\JWT\\BeforeValidException;\nuse Firebase\\JWT\\ExpiredException;\nuse DomainException;\nuse InvalidArgumentException;\nuse UnexpectedValueException;\n\ntry {\n    $decoded = JWT::decode($jwt, $keys);\n} catch (InvalidArgumentException $e) {\n    // provided key/key-array is empty or malformed.\n} catch (DomainException $e) {\n    // provided algorithm is unsupported OR\n    // provided key is invalid OR\n    // unknown error thrown in openSSL or libsodium OR\n    // libsodium is required but not available.\n} catch (SignatureInvalidException $e) {\n    // provided JWT signature verification failed.\n} catch (BeforeValidException $e) {\n    // provided JWT is trying to be used before \"nbf\" claim OR\n    // provided JWT is trying to be used before \"iat\" claim.\n} catch (ExpiredException $e) {\n    // provided JWT is trying to be used after \"exp\" claim.\n} catch (UnexpectedValueException $e) {\n    // provided JWT is malformed OR\n    // provided JWT is missing an algorithm / using an unsupported algorithm OR\n    // provided JWT algorithm does not match provided key OR\n    // provided key ID in key/key-array is empty or invalid.\n}\n```\n\nAll exceptions in the `Firebase\\JWT` namespace extend `UnexpectedValueException`, and can be simplified\nlike this:\n\n```php\nuse Firebase\\JWT\\JWT;\nuse UnexpectedValueException;\ntry {\n    $decoded = JWT::decode($jwt, $keys);\n} catch (LogicException $e) {\n    // errors having to do with environmental setup or malformed JWT Keys\n} catch (UnexpectedValueException $e) {\n    // errors having to do with JWT signature and claims\n}\n```\n\n#### Casting to array\n\nThe return value of `JWT::decode` is the generic PHP object `stdClass`. If you'd like to handle with arrays\ninstead, you can do the following:\n\n```php\n// return type is stdClass\n$decoded = JWT::decode($jwt, $keys);\n\n// cast to array\n$decoded = json_decode(json_encode($decoded), true);\n```\n\nTests\n-----\nRun the tests using phpunit:\n\n```bash\n$ composer update\n$ vendor/bin/phpunit -c phpunit.xml.dist\nPHPUnit 3.7.10 by Sebastian Bergmann.\n.....\nTime: 0 seconds, Memory: 2.50Mb\nOK (5 tests, 5 assertions)\n```\n\nNew Lines in private keys\n-----\n\nIf your private key contains `\\n` characters, be sure to wrap it in double quotes `\"\"`\nand not single quotes `''` in order to properly interpret the escaped characters.\n\nLicense\n-------\n[3-Clause BSD](http://opensource.org/licenses/BSD-3-Clause).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogleapis%2Fphp-jwt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgoogleapis%2Fphp-jwt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogleapis%2Fphp-jwt/lists"}