{"id":22922810,"url":"https://github.com/kelvinmo/simplejwt","last_synced_at":"2025-04-06T15:13:27.278Z","repository":{"id":1090918,"uuid":"38943111","full_name":"kelvinmo/simplejwt","owner":"kelvinmo","description":"A simple JSON web token library written in PHP.","archived":false,"fork":false,"pushed_at":"2024-05-14T21:34:37.000Z","size":1475,"stargazers_count":62,"open_issues_count":0,"forks_count":16,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-05-15T17:29:52.382Z","etag":null,"topics":["jose","jwe","jws","jwt","php"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kelvinmo.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-07-11T22:53:24.000Z","updated_at":"2024-07-06T04:00:16.280Z","dependencies_parsed_at":"2023-07-05T20:03:24.467Z","dependency_job_id":"49c84c46-6f9d-4bbc-b6fb-992727d2c46e","html_url":"https://github.com/kelvinmo/simplejwt","commit_stats":{"total_commits":376,"total_committers":7,"mean_commits":"53.714285714285715","dds":0.2712765957446809,"last_synced_commit":"3e6e73b9952bc35950cd0d59258e35438b47fb9a"},"previous_names":[],"tags_count":34,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kelvinmo%2Fsimplejwt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kelvinmo%2Fsimplejwt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kelvinmo%2Fsimplejwt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kelvinmo%2Fsimplejwt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kelvinmo","download_url":"https://codeload.github.com/kelvinmo/simplejwt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247500469,"owners_count":20948880,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["jose","jwe","jws","jwt","php"],"created_at":"2024-12-14T08:13:11.364Z","updated_at":"2025-04-06T15:13:27.244Z","avatar_url":"https://github.com/kelvinmo.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SimpleJWT\n\nSimpleJWT is a simple JSON web token library written in PHP.\n\n[![Latest Stable Version](https://poser.pugx.org/kelvinmo/simplejwt/v/stable)](https://packagist.org/packages/kelvinmo/simplejwt)\n[![CI](https://github.com/kelvinmo/simplejwt/workflows/CI/badge.svg)](https://github.com/kelvinmo/simplejwt/actions?query=workflow%3ACI)\n\n## Features\n\n- JSON web token [RFC7519](http://tools.ietf.org/html/rfc7519),\n  JSON web signatures [RFC7515](http://tools.ietf.org/html/rfc7515)\n  and JSON web encryption [RFC7516](http://tools.ietf.org/html/rfc7516)\n- JSON web keys [RFC7517](http://tools.ietf.org/html/rfc7517)\n- COSE key objects [RFC9053](http://tools.ietf.org/html/rfc9053)\n- Signature algorithms\n    * HMAC family (HS256, HS384, HS512)\n    * RSA family (RS256, RS384, RS512)\n    * ECDSA family (ES256, ES384, ES512)\n    * EdDSA\n- Key management algorithms\n    * Key agreement or direct encryption\n    * RSAES-PKCS1-v1_5 (RSA1_5)\n    * RSAES with OAEP (RSA-OAEP, RSA-OAEP-256)\n    * AES key wrap (A128KW, A192KW, A256KW, A128GCMKW, A192GCMKW, A256GCMKW)\n    * PBES2 (PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW)\n    * Elliptic Curve Diffie-Hellman (ECDH-ES), including X25519\n- Content encryption algorithms\n    * AES_CBC_HMAC_SHA2 family (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512)\n    * AES GCM family (A128GCM, A192GCM, A256GCM)\n\n## Requirements\n\n- PHP 8.0 or later\n- `gmp` extension\n- `hash` extension\n- `openssl` extension\n- `sodium` extension for EdDSA and X25519 support\n\n## Installation\n\nYou can install via [Composer](http://getcomposer.org/).\n\n```sh\ncomposer require kelvinmo/simplejwt\n```\n\n## Usage\n\n### Key set\n\nKeys used to sign or verify a JWT must firstly be added to a KeySet.  You\ncan add keys in the following ways:\n\n1. By loading a JSON object formatted as a JWK Set object as per [RFC7517](http://tools.ietf.org/html/rfc7517):\n\n  ```php\n  $set = new SimpleJWT\\Keys\\KeySet();\n  $set-\u003eload(file_get_contents('private.json'));\n  ```\n\n2. By adding a key manually:\n\n  ```php\n  $set = new SimpleJWT\\Keys\\KeySet();\n\n  // JWK format\n  $key = new SimpleJWT\\Keys\\RSAKey(file_get_contents('jwk.json'), 'json');\n\n  // PEM format - note raw key only, no X.509 certificates\n  $key = new SimpleJWT\\Keys\\RSAKey(file_get_contents('rsa.pem'), 'pem');\n\n  $set-\u003eadd($key);\n  ```\n\n3. For a secret used in HMAC signatures, directly:\n\n  ```php\n  $set = SimpleJWT\\Keys\\KeySet::createFromSecret('secret123');\n\n  // The above is a shortcut for the following:\n  $set = new SimpleJWT\\Keys\\KeySet();\n  $key = new SimpleJWT\\Keys\\SymmetricKey('secret123', 'bin');\n  $set-\u003eadd($key);\n  ```\n\n### Creating a JWT\n\nTo create a JWT, set up the desired headers and claims as separate arrays, then\ncreate a `JWT` object:\n\n```php\n// Note $headers['alg'] is required\n$headers = ['alg' =\u003e 'HS256', 'typ' =\u003e 'JWT'];\n$claims = ['iss' =\u003e 'me', 'exp' =\u003e 1234567];\n$jwt = new SimpleJWT\\JWT($headers, $claims);\n```\n\nThe JWT can then be signed and encoded:\n\n```php\ntry {\n    print $jwt-\u003eencode($set);\n} catch (\\RuntimeException $e) {\n\n}\n```\n\nBy default, SimpleJWT will automatically include a `kid` (Key ID) header and\na `iat` (Issued At) claim in all JWTs.  If the key used to sign the JWT does\nnot have a `kid` assigned (e.g. if it is imported from a PEM file), a `kid`\nis generated.  You can disable this behaviour by specifying `$auto_complete`\nto false when calling `SimpleJWT\\JWT::encode()`.\n\n### Verifying a JWT\n\nTo consume and verify a JWT, use the decode function.  Note that you will need\nto supply the expected `alg` parameter that has been previously agreed out-of-band.\n\n```php\ntry {\n    $jwt = SimpleJWT\\JWT::decode('abc.def.ghigjghr', $set, 'HS256');\n} catch (SimpleJWT\\InvalidTokenException $e) {\n\n}\n\nprint $jwt-\u003egetHeader('alg');\nprint $jwt-\u003egetClaim('sub');\n```\n\n### Deserialising a JWT\n\nYou can also deserialise a JWT without verifying it using the deserialise function.\n**Note that you should not trust the contents of the data contained in a JWT without verifying them.**\n\n```php\ntry {\n    $result = SimpleJWT\\JWT::deserialise('abc.def.ghigjghr');\n} catch (SimpleJWT\\InvalidTokenException $e) {\n\n}\n\nprint $result['claims']['sub'];\nprint $result['signatures'][0]['headers']['alg'];\nprint $result['signatures'][0]['signing_input'];  // abc.def\nprint $result['signatures'][0]['signature'];      // ghigjghr\n// Additional indices under $result['signatures'] if the JWT has more than\n// one signature\n```\n\n### Creating a JWE\n\nTo create a JWE, set up the desired header array and plaintext, then\ncreate a `JWE` object:\n\n```php\n// Note $headers['alg'] and $headers['enc'] are required\n$headers = ['alg' =\u003e 'PBES2-HS256+A128KW', 'enc' =\u003e 'A128CBC-HS256'];\n$plaintext = 'This is the plaintext I want to encrypt.';\n$jwt = new SimpleJWT\\JWE($headers, $plaintext);\n```\n\nThe JWE can then be encrypted:\n\n```php\ntry {\n    print $jwt-\u003eencrypt($set);\n} catch (\\RuntimeException $e) {\n\n}\n```\n\n### Decrypting a JWE\n\nTo decrypt a JWE, use the decrypt function:\n\n```php\ntry {\n    $jwt = SimpleJWT\\JWE::decrypt('abc.def.ghi.klm.nop', $set, 'PBES2-HS256+A128KW');\n} catch (SimpleJWT\\InvalidTokenException $e) {\n\n}\n\nprint $jwt-\u003egetHeader('alg');\nprint $jwt-\u003egetPlaintext();\n```\n\n## Licence\n\nBSD 3 clause\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkelvinmo%2Fsimplejwt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkelvinmo%2Fsimplejwt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkelvinmo%2Fsimplejwt/lists"}