{"id":28898222,"url":"https://github.com/web-token/jwt-doc","last_synced_at":"2025-10-26T16:03:58.181Z","repository":{"id":46587887,"uuid":"105982807","full_name":"web-token/jwt-doc","owner":"web-token","description":"Documentation for the JWT Framework","archived":false,"fork":false,"pushed_at":"2024-06-22T08:09:54.000Z","size":411,"stargazers_count":12,"open_issues_count":0,"forks_count":17,"subscribers_count":3,"default_branch":"v1.x","last_synced_at":"2024-06-22T18:03:23.739Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/web-token.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"security-recommendations.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-10-06T08:29:43.000Z","updated_at":"2024-04-29T14:38:44.000Z","dependencies_parsed_at":"2024-06-22T18:01:14.464Z","dependency_job_id":"1081dee0-fe7f-425a-bf9c-0d569e04aa7c","html_url":"https://github.com/web-token/jwt-doc","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/web-token/jwt-doc","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/web-token%2Fjwt-doc","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/web-token%2Fjwt-doc/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/web-token%2Fjwt-doc/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/web-token%2Fjwt-doc/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/web-token","download_url":"https://codeload.github.com/web-token/jwt-doc/tar.gz/refs/heads/v1.x","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/web-token%2Fjwt-doc/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":261080615,"owners_count":23106603,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-21T07:09:52.146Z","updated_at":"2025-10-26T16:03:58.175Z","avatar_url":"https://github.com/web-token.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Introduction\n\nThis document is available online at [https://web-token.spomky-labs.com](https://web-token.spomky-labs.com).\n\n## JWT Framework\n\nThis framework provides an implementation of:\n\n* JW**S** [JSON Web Signature \\(RFC 7515\\)](https://tools.ietf.org/html/rfc7515),\n* JW**T** [JSON Web Token \\(RFC 7519\\)](https://tools.ietf.org/html/rfc7519),\n* JW**E** [JSON Web Encryption \\(RFC 7516\\)](http://tools.ietf.org/html/rfc7516),\n* JW**A** [JSON Web Algorithms \\(RFC 7518\\)](http://tools.ietf.org/html/rfc7518).\n* JW**K** [JSON Web Key \\(RFC 7517\\)](http://tools.ietf.org/html/rfc7517).\n* JSON Web Key Thumbprint \\([RFC 7638](https://tools.ietf.org/html/rfc7638)\\).\n* Unencoded Payload Option [RFC7797](https://tools.ietf.org/html/rfc7797).\n\nThis framework is not just a library, it also contains a Symfony bundle for easy integration into your application. It also provides a standalone console command that will help you to manage your keys and key sets.\n\n## Provided Features\n\n### Supported Input Types:\n\nJWS or JWE objects support every input that can be encoded into JSON:\n\n* `string`, `array`, `integer`, `float`...\n* Objects that implement the `\\JsonSerializable` interface such as `JWK` or `JWKSet`\n\nThe [detached payload](https://tools.ietf.org/html/rfc7515#appendix-F) is supported.\n\n### Supported Serialization Modes\n\n* Compact JSON Serialization Syntax for JWS and JWE\n* Flattened JSON Serialization Syntax for JWS and JWE\n* General JSON Serialization Syntax for JWS and JWE\n\n### Supported Compression Methods\n\n| Compression Method | Supported | Comment |\n| :--- | :--- | :--- |\n| Deflate \\(`DEF`\\) | YES |  |\n| GZip \\(`GZ`\\) | YES | _This compression method is not described in the specification_ |\n| ZLib \\(`ZLIB`\\) | YES | _This compression method is not described in the specification_ |\n\n### Supported Key Types \\(JWK\\)\n\n| Key Type | Supported | Comment |\n| :--- | :--- | :--- |\n| oct | YES | Symmetric keys |\n| RSA | YES | RSA based asymmetric keys |\n| EC | YES | Elliptic Curves based asymmetric keys |\n| OKP | YES | Octet Key Pair based asymmetric keys |\n\nJWK objects support JSON Web Key Thumbprint \\([RFC 7638](https://tools.ietf.org/html/rfc7638)\\).\n\n_Note: we use a_ `none` _key type for the_ `none` _algorithm only._\n\n### Key Sets \\(JWKSet\\)\n\nJWKSet is fully supported.\n\n### Supported Signature Algorithms\n\n| Signature Algorithm | Supported | Comment |\n| :--- | :--- | :--- |\n| HS256, HS384 and HS512 | YES |  |\n| ES256, ES384 and ES512 | YES |  |\n| RS256, RS384 and RS512 | YES |  |\n| PS256, PS384 and PS512 | YES |  |\n| none | YES | **Please note that this is not a secured algorithm. USE IT WITH CAUTION!** |\n| EdDSA with Ed25519 curve | YES | [With PHP 7.1, third party extension highly recommended](https://github.com/jedisct1/libsodium-php) |\n| EdDSA with Ed448 curve | NO | No extension or built-in implementation available |\n| HS1 | YES | From v1.2. **Experimental. Not recommended ; for testing purpose or compatibility with old systems only.** |\n| RS1 | YES | From v1.2. **Experimental. Not recommended ; for testing purpose or compatibility with old systems only.** |\n| HS256/64 | YES | From v1.2. **Experimental. Not recommended ; for testing purpose or compatibility with old systems only.** |\n\n### Supported Key Encryption Algorithms\n\n| Key Encryption Algorithm | Supported | Comment |\n| :--- | :--- | :--- |\n| dir | YES |  |\n| RSA1\\_5, RSA-OAEP and RSA-OAEP-256 | YES | The algorithms RSA1\\_5 and RSA-OAEP are now deprecated. Please use with caution. |\n| ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW and ECDH-ES+A256KW | YES |  |\n| A128KW, A192KW and A256KW | YES |  |\n| PBES2-HS256+A128KW, PBES2-HS384+A192KW and PBES2-HS512+A256KW | YES |  |\n| A128GCMKW, A192GCMKW and A256GCMKW | YES |  |\n| ECDH-ES with X25519 curve | YES | [With PHP 7.1, third party extension highly recommended](https://github.com/jedisct1/libsodium-php) |\n| ECDH-ES with X448 curve | NO | No extension or built-in implementation available |\n| RSA-OEAP-384 and RSA-OAEP-512 | YES | From v1.2. **Experimental. For testing purpose only.** |\n| ChaCha20-Poly1305 | YES | From v1.2. **Experimental. For testing purpose only.** |\n\n### Supported Content Encryption Algorithms\n\n| Content Encryption Algorithm | Supported | Comment |\n| :--- | :--- | :--- |\n| A128CBC+HS256, A192CBC+HS384 and A256CBC+HS512 | YES |  |\n| A128GCM, A192GCM and A256GCM | YES |  |\n| A128CTR, A192CTR and A256CTR | YES | From v1.2. **Not recommended. For testing purpose only.** |\n\n## Prerequisites\n\nThis framework needs at least:\n\n* ![PHP 7.1+](https://img.shields.io/badge/PHP-7.1%2B-ff69b4.svg),\n* GMP extension.\n* MBString extension.\n\nDepending on the algorithms you using, other PHP extensions may be required \\(e.g. OpenSSL\\).\n\nPlease also consider the following optional requirements:\n\n* If you intent to use `EdDSA` or `ECDH-ES` algorithm with `Ed25519`/`X25519` curves on PHP 7.1, please install this [third party extension](https://github.com/jedisct1/libsodium-php)\n\n## Continuous Integration\n\nIt has been successfully tested using `PHP 7.1`, `PHP 7.2` and `nightly` with all algorithms.\n\nTests vectors from the [RFC 7520](http://tools.ietf.org/html/rfc7520) are fully implemented and all tests pass. Other test vector sources may be used \\(e.g. new algorithm specifications\\).\n\nWe also track bugs and code quality using [Scrutinizer-CI](https://scrutinizer-ci.com/g/web-token/jwt-framework) and [Sensio Insight](https://insight.sensiolabs.com/projects/b7efa68f-8962-41cf-a2e3-4444426bc95a).\n\nCoding Standards are verified by [StyleCI](https://styleci.io/repos/105997386).\n\nCode coverage is analyzed by [Coveralls.io](https://coveralls.io/github/web-token/jwt-framework).\n\n## How to use\n\n* [The components](components/)\n* [The bundles](symfony-bundle/)\n* [The console commands](console/)\n\n## Security Recommendations\n\n**To avoid security issues on your application, please follow these** [**Security Recommendations**](security-recommendations.md) **carefully**.\n\n## Performances\n\nPlease read the [performance page](benchmarks/) to know how to test the algorithms of the framework.\n\nYou can also see the [last benchmarks](benchmarks/result-table.md) made with our development environment.\n\n## Contributing\n\nRequests for new features, bug fixed and all other ideas to make this framework useful are welcome. If you feel comfortable writing code, you could try to fix [opened issues where help is wanted](https://github.com/web-token/jwt-framework/labels/help+wanted) or [those that are easy to fix](https://github.com/web-token/jwt-framework/labels/easy-pick).\n\nDo not forget to [follow these best practices](https://github.com/web-token/jwt-framework/tree/master/.github/CONTRIBUTING.md).\n\n**If you think you have found a security issue, DO NOT open an issue**. [You MUST submit your issue here](https://gitter.im/Spomky/).\n\n## Licence\n\nThis project is release under [MIT licence](https://github.com/web-token/jwt-framework/tree/846e8752fef1f7276488f52f80e69fcef54f8acc/LICENSE.md).\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fweb-token%2Fjwt-doc","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fweb-token%2Fjwt-doc","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fweb-token%2Fjwt-doc/lists"}