https://github.com/teamgantt/juhwit

:lock: AWS Cognito token verification for PHP
https://github.com/teamgantt/juhwit

cognito jwt php

Last synced: 6 months ago
JSON representation

:lock: AWS Cognito token verification for PHP

• Host: GitHub
• URL: https://github.com/teamgantt/juhwit
• Owner: teamgantt
• Created: 2020-02-10T15:47:19.000Z (over 5 years ago)
• Default Branch: master
• Last Pushed: 2023-04-13T18:35:44.000Z (about 2 years ago)
• Last Synced: 2024-12-16T15:14:37.101Z (6 months ago)
• Topics: cognito, jwt, php
• Language: PHP
• Homepage:
• Size: 51.8 KB
• Stars: 6
• Watchers: 7
• Forks: 3
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# Juhwit

Verify JWT's from AWS Cognito

## Usage

Juhwit ships with a handful of interfaces and their default implementations.

The main service provided by Juhwit is the `JwtDecoder` which is composed with the complimentary `CognitoClaimVerifier`.

```php

decode($someTokenFromARequest);

```

### Requiring extra claims

A token may be required to have certain claims.

If you want to require claims, such as `custom:foo` or `custom:user`, you can require those by providing a second argument to the `decode` method.

```php

decode($someTokenFromARequest, ['custom:foo', 'custom:user']);

```

It is also possible to require claim values to be a specific value.

```php

use TeamGantt\Juhwit\JwtDecoder;

$decoder = new JwtDecoder($verifier);

$token = $decoder->decode($someTokenFromARequest, ['custom:user', 'token_use' => 'id']);

```

Keep in mind that instances of `Token` will perform their own checks against required claims. See TeamGantt\Juhwit\Models\Token::getClaimsErrors() for more information.

## Customizing token creation

Juhwit provides a default implementations for id tokens and access tokens. After a jwt is verified against

a public key, the claims and user provided `$requiredClaims` are passed to the `create` method of a `TokenFactoryInterface`.

The default `CognitoTokenFactory` will return an `IdToken` or `AccessToken` depending on the token type provided. When constructing the `JwtDecoder`

a custom `TokenFactoryInterface` can be passed to the constructor.

This factory can be used to create custom tokens - the only requirement is that the `create` method returns a `TokenInterface`. Any `TokenException`s thrown

by the factory will be caught and the token will be considered invalid.

## Leveraging docker

Juhwit is tested and developed against PHP 7.4.11. This project uses a combination of docker and [direnv](https://direnv.net/)

to keep a consistent environment. To leverage direnv, `cd` into the juhwit project directory and run the following:

```

$ docker build -t juhwit:dev .

$ direnv allow

```

This will put your current terminal into an environment that uses the dockerized php and composer binaries. You can use them like you normally would

i.e:

```

$ php -v

$ composer list

```

## Running Tests

```

$ composer test

```