Skip to content

Commit

Permalink
Merge branch 'release/2.1.0'
Browse files Browse the repository at this point in the history
  • Loading branch information
lcobucci committed Mar 7, 2015
2 parents 581e70a + 5fd26a4 commit 2a62dd3
Show file tree
Hide file tree
Showing 59 changed files with 3,237 additions and 649 deletions.
5 changes: 1 addition & 4 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,5 +1,2 @@
.buildpath
.project
.settings/
vendor
build
phpunit.xml
54 changes: 54 additions & 0 deletions .scrutinizer.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
build:
environment:
mysql: false
redis: false
php:
version: 5.6
tools:
php_sim: true
php_pdepend: true
php_analyzer: true
php_changetracking: true
php_code_sniffer:
config:
standard: "PSR2"
php_mess_detector: true
checks:
php:
argument_type_checks: true
assignment_of_null_return: true
avoid_conflicting_incrementers: true
avoid_useless_overridden_methods: true
catch_class_exists: true
closure_use_modifiable: true
closure_use_not_conflicting: true
code_rating: true
deprecated_code_usage: true
duplication: true
method_calls_on_non_object: true
missing_arguments: true
no_duplicate_arguments: true
no_non_implemented_abstract_methods: true
no_property_on_interface: true
parameter_non_unique: true
precedence_in_conditions: true
precedence_mistakes: true
require_php_tag_first: true
security_vulnerabilities: true
sql_injection_vulnerabilities: true
too_many_arguments: true
unreachable_code: true
unused_methods: true
unused_parameters: true
unused_properties: true
unused_variables: true
use_statement_alias_conflict: true
useless_calls: true
variable_existence: true
verify_access_scope_valid: true
verify_argument_usable_as_reference: true
verify_property_names: true

filter:
excluded_paths:
- test/*
11 changes: 11 additions & 0 deletions .travis.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,17 @@
language: php
php:
- 5.5
- 5.6
- 7.0
- hhvm
- hhvm-nightly

matrix:
allow_failures:
- php: 7.0
- php: hhvm
- php: hhvm-nightly

before_script:
- composer selfupdate
- composer install --prefer-dist -o
4 changes: 2 additions & 2 deletions LICENSE
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
Copyright (c) 2014, Luís Otávio Cobucci Oblonczyk
Copyright (c) 2014-2015, Luís Otávio Cobucci Oblonczyk
All rights reserved.

Redistribution and use in source and binary forms, with or without
Expand All @@ -24,4 +24,4 @@ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
134 changes: 112 additions & 22 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,24 +1,33 @@
# JWT
k# JWT
[![Gitter](https://img.shields.io/badge/GITTER-JOIN%20CHAT%20%E2%86%92-brightgreen.svg?style=flat-square)](https://gitter.im/lcobucci/jwt?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) [![Total Downloads](https://img.shields.io/packagist/dt/lcobucci/jwt.svg?style=flat-square)](https://packagist.org/packages/lcobucci/jwt) [![Latest Stable Version](https://img.shields.io/packagist/v/lcobucci/jwt.svg?style=flat-square)](https://packagist.org/packages/lcobucci/jwt)

master
[![Build Status](https://secure.travis-ci.org/lcobucci/jwt.png?branch=master)](http://travis-ci.org/#!/lcobucci/jwt)
[![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/lcobucci/jwt/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/lcobucci/jwt/?branch=master)
[![Code Coverage](https://scrutinizer-ci.com/g/lcobucci/jwt/badges/coverage.png?b=master)](https://scrutinizer-ci.com/g/lcobucci/jwt/?branch=master)
![Branch master](https://img.shields.io/badge/branch-master-brightgreen.svg?style=flat-square)
[![Build Status](https://img.shields.io/travis/lcobucci/jwt/master.svg?style=flat-square)](http://travis-ci.org/#!/lcobucci/jwt)
[![Scrutinizer Code Quality](https://img.shields.io/scrutinizer/g/lcobucci/jwt/master.svg?style=flat-square)](https://scrutinizer-ci.com/g/lcobucci/jwt/?branch=master)
[![Code Coverage](https://img.shields.io/scrutinizer/coverage/g/lcobucci/jwt/master.svg?style=flat-square)](https://scrutinizer-ci.com/g/lcobucci/jwt/?branch=master)

develop
[![Build Status](https://secure.travis-ci.org/lcobucci/jwt.png?branch=develop)](http://travis-ci.org/#!/lcobucci/jwt)
[![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/lcobucci/jwt/badges/quality-score.png?b=develop)](https://scrutinizer-ci.com/g/lcobucci/jwt/?branch=develop)
[![Code Coverage](https://scrutinizer-ci.com/g/lcobucci/jwt/badges/coverage.png?b=develop)](https://scrutinizer-ci.com/g/lcobucci/jwt/?branch=develop)
![Branch develop](https://img.shields.io/badge/branch-develop-brightgreen.svg?style=flat-square)
[![Build Status](https://img.shields.io/travis/lcobucci/jwt/develop.svg?style=flat-square)](http://travis-ci.org/#!/lcobucci/jwt)
[![Scrutinizer Code Quality](https://img.shields.io/scrutinizer/g/lcobucci/jwt/develop.svg?style=flat-square)](https://scrutinizer-ci.com/g/lcobucci/jwt/?branch=develop)
[![Code Coverage](https://img.shields.io/scrutinizer/coverage/g/lcobucci/jwt/develop.svg?style=flat-square)](https://scrutinizer-ci.com/g/lcobucci/jwt/?branch=develop)

[![Total Downloads](https://poser.pugx.org/lcobucci/jwt/downloads.png)](https://packagist.org/packages/lcobucci/jwt)
[![Latest Stable Version](https://poser.pugx.org/lcobucci/jwt/v/stable.png)](https://packagist.org/packages/lcobucci/jwt)

A simple library to work with JSON Web Token and JSON Web Signature (requires PHP 5.5+).
The implementation is based on the [current draft](http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-31).
The implementation is based on the [current draft](http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).

## Instalation
## Installation

Just add to your composer.json: ```"lcobucci/jwt": "*"```
Package is available on [Packagist](http://packagist.org/packages/lcobucci/jwt),
you can install it using [Composer](http://getcomposer.org).

```shell
composer require lcobucci/jwt
```

### Dependencies

- PHP 5.5+
- OpenSSL Extension

## Basic usage

Expand All @@ -27,29 +36,110 @@ Just add to your composer.json: ```"lcobucci/jwt": "*"```
Just use the builder to create a new JWT/JWS tokens:

```php
<?php
use Lcobucci\JWT\Builder;
use Lcobucci\JWT\Signer\Hmac\Sha256;

$token = (new Builder())->setIssuer('http://example.com') // Configures the issuer (iss claim)
->setAudience('http://example.org') // Configures the audience (aud claim)
->setId('4f1g23a12aa', true) // Configures the id (jti claim), replicating as a header item
->setIssuedAt(time()) // Configures the time that the token was issue (iat claim)
->setNotBefore(time() + 60) // Configures the time that the token can be used (nbf claim)
->setExpiration(time() + 3600) // Configures the expiration time of the token (nbf claim)
->set('uid', 1) // Configures a new claim, called "uid"
->sign(new Sha256(), 'my key') // Signs the token with HS256 using "my key" as key
->getToken(); // Retrieves the generated token



$token->getHeader(); // Retrieves the token header
$token->getClaims(); // Retrieves the token claims

echo $token->getClaim('iss'); // will print "http://example.com"
echo $token->getClaim('uid'); // will print "1"
echo $token; // The string representation of the object is a JWT string (pretty easy, right?)
```

### Parsing from strings

Use the parser to create a new token from a JWT string:
Use the parser to create a new token from a JWT string (using the previous token as example):

```php
<?php
use Lcobucci\JWT\Parser;

$token = (new Parser())->parse('...'); // Parses from a string
$token = (new Parser())->parse((string) $token); // Parses from a string
$token->getHeader(); // Retrieves the token header
$token->getClaims(); // Retrieves the token claims
$token->verify('my key'); // Verifies if the signature was created with given key (if token is signed)

echo $token->getClaim('iss'); // will print "http://example.com"
echo $token->getClaim('uid'); // will print "1"
```

### Validating

We can easily validate if the token is valid (using the previous token as example):

```php
use Lcobucci\JWT\ValidationData;

$data = new ValidationData(); // It will use the current time to validate (iat, nbf and exp)
$data->setIssuer('http://example.com');
$data->setAudience('http://example.org');
$data->setId('4f1g23a12aa');

var_dump($token->validate($data)); // true, because validation information is equals to data contained on the token

$data->setCurrentTime(time() + 4000); // changing the validation time to future

var_dump($token->validate($data)); // false, because token is expired since current time is greater than exp
```

## Token signature

We can use signatures to be able to verify if the token was not modified after its generation. This library implements Hmac, RSA and ECDSA signatures (using 256, 384 and 512).

### Hmac

Hmac signatures are really simple to be used:

```php
use Lcobucci\JWT\Builder;
use Lcobucci\JWT\Signer\Hmac\Sha256;

$token = (new Builder())->setIssuer('http://example.com') // Configures the issuer (iss claim)
->setAudience('http://example.org') // Configures the audience (aud claim)
->setId('4f1g23a12aa', true) // Configures the id (jti claim), replicating as a header item
->setIssuedAt(time()) // Configures the time that the token was issue (iat claim)
->setNotBefore(time() + 60) // Configures the time that the token can be used (nbf claim)
->setExpiration(time() + 3600) // Configures the expiration time of the token (nbf claim)
->set('uid', 1) // Configures a new claim, called "uid"
->sign(new Sha256(), 'testing') // creates a signature using "testing" as key
->getToken(); // Retrieves the generated token


var_dump($token->verify('testing 1')); // false, because the key is different
var_dump($token->verify('testing')); // true, because the key is the same
```

### RSA and ECDSA

RSA and ECDSA signatures are based on public and private keys so you have to generate using the private key and verify using the public key:

```php
use Lcobucci\JWT\Builder;
use Lcobucci\JWT\Signer\Keychain; // just to make our life simpler
use Lcobucci\JWT\Signer\Rsa\Sha256; // you can use Lcobucci\JWT\Signer\Ecdsa\Sha256 if you're using ECDSA keys

$keychain = new Keychain();

$token = (new Builder())->setIssuer('http://example.com') // Configures the issuer (iss claim)
->setAudience('http://example.org') // Configures the audience (aud claim)
->setId('4f1g23a12aa', true) // Configures the id (jti claim), replicating as a header item
->setIssuedAt(time()) // Configures the time that the token was issue (iat claim)
->setNotBefore(time() + 60) // Configures the time that the token can be used (nbf claim)
->setExpiration(time() + 3600) // Configures the expiration time of the token (nbf claim)
->set('uid', 1) // Configures a new claim, called "uid"
->sign(new Sha256(), $keychain->getPrivateKey('file://{path to your private key}')) // creates a signature using your private key
->getToken(); // Retrieves the generated token


var_dump($token->verify($keychain->getPublicKey('file://{path to your public key}')); // true when the public key was generated by the private one =)
```

**It's important to say that if you're using RSA keys your shouldn't invoke ECDSA signers (and vice-versa), otherwise ```sign()``` and ```verify()``` will raise an exception!**
44 changes: 27 additions & 17 deletions composer.json
Original file line number Diff line number Diff line change
@@ -1,27 +1,37 @@
{
"name" : "lcobucci/jwt",
"description" : "A simple library to work with JSON Web Token and JSON Web Signature",
"type" : "library",
"authors" : [
"name": "lcobucci/jwt",
"description": "A simple library to work with JSON Web Token and JSON Web Signature",
"type": "library",
"authors": [
{
"name" : "Luís Otávio Cobucci Obloncz",
"email" : "lcobucci@gmail.com",
"name": "Luís Otávio Cobucci Obloncz",
"email": "lcobucci@gmail.com",
"role": "Developer"
}
],
"keywords" : ["JWT", "JWS"],
"license" : ["BSD-3-Clause"],
"require" : {
"php" : ">=5.5"
"keywords": [
"JWT",
"JWS"
],
"license": [
"BSD-3-Clause"
],
"require": {
"php": ">=5.5",
"ext-openssl": "*"
},
"require-dev" : {
"phpunit/phpunit" : "~4.3",
"squizlabs/php_codesniffer" : "~1.5",
"phpmd/phpmd" : "~2.1"
"require-dev": {
"phpunit/phpunit": "~4.5",
"squizlabs/php_codesniffer": "~2.3",
"phpmd/phpmd": "~2.2",
"phpunit/php-invoker": "~1.1"
},
"autoload" : {
"psr-4" : {
"Lcobucci\\JWT\\" : ["src", "test"]
"autoload": {
"psr-4": {
"Lcobucci\\JWT\\": [
"src",
"test"
]
}
}
}
Loading

0 comments on commit 2a62dd3

Please sign in to comment.