This library aims to provide an implementation of:
- JWS JSON Web Signature (RFC 7515),
- JWT JSON Web Token (RFC 7519),
- JWE JSON Web Encryption (RFC 7516),
- JWA JSON Web Algorithms (RFC 7518).
- JWK JSON Web Key (RFC 7517).
Tests vectors from RFC 7520 are partially implemented.
This library supports JSON Web Key Thumbprint (RFC 7638).
Note 1: this library is still in development. The first stable release will be tagged as v1.0.x. All tags v0.x.y must be considered as unstable.
Note 2: if you use Symfony, a bundle is in development.
This library provides all objects and components to perform signature, verification, encryption and decryption according to the RFCs listed above.
You will have to create a Signer
, Verifier
, Encrypter
Decrypter
or Loader
object to execute all these operation.
You will be afraid of all of this and you will think that this library is very complicated to use. AND YOU ARE RIGHT!
Fortunately, we created factories to ease your life and we highly recommend to use them.
Finally, this library and all these projects are still in active development. Do not hesitate to send us your feedback!
The release process is described here.
This library needs at least:
Please consider the following optional requirements:
- AES-GCM based algorithms (
AxxxGCM
andAxxxGCMKW
): PHP Crypto Extension (at leastv0.2.1
).
It has been successfully tested using PHP 5.5.9
, PHP 5.6
and PHP 7
and HHVM
.
Please note that AxxxGCM
and AxxxGCMKW
tests are not performed as PHP Crypto is not available on HHVM
platform.
We also track bugs and code quality using Scrutinizer-CI and Sensio Insight.
Coding Standards are verified by StyleCI.
Code coverage is analyzed by Coveralls.io.
The preferred way to install this library is to rely on Composer:
composer require spomky-labs/jose
By default, tests and documentation files are not included. If you want to test this project or read the documentation, please add the option --prefer-source
.
composer require spomky-labs/jose --prefer-source
Have a look at How to use to create or load your first JWT objects.
This library supports unsecured JWS
(none
algorithm).
Unsecured JWS
is something you probably do not want to use.
After you loaded data you received, you should verify that the algorithm used is not none
.
Requests for new features, bug fixed and all other ideas to make this library useful are welcome. Please follow these best practices.
This software is release under MIT licence.