• This repository has been archived on 30/Dec/2020
  • Stars
    star
    486
  • Rank 90,527 (Top 2 %)
  • Language
    PHP
  • License
    MIT License
  • Created over 10 years ago
  • Updated about 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

🔐 JSON Object Signing and Encryption Framework (JWT, JWS, JWE, JWA, JWK, JWKSet and more)

PHP JOSE Library

If you really love that library, then you can help me out for a couple of 🍻!

Beerpay Beerpay


⚠️⚠️⚠️

We highly recommend you to use the new JWT Framework project instead of this library.

  • Active support of this library is provided until end of 2018.
  • Security support will be provided from 2019 and up to end of 2020.

A migration guide will be/is available in the documentation of the new project.

⚠️⚠️⚠️

Scrutinizer Code Quality Coverage Status

Build Status HHVM Status PHP 7 ready

Dependency Status

SensioLabsInsight

Latest Stable Version Total Downloads Latest Unstable Version License

This library provides an implementation of:

Provided Features

Supported Input Types:

JWS or JWE objects support every input that can be encoded into JSON:

  • string, array, integer, float...
  • Objects that implement the \JsonSerializable interface such as JWKInterface or JWKSetInterface

The detached content is also supported.

Unencoded payload is supported. This means you can sign and verify payload without base64 encoding operation. As per the RFC7797, the b64 header MUST be protected. When b64 header is set, the crit protected header with value b64 in its array of values is mandatory.

Supported Serialization Modes

  • Compact JSON Serialization Syntax (JWS/JWE creation and loading)
  • Flattened JSON Serialization Syntax (JWS/JWE creation and loading)
  • General JSON Serialization Syntax (JWS/JWE creation and loading)

Supported Compression Methods

Compression Method Supported Comment
Deflate (DEF) YES
GZip (GZ) YES This compression method is not described in the specification
ZLib (ZLIB) YES This compression method is not described in the specification

Supported Key Types (JWK)

Key Type Supported Comment
none YES None keys are for the none algorithm only
oct YES Symmetric keys
RSA YES RSA based asymmetric keys
EC YES Elliptic Curves based asymmetric keys
OKP YES Octet Key Pair based asymmetric keys

JWK objects support JSON Web Key Thumbprint (RFC 7638).

Key Sets (JWKSet)

JWKSet is fully supported.

Supported Signature Algorithms

Signature Algorithm Supported Comment
HS256, HS384 and HS512 YES
HS256, ES384 and ES512 YES
RS256, RS384 and RS512 YES
PS256, PS384 and PS512 YES
none YES Please note that this is not a secured algorithm. USE IT WITH CAUTION!
EdDSA with Ed25519 curve YES Third party extension required
EdDSA with Ed448 curve NO

Please note that the EdDSA signature algorithm specification is not not yet approved. Support for algorithms Ed25518 and Ed448 may change. Use with caution.

Supported Key Encryption Algorithms

Key Encryption Algorithm Supported Comment
dir YES
RSA1_5, RSA-OAEP and RSA-OAEP-256 YES
ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW and ECDH-ES+A256KW YES
A128KW, A128KW and A128KW YES
PBES2-HS256+A128KW, PBES2-HS384+A192KW and PBES2-HS512+A256KW YES
A128GCMKW, A192GCMKW and A256GCMKW YES For better performance, please use PHP 7.1+ or this third party extension
EdDSA with X25519 curve YES Third party extension required
EdDSA with X448 curve NO

Please note that the EdDSA encryption algorithm specification is not not yet approved. Support for algorithms X25518 and X448 may change. Use with caution.

Supported Content Encryption Algorithms

Content Encryption Algorithm Supported Comment
A128CBC-HS256, A192CBC-HS384 and A256CBC-HS512 YES
A128GCM, A192GCM and A256GCM YES For better performance, please use PHP 7.1+ or this third party extension

The Release Process

The release process is described here.

Prerequisites

This library needs at least:

  • PHP 7.0+,
  • OpenSSL extension.

Please consider the following optional requirements:

  • For AES-GCM based algorithms (AxxxGCM and AxxxGCMKW) if not on PHP 7.1+: PHP Crypto Extension (at least v0.2.1) is highly recommended as encryption/decryption is faster than the pure PHP implementation.
  • For Ed25519 algorithm: php-ed25519-ext required
  • For X25519 algorithm: php-curve25519-ext required

Please read performance test results below concerning the ECC based algorithms. As the time needed to perform operation is long compared to the other algorithms, we do not recommend their use.

Continuous Integration

It has been successfully tested using PHP 7.0, PHP 7.1 and PHP7.2 with all algorithms. If you use PHP 5.6, please install the version ^6.0 of this project.

Tests vectors from the RFC 7520 are fully implemented and all tests pass.

We also track bugs and code quality using Scrutinizer-CI and Sensio Insight.

Coding Standards are verified by StyleCI.

Code coverage is analyzed by Coveralls.io.

Installation

The preferred way to install this library is to rely on Composer:

composer require spomky-labs/jose

How to use

Have a look at How to use to know how to load your JWT and discover all possibilities provided by this library.

Performances

Please read the performance page to know how fast are the algorithms supported by this library.

Contributing

Requests for new features, bug fixed and all other ideas to make this library useful are welcome. If you feel comfortable writting code, you could try to fix opened issues where help is wanted or those that are easy to fix.

Do not forget to follow these best practices.

Licence

This software is release under MIT licence.

More Repositories

1

otphp

🔐 A PHP library for generating one time passwords according to RFC 4226 (HOTP) and the RFC 6238 (TOTP)
PHP
1,184
star
2

base64url

Base64 URL Safe Encoding/Decoding PHP library
PHP
151
star
3

php-aes-gcm

AES Galois Counter Mode encryption library for PHP
PHP
66
star
4

aes-key-wrap

Pure PHP library for AES Key Wrapping (RFC3394 and RFC5649)
PHP
44
star
5

cbor-php

CBOR Encoder/Decoder for PHP
PHP
35
star
6

lexik-jose-bridge

An Encoder for the LexikJWTAuthenticationBundle that uses web-token/jwt-framework
PHP
31
star
7

u2f-php

FIDO/FIDO2 Universal 2 Factors (U2F) support for PHP
PHP
28
star
8

web-push

This framework contains PHP libraries and Symfony bundle to allow developers to integrate web-push notifications into their web applications.
PHP
16
star
9

RoleHierarchyBundle

-- Unmaintained -- Symfony Bundle that allows you to store your role hierarchy in a database
PHP
9
star
10

jose-bundle

Jose Bundle for Symfony
PHP
8
star
11

pki-framework

Public Key Infrastructure
PHP
7
star
12

IpFilterBundle

-- Unmaintained --
PHP
6
star
13

cbor-bundle

CBOR Encoder/Decoder Bundle for Symfony
PHP
4
star
14

scim-library

--- DO NOT USE --- System for Cross-domain Identity Management library for PHP
PHP
4
star
15

pbkdf2

Password Based Key Derivation Function 2 (RFC2889 and RFC6070) [UNMAINTAINED]
PHP
2
star
16

defuse-generator

-- Unmaintained --
PHP
2
star
17

web-push-bundle

[READ ONLY] Web-Push Symfony Bundle
PHP
2
star
18

u2f-bundle

Symfony Bundle for FIDO U2F Support
PHP
2
star
19

web-push-lib

[READ ONLY] Web-Push library for PHP
PHP
2
star
20

beaver

My commands for Castor CLI
PHP
2
star
21

web-push-demo

JavaScript
1
star