Need help with jose?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.
Spomky-Labs

Description

:closed_lock_with_key: JSON Object Signing and Encryption Framework (JWT, JWS, JWE, JWA, JWK, JWKSet and more)

474 Stars 83 Forks MIT License 937 Commits 1 Opened issues

Services available

Need anything else?

PHP JOSE Library

If you really love that library, then you can help me out for a couple of :beers:!

Beerpay Beerpay


:warning::warning::warning:

We highly recommend you to use the new JWT Framework project instead of this library.

  • Active support of this library is provided until end of 2018.
  • Security support will be provided from 2019 and up to end of 2020.

A migration guide will be/is available in the documentation of the new project.

:warning::warning::warning:

Scrutinizer Code Quality Coverage Status

Build Status HHVM Status PHP 7 ready

Dependency Status

SensioLabsInsight

Latest Stable Version Total Downloads Latest Unstable Version License

This library provides an implementation of:

Provided Features

Supported Input Types:

JWS or JWE objects support every input that can be encoded into JSON:

  • [x]
    string
    ,
    array
    ,
    integer
    ,
    float
    ...
  • [x] Objects that implement the
    \JsonSerializable
    interface such as
    JWKInterface
    or
    JWKSetInterface

The detached content is also supported.

Unencoded payload is supported. This means you can sign and verify payload without base64 encoding operation. As per the RFC7797, the

b64
header MUST be protected. When
b64
header is set, the
crit
protected header with value
b64
in its array of values is mandatory.

Supported Serialization Modes

  • [x] Compact JSON Serialization Syntax (JWS/JWE creation and loading)
  • [x] Flattened JSON Serialization Syntax (JWS/JWE creation and loading)
  • [x] General JSON Serialization Syntax (JWS/JWE creation and loading)

Supported Compression Methods

| Compression Method | Supported | Comment | | ------------------ |:---------:| --------------------------------------------------------------- | | Deflate (

DEF
) | YES | | | GZip (
GZ
) | YES | This compression method is not described in the specification | | ZLib (
ZLIB
) | YES | This compression method is not described in the specification |

Supported Key Types (JWK)

| Key Type | Supported | Comment | | -------- |:---------:| -------------------------------------------- | |

none
| YES | None keys are for the
none
algorithm only | |
oct
| YES | Symmetric keys | |
RSA
| YES | RSA based asymmetric keys | |
EC
| YES | Elliptic Curves based asymmetric keys | |
OKP
| YES | Octet Key Pair based asymmetric keys |

JWK objects support JSON Web Key Thumbprint (RFC 7638).

Key Sets (JWKSet)

JWKSet is fully supported.

Supported Signature Algorithms

| Signature Algorithm | Supported | Comment | | ------------------------------ |:---------:| --------------------------------------------------------------------------- | |

HS256
,
HS384
and
HS512
| YES | | |
HS256
,
ES384
and
ES512
| YES | | |
RS256
,
RS384
and
RS512
| YES | | |
PS256
,
PS384
and
PS512
| YES | | |
none
| YES | Please note that this is not a secured algorithm. USE IT WITH CAUTION! | |
EdDSA
with
Ed25519
curve
| YES | Third party extension required | |
EdDSA
with
Ed448
curve
| NO | |

Please note that the EdDSA signature algorithm specification is not not yet approved. Support for algorithms

Ed25518
and
Ed448
may change. Use with caution.

Supported Key Encryption Algorithms

| Key Encryption Algorithm | Supported | Comment | | ------------------------------------------------------------------- |:---------:| ----------------------------------------------------------------------------------------------------------------- | |

dir
| YES | | |
RSA1_5
,
RSA-OAEP
and
RSA-OAEP-256
| YES | | |
ECDH-ES
,
ECDH-ES+A128KW
,
ECDH-ES+A192KW
and
ECDH-ES+A256KW
| YES | | |
A128KW
,
A128KW
and
A128KW
| YES | | |
PBES2-HS256+A128KW
,
PBES2-HS384+A192KW
and
PBES2-HS512+A256KW
| YES | | |
A128GCMKW
,
A192GCMKW
and
A256GCMKW
| YES | For better performance, please use PHP 7.1+ or this third party extension | |
EdDSA
with
X25519
curve | YES | Third party extension required | |
EdDSA
with
X448
curve | NO | |

Please note that the EdDSA encryption algorithm specification is not not yet approved. Support for algorithms

X25518
and
X448
may change. Use with caution.

Supported Content Encryption Algorithms

| Content Encryption Algorithm | Supported | Comment | | ---------------------------------------------------- |:---------:| ---------------------------------------------------------------------------------------------------------------- | |

A128CBC-HS256
,
A192CBC-HS384
and
A256CBC-HS512
| YES | | |
A128GCM
,
A192GCM
and
A256GCM
| YES | For better performance, please use PHP 7.1+ or this third party extension |

The Release Process

The release process is described here.

Prerequisites

This library needs at least: * PHP 7.0+, * OpenSSL extension.

Please consider the following optional requirements: * For AES-GCM based algorithms (

AxxxGCM
and
AxxxGCMKW
) if not on PHP 7.1+: PHP Crypto Extension (at least
v0.2.1
) is highly recommended as encryption/decryption is faster than the pure PHP implementation. * For Ed25519 algorithm: php-ed25519-ext required * For X25519 algorithm: php-curve25519-ext required

Please read performance test results below concerning the ECC based algorithms. As the time needed to perform operation is long compared to the other algorithms, we do not recommend their use.

Continuous Integration

It has been successfully tested using

PHP 7.0
,
PHP 7.1
and
PHP7.2
with all algorithms. If you use PHP 5.6, please install the version ^6.0 of this project.

Tests vectors from the RFC 7520 are fully implemented and all tests pass.

We also track bugs and code quality using Scrutinizer-CI and Sensio Insight.

Coding Standards are verified by StyleCI.

Code coverage is analyzed by Coveralls.io.

Installation

The preferred way to install this library is to rely on Composer:

composer require spomky-labs/jose

How to use

Have a look at How to use to know how to load your JWT and discover all possibilities provided by this library.

Performances

Please read the performance page to know how fast are the algorithms supported by this library.

Contributing

Requests for new features, bug fixed and all other ideas to make this library useful are welcome. If you feel comfortable writting code, you could try to fix opened issues where help is wanted or those that are easy to fix.

Do not forget to follow these best practices.

Licence

This software is release under MIT licence.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.