jwt

This project is maintained by Corviz

JWT

JWT Logo

API reference

See API Reference

How to install

composer require corviz/jwt

Provided signers

Algorithm Version
HS256 1.0
HS384 1.0
HS512 1.0

Provided claim validators

Claim Version
exp 1.0
nbf 1.0

Basic Usage

Generating token

<?php

use Corviz\Jwt\Token;
use Corviz\Jwt\SignerFactory;

$token = Token::create()
            ->with('exp', strtotime('+ 1 hour')) //Expires in one hour
            ->withSigner(SignerFactory::build('HS256')) //HS256 signer is provided by default. This could be omitted
            ->sign($mySecret)
            ->toString();

Validating and reading values from a token

<?php

use Corviz\Jwt\Token;

$token = Token::fromString('xxxx.yyyyy.zzzzz');

$isValid = $token->validate($mySecret);

if ($isValid) {
    $payload = $token->getPayload();
    $headers = $token->getHeaders();
}

Validating your private claims

First you have to create your validator

use \Corviz\Jwt\Validator\Validator;

class MyClaimValidator extends Validator {
    /**
     * @return string
     */
    public function validates() : string
    {
        return 'my-claim'; //this will validate value inside 'my-claim', when set
    }
    
    /**
     * @param mixed $value
     * @return bool
     */
    public function validate(mixed $value) : bool
    {
        // this claim must contain value 'a', 'b' or 'c'
        $valid = in_array($value, ['a', 'b', 'c']);
        
        return $valid;
    }
}

Then all you have to do is assign your validator before running validate() method

<?php

use Corviz\Jwt\Token;

$token = Token::fromString('xxxx.yyyyy.zzzzz')
            ->assignValidator(new MyClaimValidator());

$isValid = $token->validate($mySecret);

if ($isValid) {
    $myClaim = $token->getPayload('my-claim');
}