This project is forked from fkooman/php-jwt.

Then I changed the algorithm of EdDSA to Ed25519 in src\EdDSA.php file.

That's all.

The following is original readme.

This is small JSON Web Token implementation. It only supports signatures with the following signature algorithms:

• HS256 (HMAC using SHA-256)
• RS256 (RSASSA-PKCS1-v1_5 using SHA-256)
• EdDSA (Ed25519, RFC 8037)

The first two seem to be the most widely deployed JWT signature algorithms. The library does NOT support encryption/decryption due to the can of worms that would open. It MAY support encryption/decryption in the future, but definitely not with RSA.

If you are both the signer and the verifier of the JWT use HS256. If you issue JWTs that have to be verified by third parties (as well), use EdDSA. Do NOT use RS256 if you can help it.

Quite a number of JWT implementations exist for PHP, varying in quality. However, JWT can be insecure, so it is very important to get things right and as simple as possible from a security perspective. This means implementing the absolute minimum to support JWT, in a secure way. Simplicity and security is more important than fully supporting every nook and cranny of the specification.

• Only supports RS256, HS256 and EdDSA through separate classes, the header is NOT used to determine the algorithm when verifying signatures;
• All keys are validated before use and wrapped in "Key" objects to make sure they are of the correct format. Helper methods are provided to load / save / generate keys;
• Does NOT support the crit header key. If a token is presented with the crit header key it will be rejected;
• Verifies the exp and nbf payload field if present to make sure the token is already and still valid.

• PHP >= 7.2
• php-hash (for HS256)
• php-openssl (for RS256)
• php-sodium (for EdDSA)

Only paragonie/constant_time_encoding is a dependency.

Currently php-jwt is not hosted on Packagist. It may be added in the future. In your composer.json:

"repositories": [
    {
        "type": "vcs",
        "url": "https://git.tuxed.net/fkooman/php-jwt"
    },
    ...
],

"require": {
    "fkooman/jwt": "^2",
    ...
},

You can also download the signed source code archive here.

See the example/ directory for working examples on how to generate keys, set the Key ID and create and validate JWT tokens.

You can run the included test suite after cloning the repository:

$ /path/to/composer install
$ vendor/bin/phpunit

You can use PHPBench to run some benchmarks comparing the various signature algorithms.

$ /path/to/phpbench run