Git Product home page Git Product logo

jose's Introduction

PHP JOSE Library

Join the chat at https://gitter.im/Spomky-Labs/jose

Scrutinizer Code Quality Coverage Status Build Status

HHVM Status PHP 7 ready

SensioLabsInsight

Latest Stable Version Total Downloads Latest Unstable Version License

This library aims to provide an implementation of:

It also implements the following specifications:

  • Tests vectors from RFC 7520 (fully implemented and all test pass).
  • JSON Web Key Thumbprint (RFC 7638).
  • Unencoded Payload Option RFC7797.

Provided Features

Supported Input Types:

JWS or JWE objects support every input that can be serialized:

  • String
  • Any variable of object that can be encoded/decoded into JSON:
    • Primitives: integer, float...
    • Array
    • Objects that implement the \JsonSerializable interface such as:
      • jwk+json content type (JWKInterface object)
      • jwkset+json content type (JWKSetInterface object)

The detached content is also supported.

Unencoded payload is supported. This means you can sign and verify payload without base64 encoding operation. As per the RFC7797, the b64 header MUST be protected. When b64 header is set, the crit protected header with value b64 in its array of values is mandatory.

Supported Serialization Modes

  • Compact JSON Serialization Syntax (JWS/JWE creation and loading)
  • Flattened JSON Serialization Syntax (JWS/JWE creation and loading)
  • General JSON Serialization Syntax (JWS/JWE creation and loading)

Supported Compression Methods

  • Deflate —DEF—
  • GZip —GZ— (this compression method is not described in the specification)
  • ZLib —ZLIB— (this compression method is not described in the specification)

Supported Key Types (JWK)

  • None keys (none)
  • Symmetric keys (oct)
  • Asymmetric keys based on RSA keys (RSA)
  • Asymmetric keys based on Elliptic Curves (EC)
  • Asymmetric keys based on Octet Key Pair (OKP)

JWK objects support JSON Web Key Thumbprint (RFC 7638).

Key Sets (JWKSet)

JWKSet is fully supported.

Supported Signature Algorithms

  • HS256, HS384, HS512
  • ES256, ES384, ES512
  • RS256, RS384, RS512
  • PS256, PS384, PS512
  • none (Please note that this is not a secured algorithm. DO NOT USE IT PRODUCTION!)
  • Ed25519 (third party extension required)
  • Ed448

Please note that the EdDSA signature algorithm specification is not not yet approved. Support for algorithms Ed25518 and Ed448 may change. Use with caution.

Supported Key Encryption Algorithms

Please note that the EdDSA encryption algorithm specification is not not yet approved. Support for algorithms X25518 and X448 may change. Use with caution.

Supported Content Encryption Algorithms

The Release Process

The release process is described here.

Prerequisites

This library needs at least:

  • PHP 5.6+,
  • OpenSSL extension.

Please consider the following optional requirements:

  • For AES-GCM based algorithms (AxxxGCM and AxxxGCMKW): PHP Crypto Extension (at least v0.2.1) is highly recommended as encryption/decryption is faster than the pure PHP implementation.
  • For Ed25519 algorithm: php-ed25519-ext required
  • For X25519 algorithm: php-curve25519-ext required

Please read performance test results below concerning the ECC based algorithms. As the time needed to perform operation is long compared to the other algorithms, we do not recommend their use.

Continuous Integration

It has been successfully tested using PHP 5.6 and PHP 7 and HHVM with all algorithms.

We also track bugs and code quality using Scrutinizer-CI and Sensio Insight.

Coding Standards are verified by StyleCI.

Code coverage is analyzed by Coveralls.io.

Installation

The preferred way to install this library is to rely on Composer:

composer require spomky-labs/jose

How to use

Have a look at How to use to know how to load your JWT and discover all possibilities provided by this library.

Performances

Please read the performance page to know how fast are the algorithms supported by this library.

Contributing

Requests for new features, bug fixed and all other ideas to make this library useful are welcome. Please follow these best practices.

Licence

This software is release under MIT licence.

jose's People

Contributors

gitter-badger avatar ragboyjr avatar scrutinizer-auto-fixer avatar spomky avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.