This library aims to provide an implementation of:
- JWS JSON Web Signature (RFC 7515),
- JWT JSON Web Token (RFC 7519),
- JWE JSON Web Encryption (RFC 7516),
- JWA JSON Web Algorithms (RFC 7518).
- JWK JSON Web Key (RFC 7517).
Tests vectors from RFC 7520 are partially implemented.
This library supports JSON Web Key Thumbprint (RFC 7638).
Note 1: this library is still in development. The first stable release will be tagged as v1.0.x. All tags v0.x.y must be considered as unstable.
Note 2: if you use Symfony, a bundle is in development.
This library provides all objects and components to perform signature, verification, encryption and decryption according to the RFCs listed above.
Some of classes provided are abstract and you must implement the missing methods. In addition, you will have to instantiate, initialize and inject all objects and components to the signer, encrypter and loader services.
You will be afraid of all of this and you will think that this library is very complicated to use. AND YOU ARE RIGHT!
That is why we created to other projects to ease the use of this library:
- Jose Service: this project uses Pimple to provide only one service to rule them all.
- Jose Bundle: a Symfony 2.7+ bundle that provides easy to use services
Finally, this library and all these projects are still in active development. Do not hesitate to send us your feedback!
The release process is described here.
This library needs at least:
Please consider the following optional requirements:
- AES-GCM based algorithms (
AxxxGCM
andAxxxGCMKW
): PHP Crypto Extension (at leastv0.2.1
).
It has been successfully tested using PHP 5.5.9
, PHP 5.6
and PHP 7
and HHVM
.
Please note that AxxxGCM
and AxxxGCMKW
tests are not performed as PHP Crypto is not available on HHVM
platform.
Anyway, as the this library should work fine.
We also track bugs and code quality using Scrutinizer-CI and Sensio Insight.
Coding Standards are verified by StyleCI.
Code coverage is analyzed by Coveralls.io.
The preferred way to install this library is to rely on Composer:
composer require spomky-labs/jose
By default, tests and documentation files are not included. If you want to test this project or read the documentation, please add the option --prefer-source
.
composer require spomky-labs/jose --prefer-source
Your classes are ready to use? Have a look at How to use to create or load your first JWT objects.
This library supports unsecured JWS
(none
algorithm).
Unsecured JWS
is something you probably do not want to use.
After you loaded data you received, you should verify that the algorithm used is not none
.
Requests for new features, bug fixed and all other ideas to make this library useful are welcome. Please follow these best practices.
This software is release under MIT licence.