namshi/jose 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.| Name | Version | Size | License | Type | Vulnerabilities |
|---|---|---|---|---|---|
| symfony/polyfill-php56 | v1.20.0 | 1.99 kB | MIT | prod |
The "namshi/jose" is a PHP library that provides a lightweight implementation of the JSON Web Signature (JWS) specification. It is used broadly for signing and verification procedures of JSON Web Tokens (JWT). These tokens securely transmit information between parties as a JSON object making it a key instrument in ensuring security and integrity of data in PHP applications.
The robust versatility of the "namshi/jose" library can be utilized by installing it through composer from packagist. To add the package, use the following line in your composer.json "namshi/jose": "7.0.*" and run composer update.
Take a look on how to use it in PHP. Below is an example of how to generate a JWS token after verifying login credentials:
<?php
use Namshi\JOSE\SimpleJWS;
if ($username == 'correctUsername' && $pass == 'ok') {
$user = Db::loadUserByUsername($username);
$jws = new SimpleJWS(array(
'alg' => 'RS256'
));
$jws->setPayload(array(
'uid' => $user->getid(),
));
$privateKey = openssl_pkey_get_private("file://path/to/private.key", self::SSL_KEY_PASSPHRASE);
$jws->sign($privateKey);
setcookie('identity', $jws->getTokenString());
}
And here's how to validate the token once a request is made:
<?php
use Namshi\JOSE\SimpleJWS;
$jws = SimpleJWS::load($_COOKIE['identity']);
$public_key = openssl_pkey_get_public("/path/to/public.key");
if ($jws->isValid($public_key, 'RS256')) {
$payload = $jws->getPayload();
echo sprintf("Hey, my JS app just did an action authenticated as user #%s", $payload['uid']);
}
Alternatives for OpenSSL are also available, for instances where OpenSSL does not work or is not installed, PHPSECLIB may be used for RSA encryption and signing procedures.
Documentation for the "namshi/jose" library can be found directly on its GitHub repository at https://github.com/namshi/jose. Comprehensive guides with usage examples, and potential security precautions are available for users at all levels to understand the implementation details of JSON Web Signature specific pathways. Regular updates are also made to the repository for continued enhancement and reliability of the "namshi/jose" library.
