/jwt-auth

A simple framework-agnostic JSON Web Token authentication solution

Primary LanguagePHP

JWT Auth

A simple framework-agnostic JSON Web Token authentication solution.

Total Downloads Latest Stable Version License

License

Licensed under MIT. Totally free for private or commercial projects.

Installation

composer require andrewdyer/jwt-auth

Usage

// Create a new auth provider instance
$authProvider = new App\Providers\AuthProvider();

// Create a new jwt provider instance
$jwtProvider = new App\Providers\JwtProvider();

// Build up jwt claims
$claimsFactory = new Anddye\JwtAuth\ClaimsFactory::build([
    'exp' => 1582243200, // Friday, 21 February 2020 00:00:00
    'iat' => 1582193571, // Thursday, 20 February 2020 10:12:51
    'iss' => 'https://example.com',
    'jti' => 'fVcx9BJHqh',
    'nbj' => '1582193571', // Thursday, 20 February 2020 10:12:51
]);

// Bring everything together to create a jwt auth instance
$jwtAuth = new JwtAuth($authProvider, $jwtProvider, $claimsFactory);

Auth Provider

namespace App\Providers;

use Anddye\JwtAuth\Providers\AuthProviderInterface;

class AuthProvider implements AuthProviderInterface
{
    public function byCredentials(string $username, string $password)
    {
        // TODO: Validate username / password and return an instance of `Anddye\JwtAuth\Contracts\JwtSubject`
    }

    public function byId(int $id)
    {
        // TODO: Find a user by id and return an instance of `Anddye\JwtAuth\Contracts\JwtSubject` if exists
    }
}

JWT Provider

namespace Anddye\JwtAuth\Tests\Stubs\Providers;

use Anddye\JwtAuth\Providers\JwtProviderInterface;

class JwtProvider implements JwtProviderInterface
{
    public function decode(string $token)
    {
        // TODO: Decode JWT token somehow
    }

    public function encode(array $claims): string
    {
        // TODO: Encode claims and create a JWT token somehow
    }
}

Claims Factory

Option Type Description
exp int Time after which the JWT expires.
iat int Time at which the JWT was issued.
iss string Issuer of the JWT.
jti string Unique identifier; can be used to prevent the JWT from being replayed.
nbj int Time before which the JWT must not be accepted for processing. 
$claimsFactory = new Anddye\JwtAuth\ClaimsFactory();
$claimsFactory->setExp(1582243200); // Friday, 21 February 2020 00:00:00
$claimsFactory->setIat(1582193571); // Thursday, 20 February 2020 10:12:51
$claimsFactory->setIss('https://example.com');
$claimsFactory->setJti('fVcx9BJHqh');
$claimsFactory->setNbj(1582193571); // Thursday, 20 February 2020 10:12:51

Attempt with credentials

if (!$token = $jwtAuth->attempt($username, $password)) {
    // TODO: Handle failed attempt with credentials
} else {
    // TODO: Handle successful attempt with credentials
}

Authenticate with token

if (!$actor = $jwtAuth->authenticate($token)->getActor()) {
    // TODO: Handle failed authentication with token
} else {
    // TODO: Handle successful authentication with token
}

Support

If you're using this package, I'd love to hear your thoughts! Feel free to contact me on Twitter.

Need to see an example? Check out this tutorial on how to integrate this library into a Slim 3 project.

Found a bug? Please report it using the issue tracker, or better yet, fork the repository and submit a pull request.