1 [](https://travis-ci.org/firebase/php-jwt)
2 [](https://packagist.org/packages/firebase/php-jwt)
3 [](https://packagist.org/packages/firebase/php-jwt)
4 [](https://packagist.org/packages/firebase/php-jwt)
8 A simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming to [RFC 7519](https://tools.ietf.org/html/rfc7519).
13 Use composer to manage your dependencies and download PHP-JWT:
16 composer require firebase/php-jwt
23 use \Firebase\JWT\JWT;
27 "iss" => "http://example.org",
28 "aud" => "http://example.com",
35 * You must specify supported algorithms for your application. See
36 * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40
37 * for a list of spec-compliant algorithms.
39 $jwt = JWT::encode($token, $key);
40 $decoded = JWT::decode($jwt, $key, array('HS256'));
45 NOTE: This will now be an object instead of an associative array. To get
46 an associative array, you will need to cast it as such:
49 $decoded_array = (array) $decoded;
52 * You can add a leeway to account for when there is a clock skew times between
53 * the signing and verifying servers. It is recommended that this leeway should
54 * not be bigger than a few minutes.
56 * Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef
58 JWT::$leeway = 60; // $leeway in seconds
59 $decoded = JWT::decode($jwt, $key, array('HS256'));
67 #### 4.0.0 / 2016-07-17
68 - Add support for late static binding. See [#88](https://github.com/firebase/php-jwt/pull/88) for details. Thanks to [@chappy84](https://github.com/chappy84)!
69 - Use static `$timestamp` instead of `time()` to improve unit testing. See [#93](https://github.com/firebase/php-jwt/pull/93) for details. Thanks to [@josephmcdermott](https://github.com/josephmcdermott)!
70 - Fixes to exceptions classes. See [#81](https://github.com/firebase/php-jwt/pull/81) for details. Thanks to [@Maks3w](https://github.com/Maks3w)!
71 - Fixes to PHPDoc. See [#76](https://github.com/firebase/php-jwt/pull/76) for details. Thanks to [@akeeman](https://github.com/akeeman)!
73 #### 3.0.0 / 2015-07-22
74 - Minimum PHP version updated from `5.2.0` to `5.3.0`.
75 - Add `\Firebase\JWT` namespace. See
76 [#59](https://github.com/firebase/php-jwt/pull/59) for details. Thanks to
77 [@Dashron](https://github.com/Dashron)!
78 - Require a non-empty key to decode and verify a JWT. See
79 [#60](https://github.com/firebase/php-jwt/pull/60) for details. Thanks to
80 [@sjones608](https://github.com/sjones608)!
81 - Cleaner documentation blocks in the code. See
82 [#62](https://github.com/firebase/php-jwt/pull/62) for details. Thanks to
83 [@johanderuijter](https://github.com/johanderuijter)!
85 #### 2.2.0 / 2015-06-22
86 - Add support for adding custom, optional JWT headers to `JWT::encode()`. See
87 [#53](https://github.com/firebase/php-jwt/pull/53/files) for details. Thanks to
88 [@mcocaro](https://github.com/mcocaro)!
90 #### 2.1.0 / 2015-05-20
91 - Add support for adding a leeway to `JWT:decode()` that accounts for clock skew
92 between signing and verifying entities. Thanks to [@lcabral](https://github.com/lcabral)!
93 - Add support for passing an object implementing the `ArrayAccess` interface for
94 `$keys` argument in `JWT::decode()`. Thanks to [@aztech-dev](https://github.com/aztech-dev)!
96 #### 2.0.0 / 2015-04-01
97 - **Note**: It is strongly recommended that you update to > v2.0.0 to address
98 known security vulnerabilities in prior versions when both symmetric and
99 asymmetric keys are used together.
100 - Update signature for `JWT::decode(...)` to require an array of supported
101 algorithms to use when verifying token signatures.
106 Run the tests using phpunit:
109 $ pear install PHPUnit
110 $ phpunit --configuration phpunit.xml.dist
111 PHPUnit 3.7.10 by Sebastian Bergmann.
113 Time: 0 seconds, Memory: 2.50Mb
114 OK (5 tests, 5 assertions)
119 [3-Clause BSD](http://opensource.org/licenses/BSD-3-Clause).
scripts.mit.edu / autoinstallsdev / mediawiki.git / blob