This extension provides the JWT integration for Yii 2 framework.
This is a fork of sizeg/yii2-jwt package
| bizley/yii2-jwt | lcobucci/jwt | php |
|---|---|---|
^4.0 |
^5.0 |
>=8.1 |
^3.0 |
^4.0 |
>=7.4 |
^2.0 |
^3.0 |
>=7.1 |
See lcobucci/jwt repo for details about the version.
Add the package to your composer.json:
{
"require": {
"bizley/jwt": "^4.0"
}
}and run composer update or alternatively run composer require bizley/jwt:^4.0
Add jwt component to your configuration file:
[
'components' => [
'jwt' => [
'class' => \bizley\jwt\Jwt::class,
'signer' => ... // Signer ID, or signer object, or signer configuration
'signingKey' => ... // Secret key string or path to the signing key file
],
],
],If you are struggling with the concept of API JWT, here is an EXAMPLE of how to quickly put all pieces together.
Symmetric:
- HMAC (HS256, HS384, HS512)
Asymmetric:
- RSA (RS256, RS384, RS512)
- ECDSA (ES256, ES384, ES512)
- EdDSA (since 3.1.0)
- BLAKE2B (since 3.4.0)
Signer IDs are available as constants (like Jwt::HS256).
You can also provide your own signer, either as an instance of Lcobucci\JWT\Signer or by adding its config to signers
and algorithmTypes and using its ID for signer.
As stated in lcobucci/jwt documentation: Although BLAKE2B is fantastic due to its performance, it's not JWT standard and won't necessarily be offered by other libraries.
Since lcobucci/jwt 4.2.0 signers require the minimum key length to make sure those are properly secured, otherwise
the InvalidKeyProvided is thrown.
For symmetric signers signingKey is required. For asymmetric ones you also need to set verifyingKey. Keys can be
provided as simple strings, configuration arrays, or instances of Lcobucci\JWT\Signer\Key.
Configuration array can be as the following:
[
'key' => /* key content */,
'passphrase' => /* key passphrase */,
'method' => /* method type */,
]- key (Jwt::KEY) - string, default
'', - passphrase (Jwt::PASSPHRASE) - string, default
'', - method (Jwt::METHOD) - string, default
Jwt::METHOD_PLAIN, available:Jwt::METHOD_PLAIN,Jwt::METHOD_BASE64,Jwt::METHOD_FILE(see https://lcobucci-jwt.readthedocs.io/en/latest/configuration/)
Simple string keys are shortcuts to the following array configs:
-
key starts with
@orfile://:[ 'key' => /* given key itself */, 'passphrase' => '', 'method' => Jwt::METHOD_FILE, ]Detecting
@at the beginning assumes Yii alias has been provided, so it will be resolved withYii::getAlias(). -
key doesn't start with
@norfile://:[ 'key' => /* given key itself */, 'passphrase' => '', 'method' => Jwt::METHOD_PLAIN, ]
$now = new \DateTimeImmutable();
/** @var \Lcobucci\JWT\Token\Plain $token */
$token = Yii::$app->jwt->getBuilder()
// Configures the issuer (iss claim)
->issuedBy('http://example.com')
// Configures the audience (aud claim)
->permittedFor('http://example.org')
// Configures the id (jti claim)
->identifiedBy('4f1g23a12aa')
// Configures the time that the token was issued (iat claim)
->issuedAt($now)
// Configures the time that the token can be used (nbf claim)
->canOnlyBeUsedAfter($now->modify('+1 minute'))
// Configures the expiration time of the token (exp claim)
->expiresAt($now->modify('+1 hour'))
// Configures a new claim, called "uid"
->withClaim('uid', 1)
// Configures a new header, called "foo"
->withHeader('foo', 'bar')
// Builds a new token
->getToken(
Yii::$app->jwt->getConfiguration()->signer(),
Yii::$app->jwt->getConfiguration()->signingKey()
);
$tokenString = $token->toString();See https://lcobucci-jwt.readthedocs.io/en/latest/issuing-tokens/ for more info.
/** @var string $jwt */
/** @var \Lcobucci\JWT\Token $token */
$token = Yii::$app->jwt->parse($jwt);See https://lcobucci-jwt.readthedocs.io/en/latest/parsing-tokens/ for more info.
You can validate a token or perform an assertion on it (see https://lcobucci-jwt.readthedocs.io/en/latest/validating-tokens/).
For validation use:
/** @var \Lcobucci\JWT\Token | string $token */
/** @var bool $result */
$result = Yii::$app->jwt->validate($token);For assertion use:
/** @var \Lcobucci\JWT\Token | string $token */
Yii::$app->jwt->assert($token);You MUST provide at least one constraint, otherwise Lcobucci\JWT\Validation\NoConstraintsGiven exception will be
thrown. There are several ways to provide constraints:
-
directly:
Yii::$app->jwt->getConfiguration()->setValidationConstraints(/* constaints here */);
-
through component configuration:
[ 'validationConstraints' => /* array of instances of Lcobucci\JWT\Validation\Constraint or array of configuration arrays that can be resolved as Constraint instances or anonymous function that can be resolved as array of Constraint instances with signature `function(\bizley\jwt\Jwt $jwt)` where $jwt will be an instance of this component */, ]
Note: By default, this package is not adding any constraints out-of-the-box, you must configure them yourself like in the examples above.
Configure the authenticator behavior in the controller.
class ExampleController extends Controller
{
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['authenticator'] = [
'class' => \bizley\jwt\JwtHttpBearerAuth::class,
];
return $behaviors;
}
}There are special options available:
- jwt - string ID of component (default with
'jwt'), component configuration array, or an instance ofbizley\jwt\Jwt, - auth - callable or
null(default) - anonymous function with signaturefunction (\Lcobucci\JWT\Token $token)that should return identity of user authenticated with the JWT payload information. If $auth is not provided methodyii\web\User::loginByAccessToken()will be called instead. - throwException - bool (default
true) - whether the filter should throw an exception i.e. if the token has an invalid format. If there are multiple auth filters (CompositeAuth) it can make sense to "silent fail" and pass the validation process to the next filter on the composite auth list.
For other configuration options refer to the Yii 2 Guide.
Please refer to the lcobucci/jwt Documentation.
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent