How to implement JWT using PHP

JWT (JSON Web Tokens) is an open standard based on JSON for securely transferring information between two applications. It consists of 3 parts: Header, Payload and Signature. The Header contains metadata about the Token, the Payload is the part that actually stores the information, and the Signature is used to verify the integrity of the message.

In this article, we will explore how to implement JWT using PHP.

1. Installation dependencies

JWT needs to be installed through Composer. If you have not installed Composer, you can install it with the following command:

curl -sS https://getcomposer.org/installer | php

Then move the Composer executable file to the /usr/local/bin directory:

sudo mv composer.phar /usr/local/bin/composer

Install dependencies:

composer require firebase/php-jwt

2. Create Token

First, we need to create a Token using PHP's jwt_encode() function. Here is an example:

use \Firebase\JWT\JWT;

$key = "my_secret_key"; //密钥
$payload = array(
    "iss" => "localhost",
    "aud" => "localhost",
    "iat" => time(),
    "exp" => time()+60*60 //有效期1小时
);

$jwt = JWT::encode($payload, $key);

In the above example, we use the jwt_encode() function to create a JWT. The $key variable contains the JWT key, and the $payload variable contains the information to be transmitted and the expiration time. The expiration time can be obtained using PHP's time() function. Finally, the jwt_encode() function returns a JWT string.

3. Verify Token

We need to use PHP's jwt_decode() function to verify the JWT. Here is an example:

use \Firebase\JWT\JWT;

$key = "my_secret_key"; //密钥
$jwt = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJsb2NhbGhvc3QiLCJhdWQiOiJsb2NhbGhvc3QiLCJpYXQiOjE1NTg2NTQ2OTksImV4cCI6MTU1ODY5MTg5OSwiZW1haWwiOiJhZG1pbkBleGFtcGxlLmNvbSIsIm5hbWUiOiJhZG1pbiJ9.AmifgOPkE8lx4m4ovHShBc1sPLs9QnNgzuiBZfrjtLw";

try {
    $decoded = JWT::decode($jwt, $key, array('HS256'));
    print_r($decoded);
} catch (Exception $e) {
    echo 'Invalid token: ' . $e->getMessage();
}

In the above example, we used the jwt_decode() function to verify the JWT. If the verification is successful, the function will return an object containing the JWT information.

4. Verify signature

The signature is used to verify the integrity of the JWT. We need to sign the message using a key that is known only to the signature verification mechanism. When the receiver receives the message, he will use the same key to decrypt and verify the message.

JWT uses a technology called "Hash Message Authentication Code" (HMAC) to sign the JWT. This technology requires hashing the JWT Header and Payload and then combining them with the key. Next is an example of signature verification:

use \Firebase\JWT\JWT;

$key = "my_secret_key"; //密钥
$jwt = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJsb2NhbGhvc3QiLCJhdWQiOiJsb2NhbGhvc3QiLCJpYXQiOjE1NTg2NTQ2OTksImV4cCI6MTU1ODY5MTg5OSwiZW1haWwiOiJhZG1pbkBleGFtcGxlLmNvbSIsIm5hbWUiOiJhZG1pbiJ9.AmifgOPkE8lx4m4ovHShBc1sPLs9QnNgzuiBZfrjtLw";

try {
    $decoded = JWT::decode($jwt, $key, array('HS256'));
    $decoded_array = (array) $decoded;
    $signature_valid = JWT::verify("$jwt->header.$jwt->payload", $jwt->signature, $key);

    if ($signature_valid) {
        echo "Valid signature";
    } else {
        echo "Invalid signature";
    }
} catch (Exception $e) {
    echo 'Invalid token: ' . $e->getMessage();
}

In the above example, we used the verify() function to verify the signature. This function will return a boolean value. If the result is true, it means that the signature is valid.

Summary

In this article, we briefly introduced how to implement JWT using PHP. First, we need to install the JWT dependent library, then use the jwt_encode() function to create the Token, use the jwt_decode() function to verify the Token, and finally use the verify() Function to verify signature. These functions can be implemented through Firebase's JWT library.

The above is the detailed content of How to implement JWT using PHP. For more information, please follow other related articles on the PHP Chinese website!