FizzJWT 介绍
FizzJWT 是一个简单的 PHP 库,用来对 JSON Web Tokens (JWT) 进行编解码,基于 firebase/jwt 开发,为
decode() 函数增加了第三个默认参数 ‘HS256’ (JWT 无状态 restful api 认证)
安装
使用 Composer 来管理依赖和下载 PHP-JWT:
composer require fizzday/fizzjwt dev-master
示例代码
<?php
use Fizzday\FizzJWT\FizzJWT;
$key = "example_key";
$payload = array(
"iss" => "http://fizzday.net",
"aud" => "http://fizzday.net",
"iat" => time(),
"exp" => time() + 60,
"nbf" => time() + 0,
"name" => "fizzday",
"age" => 26,
"sex" => "MALE"
);
/**
* IMPORTANT:
* You must specify supported algorithms for your application. See
* https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40
* for a list of spec-compliant algorithms.
*/
$token = FizzJWT::encode($payload, $key);
$decoded = FizzJWT::decode($token, $key);
print_r($decoded);
/*
NOTE: This will now be an object instead of an associative array. To get
an associative array, you will need to cast it as such:
*/
$decoded_array = (array) $decoded;
/**
* You can add a leeway to account for when there is a clock skew times between
* the signing and verifying servers. It is recommended that this leeway should
* not be bigger than a few minutes.
*
* Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef
*/
// $leeway in seconds, 多延时60秒token才生效,在nbf设定的基础上累加
FizzJWT::$leeway = 60;
$decoded = FizzJWT::decode($token, $key);
注册claim名称有下面几个部分:
iss: token的发行者 sub: token的题目 aud: token的客户 exp: 经常使用的,以数字时间定义失效期,也就是当前时间以后的某个时间本token失效。 nbf: 定义在此时间之前,JWT不会接受处理。 iat: JWT发布时间,能用于决定JWT年龄 jti: JWT唯一标识. 能用于防止 JWT重复使用,一次只用一个token