JWT functions¶

Introduction¶

JSON Web Token (JWT) functions allow for the creation, verification, and decoding of JWTs. For more information on the JWT specification, refer to IETF RFC 7519: JSON Web Token (JWT).

CreateJwtToken¶

Declaration¶

string CreateJwtToken(string header, string payload[, string private_key, string public_key])

Syntax¶

CreateJwtToken(<header>, <payload>[, <private_key>, <public_key>])

Required parameters¶

• header: A JSON string containing any expected header values for the alg, typ, cty, and kid keys. Thes key-value pairs are case insensitive. All other key-value pairs will be ignored. Supported algorithms include HS256, HS384, HS512, PS256, PS384, PS512, RS256, RS384, RS512, ES256, ES256K, ES384, ES512, EdDSA, and None. If a value for alg is unrecognized, it will be set to None. If a value for typ is unrecognized, it will be set to JWT.
• payload: A JSON string containing any expected payload values representing JWT claims. All key-value pairs will be treated as a valid claim. If claims like aud support multiple values, they can be defined as a comma-delimited string, for example audience1, audience2, audience3. Supported registered claims include iss, sub, aud, exp, nbf, iat, and jti. For exp, nbf, and iat to be treated as registered claims, they must be set using integer value (1234567890, not "1234567890").

Optional parameters¶

• private_key: A string private key for the algorithm specified in the header. If the None algorithm is used, this field is ignored.
• public_key: A string public key for the algorithm specified in the header. If the None, HS256, HS384, or HS512 algorithms are used, this field is ignored.

Description¶

Creates a JWT using the supplied information. On success, a string representing the newly created token is returned; otherwise, any error messages are returned.

Only the first two parameters are required for all cases. The remaining parameters are situational and may be required based on the chosen JWT algorithm.

Examples¶

// Define the JWT header:
$header = '{"alg": "None", "typ": "JWT"}';

// Define the JWT payload:
$payload = '{"iat": 1234567890, "name": "Example", "test": "Test"}';

CreateJwtToken($header, $payload, "", "");

// Define the JWT header:
$header = '{"alg": "RS256", "typ": "JWT"}';

// Define the JWT payload:
$payload = '{"iat": 1234567890, "name": "Example", "test": "Test"}';

$privateKey = "-----BEGIN RSA PRIVATE KEY-----...";
$publicKey = "-----BEGIN PUBLIC KEY-----...";

CreateJwtToken($header, $payload, $privateKey, $publicKey);

VerifyJwt¶

Declaration¶

bool VerifyJwt(string token)

Syntax¶

VerifyJwt(<token>)

Required parameters¶

• token: A string representing the JWT.

Description¶

Checks if the supplied token is a valid JWT token and returns a boolean (true or false) based on the result. This function verifies the token's formatting only, see VerifyJwtClaims for a more comprehensive claims verification.

Examples¶

// Check if a token is in JWT format:
VerifyJwt("AxE9qm4aTZiXvA2G8sblAxjeL...");

VerifyJwtClaims¶

Declaration¶

bool VerifyJwtClaims(string token, string algorithm, string key[, string claims])

Syntax¶

VerifyJwtClaims(<token>, <algorithm>, <key>[, <claims>])

Required parameters¶

• token: A string representing the JWT.
• algorithm: The algorithm used for claims verification.
• key: The secret key used for claims verification.

Optional parameters¶

• claims: A JSON string containing the claims to be verified.

Description¶

Verifies if the supplied token's claims are valid (not modified) given the supplied algorithm and secret key and returns a boolean (true or false) based on the result. If the token itself is not valid, false is returned without checking the claims. If no claims are supplied, this function instead acts like the VerifyJwt function, ignoring the algorithm and secret key.

Examples¶

// Verify JWT claims:
VerifyJwtClaims("AxE9qm4aTZiXvA2G8sblAxjeL...", "RS256", "Secret", '{"iat": 1234567890, "name": "Example", "test": "Test"}');

// Empty claims workaround:
VerifyJwtClaims("AxE9qm4aTZiXvA2G8sblAxjeL...", "RS256", "Secret", "{}");

DecodeJwtToken¶

Declaration¶

string DecodeJwtToken(string token)

Syntax¶

DecodeJwtToken(<token>)

Required parameters¶

• token: A string representing the JWT.

Description¶

Decodes the supplied token to retrieve its claims. On success, a string containing the decoded claims is returned. If the token is not valid, an empty string is returned. Otherwise, any error messages are returned.

Examples¶

// Decode a JWT token:
DecodeJwtToken("AxE9qm4aTZiXvA2G8sblAxjeL...");

GetJwtHeader¶

Declaration¶

string GetJwtHeader(string token)

Syntax¶

GetJwtHeader(<token>)

Required parameters¶

• token: A string representing the JWT.

Description¶

Retrieves the header from the JWT. On success, a string containing the header is returned. If the token is not valid, an empty string is returned.

Examples¶

// Retrieve a JWT header:
GetJwtHeader("AxE9qm4aTZiXvA2G8sblAxjeL...");

GetJwtPayload¶

Declaration¶

string GetJwtPayload(string token)

Syntax¶

GetJwtPayload(<token>)

Required parameters¶

• token: A string representing the JWT.

Description¶

Retrieves the payload from the JWT. On success, a string containing the payload is returned. If the token is not valid, an empty string is returned.

Examples¶

// Retrieve a JWT payload:
GetJwtPayload("AxE9qm4aTZiXvA2G8sblAxjeL...");

GetJwtSignature¶

Declaration¶

string GetJwtSignature(string token)

Syntax¶

GetJwtSignature(<token>)

Required parameters¶

• token: A string representing the JWT.

Description¶

Retrieves the signature from the JWT. On success, a string containing the signature is returned. If the token is not valid, an empty string is returned.

Examples¶

// Retrieve a JWT signature:
GetJwtSignature("AxE9qm4aTZiXvA2G8sblAxjeL...");