JWT - PHP Online
Form of PHP Sandbox
*** This page was generated with the meta tag "noindex, nofollow". This happened because you selected this option before saving or the system detected it as spam. This means that this page will never get into the search engines and the search bot will not crawl it. There is nothing to worry about, you can still share it with anyone.
Enter Your PHP code here for testing/debugging in the Online PHP Sandbox. As in the usual PHP files, you can also add HTML, but do not forget to add the tag <?php
in the places where the PHP script should be executed.
Result of php executing
Full code of JWT.php
- <?php
- class Jwt
- {
- //头部
- private $header = array(
- 'alg' => 'HS256', //生成signature的算法
- 'typ' => 'JWT' //类型
- );
- //使用HMAC生成信息摘要时所使用的密钥
- private $key = 'jjpj-3#^*';
- private $time = 0;
- private $payload = [];
- public function setExpire(int $expire): Jwt
- {
- $this->expire = $expire;
- return $this;
- }
- /**
- * 获取时间
- * @return int
- */
- private function getTime(): int
- {
- return time();
- }
- public function __construct()
- {
- $this->time = $this->getTime();
- }
- public function setKey(string $key): Jwt
- {
- $this->key = $key;
- return $this;
- }
- /**
- * 获取jwt token
- * @param array $payload jwt载荷 格式如下非必须
- * [
- * 'iss'=>'jwt_admin', //该JWT的签发者
- * 'iat'=>time(), //签发时间
- * 'exp'=>time()+7200, //过期时间
- * 'nbf'=>time()+60, //该时间之前不接收处理该Token
- * 'sub'=>'www.admin.com', //面向的用户
- * 'jti'=>md5(uniqid('JWT').time()) //该Token唯一标识
- * ]
- * @return string
- * @throws Exception
- */
- public function generate(array $payload): string
- {
- if (!isset($payload['iss'])) {
- $payload['iss'] = 'API v.1';
- }
- if (!isset($payload['sub'])) {
- $payload['sub'] = 'apiAuth';
- }
- if (!isset($payload['aud'])) {
- $payload['aud'] = 'HOST';
- }
- if (!isset($payload['exp'])) {
- $payload['exp'] = $this->getTime() + 60;
- }
- if (!isset($payload['nbf'])) {
- $payload['nbf'] = $this->getTime();
- }
- if (!isset($payload['iat'])) {
- $payload['iat'] = $this->getTime();
- }
- $base64header = $this->base64UrlEncode(json_encode($this->header, JSON_UNESCAPED_UNICODE));
- $base64payload = $this->base64UrlEncode(json_encode($payload, JSON_UNESCAPED_UNICODE));
- return $base64header . '.' . $base64payload . '.' . $this->signature(
- $base64header . '.' . $base64payload,
- $this->key,
- $this->header['alg']
- );
- }
- /**
- * 验证token是否有效,默认验证exp,nbf,iat时间
- * @param string $Token 需要验证的token
- * @return bool|string
- */
- public function verify(string $Token)
- {
- $tokens = explode('.', $Token);
- if (count($tokens) != 3) {
- return false;
- }
- list($base64header, $base64payload, $sign) = $tokens;
- //获取jwt算法
- $base64decodeheader = json_decode($this->base64UrlDecode($base64header), true);
- if (empty($base64decodeheader['alg'])) {
- return false;
- }
- //签名验证
- if ($this->signature($base64header . '.' . $base64payload, $this->key, $base64decodeheader['alg']) !== $sign) {
- return false;
- }
- $this->payload = json_decode($this->base64UrlDecode($base64payload), true);
- //签发时间大于当前服务器时间验证失败
- if (isset($this->payload['iat']) && $this->payload['iat'] > $this->time) {
- return false;
- }
- //过期时间小宇当前服务器时间验证失败
- if (isset($this->payload['exp']) && $this->payload['exp'] < $this->time) {
- return false;
- }
- //该nbf时间之前不接收处理该Token
- if (isset($this->payload['nbf']) && $this->payload['nbf'] > $this->time) {
- return false;
- }
- return true;
- }
- public function payload(): array
- {
- return $this->payload;
- }
- /**
- * base64UrlEncode https://jwt.io/ 中base64UrlEncode编码实现
- * @param string $input 需要编码的字符串
- * @return string
- */
- private function base64UrlEncode(string $input)
- {
- return str_replace('=', '', strtr(base64_encode($input), '+/', '-_'));
- }
- /**
- * base64UrlEncode https://jwt.io/ 中base64UrlEncode解码实现
- * @param string $input 需要解码的字符串
- * @return bool|string
- */
- private static function base64UrlDecode(string $input)
- {
- $remainder = strlen($input) % 4;
- if ($remainder) {
- $addlen = 4 - $remainder;
- $input .= str_repeat('=', $addlen);
- }
- return base64_decode(strtr($input, '-_', '+/'));
- }
- /**
- * HMACSHA256签名 https://jwt.io/ 中HMACSHA256签名实现
- * @param string $input 为base64UrlEncode(header).".".base64UrlEncode(payload)
- * @param string $key
- * @param string $alg 算法方式
- * @return mixed
- */
- private function signature(string $input, string $key, string $alg = 'HS256')
- {
- $alg_config = array(
- 'HS256' => 'sha256'
- );
- return $this->base64UrlEncode(hash_hmac($alg_config[$alg], $input, $key, true));
- }
- }
- //example
- $data = [
- 'name'=>'long',
- 'age'=>18,
- 'exp' => time() + 60,
- ];
- $jwt = new Jwt;
- $token = $jwt->generate($data);
- if($jwt->verify($token) === true) {
- var_dump($token);
- var_dump($jwt->payload());
- }
File Description
- JWT
- PHP Code
- 05 Jul-2021
- 5.06 Kb
You can Share it:
Latest PHP Pastes