kelvinmo / simplejwt Goto Github PK
View Code? Open in Web Editor NEWA simple JSON web token library written in PHP.
License: Other
A simple JSON web token library written in PHP.
License: Other
Hi. This typo
is triggering a warning:
User Deprecated: The "SimpleJWT\Crypt\AESCBC_HMACSHA2::encryptAndSign()" method will require a new "string $addtional" argument in the next major version of its interface "SimpleJWT\Crypt\EncryptionAlgorithm", not defining it is deprecated.
I'm using PHP 7.2.11 together with OpenSSL 1.1.1. This makes openssl_get_md_methods
return everything as lowercase strings. Therefore no supported algs will be detected.
0 => 'blake2b512',
1 => 'blake2s256',
2 => 'md4',
3 => 'md5',
4 => 'md5-sha1',
5 => 'mdc2',
6 => 'ripemd160',
7 => 'sha1',
8 => 'sha224',
9 => 'sha256',
10 => 'sha3-224',
11 => 'sha3-256',
12 => 'sha3-384',
13 => 'sha3-512',
14 => 'sha384',
15 => 'sha512',
16 => 'sha512-224',
17 => 'sha512-256',
18 => 'shake128',
19 => 'shake256',
20 => 'sm3',
21 => 'whirlpool',
)
Hello Kelvinmo,
var private_key = 'MIGHAgEAMBMGByqGfdfdfffffdfdfffG0wawIBAQQg11u3eXyPlKWlTpCnpaq+LfVzsXTlL3WT04KHIvDsHk6hRANCAASOQ4PjYOOzjxXt'
private_key = "-----BEGIN PRIVATE KEY-----\n" + private_key + "\n-----END PRIVATE KEY-----"
var header = {
kid: 'fcb746c8ffdf761566516580c2'
}
// Note
$headers['alg'] is required
$headers = ['alg' => 'ES256', 'typ' => 'JWT'];
$claims = ['iss' => 'me', 'exp' => 1234567];
$jwt = new SimpleJWT\JWT($headers, $claims);
In PHP 7.3, json_decode()
supports the JSON_THROW_ON_ERROR
flag that throws a JsonException if an error is encountered during JSON decoding. This can be used instead of detecting false
.
I'm trying to import an RSA key generated with openssl genrsa -out private_key.pem 2048
.
I'm using the following syntax :
$key = new SimpleJWT\Keys\RSAKey(file_get_contents('keys/dipli_privkey.pem'), 'pem');
When I add it to a KeySet
I get a lot of warnings, like Undefined array key "e"
.
In the RSAKey
code that, when the Key is read in format
pem
:
BEGIN PUBLIC KEY
,BEGIN RSA PRIVATE KEY
,openssl genrsa -out private_key.pem 2048
RSAKey
and put it in a KeySet
require_once 'vendor/autoload.php';
$set = new SimpleJWT\Keys\KeySet();
$key = new SimpleJWT\Keys\RSAKey(file_get_contents('private_key.pem'), 'pem');
$set->add($key, true);
The key is loaded or an exception is thrown.
Fatal error: Uncaught RuntimeException: Undefined array key "e" in C:\Applications\Projets\firebase-jwt\firebase-jwt\simplejwt_basic.php on line 3
Are you sure that JWE::__construct parameter $plainttext is array?
* @param array $plaintext the plaintext to encrypt
It is triggering phpstan errors.
SimpleJWT/JWT.php
line-259 $kid and $keys
use of uninitialized value
Hi,
After much searching, your library was the only standalone one that allowed me to do a webpush successfully to chrome on PHP 5.6, so thank you!
My next step is to add on pushed data. It seems that pushed data needs to be encrypted using AES128GCM. Pardon my question, but I'm unfamiliar with cryptography, is JWE meant to do this?
Thank you!
With ECDH-ES+A256KW produce exception "Key not found or is invalid " .
<?php
include './vendor/autoload.php';
$set = new SimpleJWT\Keys\KeySet();
$key = '{"kty": "EC",
"d": "3DCgwJeF_IRdhF1B8JYRZOm4Frt_XrknFotgE_RcVj_z053yhHF4zhM6W-z7dd2X","use": "enc","crv": "P-384",
"x": "q4yHCxdvXDA6PODaM9IkpjCUh9gRgpkIN_gV1i5HzJUOHCkC4HMrFiIduZZsVdQf",
"y": "fFrsS5ZIlf0CKAnxRXhnbSHcGTByVxULEPyN_9jKOlb85wZv4VoIEtIBxeHYkLCe","alg": "ECDH-ES+A256KW"}';
// JWK format
$key = new SimpleJWT\Keys\ECKey($key, 'json', null, 'ECDH-ES+A256KW');
$set->add($key);
$token = 'eyJhbGciOiJFQ0RILUVTK0EyNTZLVyIsImVuYyI6IkEyNTZHQ00iLCJlcGsiOnsia3R5IjoiRUMiLCJ4IjoiVDFIazlQell6SUY5NW9ESDJENTFZXzJGVUZuZ3RKZWxpbW11UTZJbHlyVWhuVGlfYlk1ZFplY0lPNExQRmp1byIsInkiOiJlLVBQbTNEQjB0N2F1RUNCV0Q0MkZxMlVDeXNuQ0NjQUxDUy1NWHMwclV3U0pLQmFMWTcwb1lzcWprMnJQVjROIiwiY3J2IjoiUC0zODQifX0.6vW-S_7om9iHMYc2JzkwijQV4msn55YRrDYQ2EMs3-bg3Y7I0dBrDA.CQ45omsfTgrZlrJd.58LMMeqXOogn6i6JI5VbrFucwI_hStOGNXgOqXsExNARXlYPSHweSXXGS_nYaa90srl9a5HTbn1YJEtduB0YKekULRXK1la5uOiHnw5tuRJUqXVTA-_l_Nv7PZWzPZOua2quUGMw5c8y55c8qImO02gw_tbopnqwROUHR-eeBMiRwEkpBDl8AlSOQsLd-6MZ3kqaLuGyhw0rQ9DPZlucB1DB0rF2WYEwnz72I1aB2XLmrVuIRkTbVRRxMp9Qt8BLP8Uay-8Qr3HvMfQDftKydtAKiQLXHTMLoo5H8s69i-1baFynJjH4nNpnujJGONkBSQg9RmWf-5CdiZnQC1g4hSvL5p6RM0sGXR4jORlzd-TNSmZeOe1mvEHifCmeyCQ1T0NNBrtsSUeT6lckEFjyvjKau6eZxoa3nyzpzMooNw8u-e-s9uctYmdVmYm75PWqkzencTnccTtmZjuBdehplM0SLbGYrxoxIoBBoozrACeIQITHi73DB1kSQdbfOfb_nuo26PEaIgvsncj-he0v.y3mcOAn4nXDleSobp2eQYg';
$res = SimpleJWT\JWE::decrypt($token,$set,'ECDH-ES+A256KW');
echo $res->getPlaintext();
Expected {"refreshToken":"0607a317-044c-49dc-83ea-89bbf7766c03","authToken":"c8945473-6217-4ec7-a543-09371ee156e3","deviceId":"ffaa1991-273d-4f45-a4c2-6bfbf682db24","serverPublic":{"kty":"EC","crv":"P-384","x":"qL6f_m1pa35_UHnZFQ-4MzuSPzbQJiPmzJqbwQC4KdxnPuSe2uGpwiBMmVzr6NyZ","y":"LI_AYpAWP3DZTXHgWApUOZJHmpFJ4zhpQx8YWNueEiyQVPeP58DCjmD7LtxSrmGv"},"tokenExpirationDateTime":"2023-08-12 11:49:45.0350 +0000"}
Works only with changes in JWE::decrypt
$key_enc = AlgorithmFactory::create($headers['alg']);
/** @var \SimpleJWT\Crypt\Encryption\EncryptionAlgorithm $content_enc */
$content_enc = AlgorithmFactory::create($headers['enc']);
if (false and $key_enc instanceof KeyDerivationAlgorithm) {
I encountered the problem in the specific case of using JWT::decode
here I give \SimpleJWT\Keys\KeySet
, but the docblock requires \SimpleJWT\SimpleJWT\Keys\KeySet
.
The docblock itself shows SimpleJWT\Keys\KeySet
, because of the missing \
it adds the own namespace SimpleJWT
to it. There are two options to fix it.
\
to the docblockSimpleJWT\
from itI can provide a pull request if I get permissions to push to the repository.
Thanks in advance! And thanks for this library, saved me a lot of time already!
Hi,
I am using the example the readme.
For some reason when I want to verify my sign token and getting the following error:
SimpleJWT\InvalidTokenException: Key not found or is invalid in SimpleJWT\JWT::decode()
$set = new SimpleJWT\Keys\KeySet();
$key_private = new SimpleJWT\Keys\RSAKey(file_get_contents([part to the private key]/key.pem', true), 'pem');
$set->add($key_private);
$headers = array('alg' => 'RS256', 'typ' => 'JWT');
$claims = array("iss" => "joe", "exp" => 1300819380, "http://example.com/is_root" => true); //for example
$jwt_hc= new SimpleJWT\JWT($headers, $claims);
$jwt = $jwt_hc->encode($set);
$jwt_decode = SimpleJWT\JWT::decode($jwt, $set, 'RS256');
Please I need help.
Hi, I am getting this error when I use the package with Laravel 10:
Call to undefined method SimpleJWT\Crypt\RSAES::getSigningKey()
This is my code:
$key_pem = base64_decode($serverTransportKey); // $serverTransportKey = public key enconde in base 64
$set = new KeySet();
$key = new RSAKey($key_pem, 'pem');
$set->add($key);
$headers = [
'alg' => 'RSA-OAEP-256',
'enc' => 'A256GCM',
];
$jwt = new JWT($headers, $card); // $card is an array with data
try {
return $jwt->encode($set);
} catch (Exception $e) {
print_r('Exception Message: '. $e->getMessage());
print_r('Exception Code: '. $e->getCode());
print_r('Exception String: '. $e->__toString());
return false;
}
Currently SimpleJWT ignores any stored key_ops
parameter when selecting keys from a KeySet. This should be respected, particularly for operations which are not included in the key_ops
parameter.
ExceptionError occurred during use of SimpleJWT library.
// By adding a key manually
$set = new SimpleJWT\Keys\KeySet();
// PEM format - note raw key only, no X.509 certificates
try {
$key = new SimpleJWT\Keys\RSAKey(file_get_contents(storage_path('************************')),'pem');
$set->add($key);
$headers = ['alg' => 'RSA-OAEP-256', 'enc' => 'A256GCM'];
$plaintext = 'This is the plaintext I want to encrypt.';
$jwt = new JWE($headers, $plaintext);
print $jwt->encrypt($set);
} catch (RuntimeException $err) {
print $err;
}
We are desired to payload data using RSAKey encryption (algorithm - RSA-OAEP-256). During this process we are using the method "By adding a key manually".
Hi,
Yesterday I completed a JWE integration and noted that there is an error in simplejwt/src/SimpleJWT/JWE.php:134
$agreed_key = $key_enc->deriveKey($keys, $headers, $kid);
The variable $kid is not defined in this scope, it doesn't get defined untill line number 149, causing either an error or a notice, depending on the system. Default in Laravel it will throw a nasty error.
I had to remove , $kid
in order to get it working with the following code:
$set = new KeySet();
$key = new SymmetricKey('HIDDEN_KEY', 'bin');
$set->add($key);
$token = $_GET['orderKey'];
try {
$jwe = JWE::decrypt($token, $set, 'dir');
$data = $jwe->getPlaintext();
$data = json_decode($data);
print_r($data);
} catch (InvalidTokenException $e) {
print_r($e);
}
This issue seems similar to #13 , however a little bit different.
Hi!, i have a encript<->decrypt JWE problem, when i try to decrypt tell me "Key not found or is invalid".
public function encodePin($pin){
$stripe=json_decode(file_get_contents('url'));
$set = new SimpleJWT\Keys\KeySet();
$key=new SimpleJWT\Keys\RSAKey(json_encode($stripe->jwk), 'json');
$key->setKeyId($stripe->key_id);
$set->add($key);
$headers = ['alg' => 'RSA-OAEP', 'enc' => 'A128CBC-HS256'];
$jwt = new SimpleJWT\JWE($headers, $pin);
try {
return $jwt->encrypt($set);
} catch (Exception $e) {
return ['status'=>'ko','error'=>$e->getMessage()];
}
}
The url gets me a json similar:
{
"key_id": "xxxxxx",
"pkcs8": "xxxxxxx",
"jwk": {
"kty": "RSA",
"kid": "xxxx",
"use": "enc",
"n": "xxxx",
"e": "AQAB"
}
}
When i try to decode return me "Key not found or is invalid".
public function decodePin($token){
$stripe=json_decode(file_get_contents('url'));
$set = new SimpleJWT\Keys\KeySet();
$key=new SimpleJWT\Keys\RSAKey(json_encode($stripe->jwk), 'json');
$key->setKeyId($stripe->key_id);
$set->add($key);
try {
$jwt = SimpleJWT\JWE::decrypt($token, $set, 'RSA-OAEP');
printr($jwt);
printr ($jwt->getHeader('alg'));
printr ($jwt->getPlaintext());
} catch (\RuntimeException $e) {
printr ($e->getMessage());
}
}
Thanks for help.
Hi. Could you please do something like:
$detect_result = Helper::detect($token);
if (!$detect_result) {
throw new \InvalidArgumentException('Incorrect format');
}
$format = $detect_result['format'];
to prevent triggering "undefined index"?
When decoding an invalid COMPACT_FORMAT token, the syntax to throw an exception is incorrect
Hi,
Thanks for this simple library. I have a similar problem. Getting "SimpleJWT\InvalidTokenException: Key not found or is invalid in SimpleJWT\JWE::decrypt() ". My code is as below and I am trying to decrypt the token from the other party.
$set = new \SimpleJWT\Keys\KeySet();
$key = new \SimpleJWT\Keys\RSAKey((array) $private_key, 'php');
$set->add($key);
$jwt = \SimpleJWT\JWE::decrypt($response_data['id_token'], $set, 'RSA-OAEP'); // Key not found or is invalid
My Private key format is as below:
{
"kty": "RSA",
"d": "xxx",
"e": "AQAB",
"n": "yyyy"
}
Originally posted by @makarandchavan in #13 (comment)
Unable to install the package on a "laravel/framework": "^6.2"
app. Getting the following error when trying to install with composer.
Problem 1
- Installation request for kelvinmo/simplejwt ^0.4.0 -> satisfiable by kelvinmo/simplejwt[v0.4.0].
- Conclusion: remove symfony/console v4.4.10
- Conclusion: don't install symfony/console v4.4.10
- kelvinmo/simplejwt v0.4.0 requires symfony/console ~2.8 -> satisfiable by symfony/console[2.8.x-dev, v2.8.0, v2.8.0-BETA1, v2.8.1, v2.8.10, v2.8.11, v2.8.12, v2.8.13, v2.8.14, v2.8.15, v2.8.16, v2.8.17, v2.8.18, v2.8.19, v2.8.2, v2.8.20, v2.8.21, v2.8.22, v2.8.23, v2.8.24, v2.8.25, v2.8.26, v2.8.27, v2.8.28, v2.8.29, v2.8.3, v2.8.30, v2.8.31, v2.8.32, v2.8.33, v2.8.34, v2.8.35, v2.8.36, v2.8.37, v2.8.38, v2.8.39, v2.8.4, v2.8.40, v2.8.41, v2.8.42, v2.8.43, v2.8.44, v2.8.45, v2.8.46, v2.8.47, v2.8.48, v2.8.49, v2.8.5, v2.8.50, v2.8.52, v2.8.6, v2.8.7, v2.8.8, v2.8.9].
This package is required with the googleapis/google-auth-library-php package.
When using Prime 256 key the length of x and y should both be 32 byte.
but when dump key object, i got 31 and 33 byte of x and y.
Sample dump is here
object(SimpleJWT\Keys\ECKey)#1 (1) {
["data":protected]=>
array(6) {
["kty"]=>
string(2) "EC"
["crv"]=>
string(5) "P-256"
["d"]=>
string(43) "MCLUMijLCR8uuVrjgZxaMWtHnElEPhewa1vLEouThZc"
["x"]=>
string(42) "7ctn9jXL_oYnSE_jwiDyI3mxEy4s2CxbIYB_i5tmSg"
["y"]=>
string(44) "zuUFbsHCKVZhZ13IZMluI0lDXhzQkNy7MO-cYK7sWdiK"
["kid"]=>
string(6) "example"
}
}
Can't update to Laravel 11 because it requires symfony 7
Line 36 in 6fb973a
This line leads to an error while converting the RSA keys to JSON Web Key Sets within my SimpleID installation:
PHP Warning: include(/var/www/simpleid/www/vendor/kelvinmo/simplejwt/bin/../vendor/autoload.php): failed to open stream: No such file or directory in /var/www/simpleid/www/vendor/kelvinmo/simplejwt/bin/jwkstool.php on line 36
ECDH does not work in PHP 8.1
Run phpunit under PHP 8.1
1) ECDH_AESKeyWrapTest::testECDHES_A128KW
Undefined array key "crv"
/home/runner/work/simplejwt/simplejwt/src/SimpleJWT/Keys/Key.php:287
/home/runner/work/simplejwt/simplejwt/src/SimpleJWT/Keys/Key.php:91
/home/runner/work/simplejwt/simplejwt/src/SimpleJWT/Keys/ECKey.php:189
/home/runner/work/simplejwt/simplejwt/src/SimpleJWT/Crypt/ECDH.php:190
/home/runner/work/simplejwt/simplejwt/src/SimpleJWT/Crypt/ECDH.php:149
/home/runner/work/simplejwt/simplejwt/src/SimpleJWT/Crypt/ECDH_AESKeyWrap.php:75
/home/runner/work/simplejwt/simplejwt/tests/ECDH_AESKeyWrapTest.php:58
2) ECDH_AESKeyWrapTest::testECDHES_A192KW
Undefined array key "crv"
/home/runner/work/simplejwt/simplejwt/src/SimpleJWT/Keys/Key.php:287
/home/runner/work/simplejwt/simplejwt/src/SimpleJWT/Keys/Key.php:91
/home/runner/work/simplejwt/simplejwt/src/SimpleJWT/Keys/ECKey.php:189
/home/runner/work/simplejwt/simplejwt/src/SimpleJWT/Crypt/ECDH.php:190
/home/runner/work/simplejwt/simplejwt/src/SimpleJWT/Crypt/ECDH.php:149
/home/runner/work/simplejwt/simplejwt/src/SimpleJWT/Crypt/ECDH_AESKeyWrap.php:75
/home/runner/work/simplejwt/simplejwt/tests/ECDH_AESKeyWrapTest.php:77
3) ECDH_AESKeyWrapTest::testECDHES_A256KW
Undefined array key "crv"
/home/runner/work/simplejwt/simplejwt/src/SimpleJWT/Keys/Key.php:287
/home/runner/work/simplejwt/simplejwt/src/SimpleJWT/Keys/Key.php:91
/home/runner/work/simplejwt/simplejwt/src/SimpleJWT/Keys/ECKey.php:189
/home/runner/work/simplejwt/simplejwt/src/SimpleJWT/Crypt/ECDH.php:190
/home/runner/work/simplejwt/simplejwt/src/SimpleJWT/Crypt/ECDH.php:149
/home/runner/work/simplejwt/simplejwt/src/SimpleJWT/Crypt/ECDH_AESKeyWrap.php:75
/home/runner/work/simplejwt/simplejwt/tests/ECDH_AESKeyWrapTest.php:95
This is occurring because in PHP 8.1, openssl exports EC keys in PKCS#8 format instead of RFC 5915 format, and ECKey
does not recognise the new format
On PHP 8.3 composer install version 0.3 because of requirement: "php": "^8.0"
I am not aware of something what should not work on 8.3, so maybe requirement should be "php": "^8".
Hello,
First of all, thanks for this JWT library, it looks like to be the easiest one to use that also supports encryption.
I think i'm a bit confused as to how to create a JWE from a JWS though. I keep getting a Key not found or is invalid
error when decrypting the JWE. Here's how i'm trying to do it :
<?php
$keys = \SimpleJWT\Keys\KeySet::createFromSecret('secret123');
$headers_jwt = ['alg' => 'HS512', 'typ' => 'JWT'];
$claims = [
'iss' => 'me',
'iat' => time(),
'exp' => time() + (24 * 60 * 60),
];
$jwt = new \SimpleJWT\JWT($headers_jwt, $claims);
$encoded = $jwt->encode($keys);
$headers_jwe = ['alg' => 'PBES2-HS512+A256KW', 'enc' => 'A256CBC-HS512'];
$jwe = new \SimpleJWT\JWE($headers_jwe, $encoded);
$encrypted = $jwe->encrypt($keys);
$decrypted = $jwe->decrypt($encrypted, $keys, 'PBES2-HS512+A256KW'); // Key not found or is invalid
$decoded = $jwt->decode($decrypted->getPlaintext(), $keys, 'HS512');
Am i missing something regarding keys usage ?
After update 0.2.2, I am no longer able to decode PEM keys correctly.
I get the following error:
Key not found or is invalid
My unittests uses the same set of test keys always and while they work in version 0.2.1, they do not work in 0.2.2
Hi,
There seems to be a small error in the readme where you are referencing to decrypt a JWE:
$jwt = SimpleJWT\JWT::decrypt('abc.def.ghi.klm.nop', $set, 'PBES2-HS256+A128KW');
JWT::decrypt()
is not a method, it should be:
JWE::decrypt()
Thank you :)
Hi. I am new to this. I am having trouble running these errors on all files " Uncaught Error: Class 'PHPUnit\Framework\TestCase' ". I tried changing the class extends into "PHPUnit\Framework\TestCase" , I already installed phpunit. but still, this happen.
This library does not support PHP 8.0 according to composer.json
. With my limited testing, the library worked as expected on PHP 8.0 so this may just be as simple as adding ^8.0
to composer.json
i want to decrypt a JWE of this kind:
{"alg":"RSA-OAEP","enc":"A128GCM"}
i get the new Crypt/AESGCM.php file by installing the master branch with
"kelvinmo/simplejwt": "dev-master"
decryption failed with this exception:
Authentication tag does not match
turns out openssl_decrypt with OPENSSL_RAW_DATA needs binary ciphertext.
changing the line
openssl_decrypt($ciphertext, $params['cipher'], $cek, OPENSSL_RAW_DATA, $iv, $tag, $additional);
to
openssl_decrypt(Util::base64url_decode($ciphertext), $params['cipher'], $cek, OPENSSL_RAW_DATA, $iv, $tag, $additional);
works!
kelvinmo/simplejwt v0.4.0 requires symfony/console ~2.8 but it is too much old
symfony/yaml conflicts symfony/console <4.4
Hi, I successfully encrypted a token using JWE. But upon decryption I get the following error:
Cannot decrypt key: error:0909006C:PEM routines:get_name:no start line
error:04099079:rsa routines:RSA_padding_check_PKCS1_OAEP_mgf1:oaep decoding error
error:04065072:rsa routines:rsa_ossl_private_decrypt:padding check failed
Encrypt a plaintext using the following headers.
$headers = ['alg' => 'RSA-OAEP', 'enc' => 'A128CBC-HS256'];
and using the receiver's public key.
Decrypt the output of step 1 using the receiver's private key using the JWE::decrypt function with expected algo set to 'RSA-OAEP'
Add support for Elliptic Curve Diffie-Hellman Ephemeral Static algorithm, including with AES Key Wrap:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.