alg)) { throw new \DomainException('Empty algorithm'); } if ($sig != JWT::sign("$headb64.$bodyb64", $key, $header->alg)) { throw new SignatureInvalidException('Signature verification failed'); } } return $payload; } /** * Converts and signs a PHP object or array into a JWT string. * * @param object|array $payload PHP object or array * @param string $key The secret key * @param string $alg The signing algorithm. Supported algorithms are 'HS256', 'HS384' and 'HS512' * * @return string A signed JWT */ public static function encode($payload, $key, $alg = 'HS256') { $header = array('typ' => 'JWT', 'alg' => $alg); $segments = array(); $segments[] = JWT::urlsafeB64Encode(JWT::jsonEncode($header)); $segments[] = JWT::urlsafeB64Encode(JWT::jsonEncode($payload)); $signing_input = implode('.', $segments); $signature = JWT::sign($signing_input, $key, $alg); $segments[] = JWT::urlsafeB64Encode($signature); return implode('.', $segments); } /** * Sign input * * @param string $msg The message to sign * @param string $key The secret key * @param string $alg The signing algorithm * * @return string An encrypted message */ public static function sign($msg, $key, $alg = 'HS256') { return hash_hmac(JWT::algToHash($alg), $msg, $key, true); } /** * Converts algorithm name to hash algorithm * * @param string $alg The algorithm name * * @return string The hash algorithm */ public static function algToHash($alg) { static $mapping = array( 'HS256' => 'sha256', 'HS384' => 'sha384', 'HS512' => 'sha512', ); if (empty($mapping[$alg])) { throw new \DomainException('Algorithm not supported'); } return $mapping[$alg]; } /** * Encode to JSON object if necessary * * @param object|array $input The object or array to encode * * @return string The JSON representation of the input * @throws DomainException Provided object could not be encoded to valid JSON */ public static function jsonEncode($input) { $json = json_encode($input); if (JSON_ERROR_NONE !== json_last_error()) { throw new \DomainException('Unable to encode data to JSON format'); } return $json; } /** * Decode from JSON string if necessary * * @param string $input A JSON string * * @return object|array The JSON decoded object or array * @throws DomainException Provided string was invalid JSON */ public static function jsonDecode($input) { $obj = json_decode($input); if (JSON_ERROR_NONE !== json_last_error()) { throw new \DomainException('Unable to decode JSON data'); } return $obj; } /** * Decode a string with URL-safe Base64 * * @param string $input A Base64 encoded string * * @return string A decoded string */ public static function urlsafeB64Decode($input) { $remainder = strlen($input) % 4; if ($remainder) { $padlen = 4 - $remainder; $input .= str_repeat('=', $padlen); } return base64_decode(strtr($input, '-_', '+/')); } /** * Encode a string with URL-safe Base64 * * @param string $input The string you want encoded * * @return string The base64 encode of what you passed in */ public static function urlsafeB64Encode($input) { return str_replace('=', '', strtr(base64_encode($input), '+/', '-_')); } } ?>