Spoova php framework for web development.

JWSToken

The Jwstoken class is a tool that is used to generate JWS tokens. The following are available methods in the Jwstoken class

set
algo
payload
sign
expires
token
decrypt
isValid
expired
pending
error

The following keywords should be noted:

keywords

    
  secretkey : a secret password string

  hash_algo : hashing algorithm (e.g sha256, md5)

  algo      : any of the options - [HS256|HS384|HS512|RS256]

  type      : any of the options - [JWS|JWT]

  payload   : a data array having predefined keysets iss nbf and exp expected to be hashed

  token     : currently or previously generated token

  $token    : previously generated token

Initializing class

The jwstoken tool can be easily initialized as shown below.

Sample: Initializing Input

  $jws  = new Jwstoken;

set

The set method is used to set or modify the default type and algorithm to be used for generating the jwstokens. The default type is JWS and the default algorithm is HS256. This method can be skipped if the default set parameters are used.

Syntax: set

  $jws->set(type, algo);

We shall be looking at a series of examples below.

Example: setting files

  $jws->set(); // sets default algorithm - ['JWS', 'HS256']

  $jws->set('JWS', 'HS384'); // using JWS with HS384 algorithm

  $jws->set('JWT', 'HS384'); // using JWT with HS384 algorithm

algo

The algo() method is used to overide only the default algorithm set for creating jwstokens. The algorithm supplied must be amongst the valid algorithms.

Syntax: algo

  $jws->algo(hash_algo);

Example

                                        
  $jws->algo('HS512');

payload

The payload() method is used to set a payload for jwstokens.

Syntax: payload

  $jws->payload($payload); // supplies data  to be hashed.

Example

  $payload = [

    'data'=>'mydata',    // some extra data supplied

    'nbf'=>time() + 60,  // time when token becomes active (60secs)

    'exp'=>time() + 120, // time when token becomes expired (2minutes after created)

    'iss' => 'user',     // user who issued token 
  
  ];

  $jws->payload($payload);

The payload supplied has a predefined format which must be followed. This enables the jwstoken class to perform verifications on the token generated. The payload data should be set using the following special array indices.

iss - issued by
nbf - not before
exp - expire time

The values defined above are keys that should be used when supplying some special data.
iss defines the user who issued a token.
nbf defines the time when a generated token should become active in seconds
exp defines the time when a generated token should expire in seconds.

Example: The following payload data ['iss' =>'user', 'nbf'=> 60, 'exp'=>120] tells the jwstoken to issue a token from "user" that becomes active only after 1 minute (60secs) it was generated and valid for 2 minutes (120secs). It should be noted that this token will only have a total of 1 minute activeness because 1 minute is used out of the accessible 2 minutes to pend the token. It is also possible to set tokens that do not expire by not defining the expire time. The nbf can also be avoided by not defining it.

expires

This method sets the time at which a jwstoken must expire in seconds. The minimum acceptable time range is 60 secs which is equivalent of 1 minute.

Syntax: expires

  $jws->expires($time); 
    
      where:
        
       $time: expire time in seconds.

Example

  $jws->expires(120);  // sets expire time to 2 minutes

sign

This method is used to sign a payload. It locks the payload with a secret alogrithm that is specific and can only be decrypted by the server itself. This creates a multi-layered security on the payload when it is encrypted.

Syntax: sign

  $jws->sign(secretkey, hash_algos);

Example: Signing a payload

  $jws = new JWSToken;
  
  $jws->payload($payload); //check payload for $payload supplied
  
  $jws->sign('password123'); //sign and generate a payload with sha256
  
  $jws->sign('password123', 'md5'); //sign and generate a payload with md5

token

This token sets or fetches a generated token. When a token is generated using the sign() method, the token() method returns the current hash string of the generated token. It can also be used to supply a token meant for decryption.

Syntax: token

  $jws->token();  // return a generated token 
  $jws->token($token);  // set a previously generated token

Example: Generating a token

  $jws->payload($payload); // check payload for the $payload used here.
    
  $jws->sign('secret_key');  // lock and sign payload with a secret key
    
  var_dump( $jws->token() );  // output generated token

isValid

This method checks if a supplied token is valid. Only valid tokens return a boolean of true. A token might not be valid for three reasons.

A token may be inactive (i.e pending state).
A token could have expired.
The string supplied might not be a valid token.

Syntax: isValid

  $jws->isValid($secretkey, $hash_algo);  // returns bool of true if token is valid

Example 1

  $jws->payload($payload); // check payload for the $payload used here
    
  $jws->sign('secret', 'sha256');

  $token = $jws->token(); // generate a token.

  var_dump( $jws->isValid($token) ); // returns: true

Example 2

  // $token as some generated token

  var_dump( $jws->token($token)->isValid('password', 'md5') ); // note: hash algo (i.e md5) must match algo used for generating token

decrypt

The decrypt method decrypts a generated token, returning back the supplied payload data.

Syntax: decrypt

  $jws->decrypt($token, $secretkey, $hash_algo); 
 
    Note: if $token is not a valid token or cannot be decrypted, the method returns an empty data.

Example 1

  $jws = new JWSToken;

  $jws->sign($payload, 'pass123', 'md5'); // check payload for the $payload used here.
    
  $token = $jws->token();

  $decrypt = $jws->decrypt($token, 'pass123', 'md5');

  if($decrypt) {

    var_dump($decrypt);

  } else {
        
    var_dump($jws->error);

  }

Example 2

  $jws = new JWSToken;

  $jws->set('JWS', 'md5');

  //$token as some generated token

  if( $jws->token($token)->isValid('pass', 'md5') ) {

      var_dump( $jws->decrypt() );  // returns payload data or null

  } else {

      var_dump( $jws->error );

  }

The jwstoken class supports that when the method isValid() is used, then decrypt() method can be used immediately after, providing a shorter way of decrypting tokens.

expired

This function returns a boolean of true when a token has expired.

Syntax: expired

  $jws->expired(secretkey, hash_algo); // returns true or false 
    
  // Note: when a testing has not been done, it returns an empty string.

Example

  // hash_algo used for generating token should be supplied

  if( $jws->token($token)->expired('pass', 'md5') ) {

    // run code

  }

pending

This function returns a boolean of true if a token is in an inactivated or pending state. Pending tokens are tokens that are meant to become active only after a specified time.

Syntax: pending

  $jws->pending(secretkey, hash_algo); // returns true or false

Example

  // hash_algo used for generating token should be supplied

  if( $jws->token($token)->expired('pass', 'md5') ) {

     // ... run code

  }

error

This function returns an array of error messages if a token is not valid.

Example

  if( !$jws->token($token)->isValid('pass', 'md5') ) {

      var_dump( $jws->error() );

  }

Docs Helpers Classes Jwstoken