jwt
jwt copied to clipboard
psecio
A JWT (JSON Web Token) Encoder & Decoder
According to [RFC 7518](https://tools.ietf.org/html/rfc7518#section-3.4) the key type should be a ECDSA. It's also recommended to check the curve of the key. See https://github.com/namshi/jose/blob/master/src/Namshi/JOSE/Signer/OpenSSL/ECDSA.php for more details.
When using the RS256 algorithm, I would hope to be able to verify a token using the Public Key, but it doesn't appear to work unless I provide a private...
ES256, ES384 are not implemented according to RFC 7518 RFC 7518: "Generate a digital signature of the JWS Signing Input using ECDSA P-256 SHA-256 with the desired private key. The...
Possibly a dumb question, but I was wondering why the key-based signature wasn't using public keys for verification, instead of rehashing using the private key. Wouldn't this be far superior?...
The library is not able to verify the encrypted tokens. In the file jwt.php line no 219, should this changed to something like return $this->decode($claims) rather than ``` return json_decode($claims);...
When my notBefore claim is set in the future the openssl encrypted token does not verify this. When using the signature option an DecodeException is thrown. Scenario: I use notBefore()...
When utilizing the encrypt method there are times when you want to decrypt and verify the token. Unfortunately this is not possible as the encryption passes the claims encrypted to...
I really like the setup of this library and I believe it works quite well for the creation of a JWT. However I think there's room to improve on the...
Presently, encrypt encodes its result using a MAC, which is good. However, [decrypt](https://github.com/psecio/jwt/blob/master/src/Psecio/Jwt/Jwt.php#L206) never decodes the result, and as such never validates the MAC. This is an absolute requirement that...
