├── .env.example ├── .gitignore ├── LICENSE ├── README.md ├── bootstrap.php ├── composer.json ├── composer.lock ├── generate_jwt.php ├── generate_key.php ├── src └── .keep └── validate_jwt.php /.env.example: -------------------------------------------------------------------------------- 1 | SECRET= -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /vendor 2 | .env 3 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Create and Verify JWTs in PHP with OAuth 2.0 2 | 3 | This example shows how to create and verify JWTs from scratch in PHP, and how to use the Okta JWT Verifier library to validate Okta access tokens. 4 | 5 | Please read
to see how this application was built. 6 | 7 | **Prerequisites:** PHP, Composer, [Okta developer account](https://developer.okta.com/) 8 | 9 | > [Okta](https://developer.okta.com) has Authentication and User Management APIs that reduce development time with instant-on, scalable user infrastructure. Okta's intuitive API and expert support make it easy for developers to authenticate, manage, and secure users and roles in any application. 10 | 11 | ## Getting Started 12 | 13 | Clone this project using the following commands: 14 | 15 | ``` 16 | git clone git@github.com:oktadeveloper/okta-php-core-jwt-example.git 17 | cd okta-php-core-jwt-example 18 | ``` 19 | 20 | ### Configure the application 21 | 22 | Install the project dependencies, Copy the `.env` file, generate a secret key and put it inside the .env file: 23 | 24 | ``` 25 | composer install 26 | cp .env.example .env 27 | php generate_key.php 28 | ``` 29 | 30 | Follow the instructions of the script. 31 | 32 | ### Run the example tools 33 | 34 | In the public directory, simply run: 35 | 36 | ``` 37 | php generate_jwt.php 38 | ``` 39 | 40 | to generate a JWT. Run: 41 | 42 | ``` 43 | php validate_jwt.php token 44 | ``` 45 | 46 | to validate the 'token' JWT. 47 | 48 | ## Help 49 | 50 | Please post any questions as comments on the
, or visit our [Okta Developer Forums](https://devforum.okta.com/). You can also email developers@okta.com if would like to create a support ticket. 51 | 52 | ## License 53 | 54 | Apache 2.0, see [LICENSE](LICENSE). -------------------------------------------------------------------------------- /bootstrap.php: -------------------------------------------------------------------------------- 1 | load(); 7 | 8 | // PHP has no base64UrlEncode function, so let's define one that 9 | // does some magic by replacing + with -, / with _ and = with ''. 10 | // This way we can pass the string within URLs without 11 | // any URL encoding. 12 | function base64UrlEncode($text) 13 | { 14 | return str_replace( 15 | ['+', '/', '='], 16 | ['-', '_', ''], 17 | base64_encode($text) 18 | ); 19 | } -------------------------------------------------------------------------------- /composer.json: -------------------------------------------------------------------------------- 1 | { 2 | "require": { 3 | "vlucas/phpdotenv": "^2.4", 4 | "nesbot/carbon": "^2.7" 5 | }, 6 | "autoload": { 7 | "psr-4": { 8 | "Src\\": "src/" 9 | } 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /composer.lock: -------------------------------------------------------------------------------- 1 | { 2 | "_readme": [ 3 | "This file locks the dependencies of your project to a known state", 4 | "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", 5 | "This file is @generated automatically" 6 | ], 7 | "content-hash": "084839ca1fc9a71300c1946aac27e4a3", 8 | "packages": [ 9 | { 10 | "name": "nesbot/carbon", 11 | "version": "2.7.0", 12 | "source": { 13 | "type": "git", 14 | "url": "https://github.com/briannesbitt/Carbon.git", 15 | "reference": "90ff5556d4bd25954c272a22654e7bd43e8ab055" 16 | }, 17 | "dist": { 18 | "type": "zip", 19 | "url": "https://api.github.com/repos/briannesbitt/Carbon/zipball/90ff5556d4bd25954c272a22654e7bd43e8ab055", 20 | "reference": "90ff5556d4bd25954c272a22654e7bd43e8ab055", 21 | "shasum": "" 22 | }, 23 | "require": { 24 | "ext-json": "*", 25 | "php": "^7.1.8", 26 | "symfony/translation": "^4.0" 27 | }, 28 | "require-dev": { 29 | "phpunit/phpunit": "^7.1.5" 30 | }, 31 | "suggest": { 32 | "friendsofphp/php-cs-fixer": "Needed for the `composer phpcs` command. Allow to automatically fix code style.", 33 | "phpstan/phpstan": "Needed for the `composer phpstan` command. Allow to detect potential errors." 34 | }, 35 | "type": "library", 36 | "extra": { 37 | "laravel": { 38 | "providers": [ 39 | "Carbon\\Laravel\\ServiceProvider" 40 | ] 41 | } 42 | }, 43 | "autoload": { 44 | "psr-4": { 45 | "Carbon\\": "src/Carbon/" 46 | } 47 | }, 48 | "notification-url": "https://packagist.org/downloads/", 49 | "license": [ 50 | "MIT" 51 | ], 52 | "authors": [ 53 | { 54 | "name": "Brian Nesbitt", 55 | "email": "brian@nesbot.com", 56 | "homepage": "http://nesbot.com" 57 | } 58 | ], 59 | "description": "A simple API extension for DateTime.", 60 | "homepage": "http://carbon.nesbot.com", 61 | "keywords": [ 62 | "date", 63 | "datetime", 64 | "time" 65 | ], 66 | "time": "2018-12-02T10:14:51+00:00" 67 | }, 68 | { 69 | "name": "symfony/contracts", 70 | "version": "v1.0.1", 71 | "source": { 72 | "type": "git", 73 | "url": "https://github.com/symfony/contracts.git", 74 | "reference": "3edf0ab943d1985a356721952cba36ff31bd6e5f" 75 | }, 76 | "dist": { 77 | "type": "zip", 78 | "url": "https://api.github.com/repos/symfony/contracts/zipball/3edf0ab943d1985a356721952cba36ff31bd6e5f", 79 | "reference": "3edf0ab943d1985a356721952cba36ff31bd6e5f", 80 | "shasum": "" 81 | }, 82 | "require": { 83 | "php": "^7.1.3" 84 | }, 85 | "require-dev": { 86 | "psr/cache": "^1.0", 87 | "psr/container": "^1.0" 88 | }, 89 | "suggest": { 90 | "psr/cache": "When using the Cache contracts", 91 | "psr/container": "When using the Service contracts", 92 | "symfony/cache-contracts-implementation": "", 93 | "symfony/service-contracts-implementation": "", 94 | "symfony/translation-contracts-implementation": "" 95 | }, 96 | "type": "library", 97 | "extra": { 98 | "branch-alias": { 99 | "dev-master": "1.0-dev" 100 | } 101 | }, 102 | "autoload": { 103 | "psr-4": { 104 | "Symfony\\Contracts\\": "" 105 | }, 106 | "exclude-from-classmap": [ 107 | "**/Tests/" 108 | ] 109 | }, 110 | "notification-url": "https://packagist.org/downloads/", 111 | "license": [ 112 | "MIT" 113 | ], 114 | "authors": [ 115 | { 116 | "name": "Nicolas Grekas", 117 | "email": "p@tchwork.com" 118 | }, 119 | { 120 | "name": "Symfony Community", 121 | "homepage": "https://symfony.com/contributors" 122 | } 123 | ], 124 | "description": "A set of abstractions extracted out of the Symfony components", 125 | "homepage": "https://symfony.com", 126 | "keywords": [ 127 | "abstractions", 128 | "contracts", 129 | "decoupling", 130 | "interfaces", 131 | "interoperability", 132 | "standards" 133 | ], 134 | "time": "2018-11-24T09:35:08+00:00" 135 | }, 136 | { 137 | "name": "symfony/polyfill-mbstring", 138 | "version": "v1.10.0", 139 | "source": { 140 | "type": "git", 141 | "url": "https://github.com/symfony/polyfill-mbstring.git", 142 | "reference": "c79c051f5b3a46be09205c73b80b346e4153e494" 143 | }, 144 | "dist": { 145 | "type": "zip", 146 | "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/c79c051f5b3a46be09205c73b80b346e4153e494", 147 | "reference": "c79c051f5b3a46be09205c73b80b346e4153e494", 148 | "shasum": "" 149 | }, 150 | "require": { 151 | "php": ">=5.3.3" 152 | }, 153 | "suggest": { 154 | "ext-mbstring": "For best performance" 155 | }, 156 | "type": "library", 157 | "extra": { 158 | "branch-alias": { 159 | "dev-master": "1.9-dev" 160 | } 161 | }, 162 | "autoload": { 163 | "psr-4": { 164 | "Symfony\\Polyfill\\Mbstring\\": "" 165 | }, 166 | "files": [ 167 | "bootstrap.php" 168 | ] 169 | }, 170 | "notification-url": "https://packagist.org/downloads/", 171 | "license": [ 172 | "MIT" 173 | ], 174 | "authors": [ 175 | { 176 | "name": "Nicolas Grekas", 177 | "email": "p@tchwork.com" 178 | }, 179 | { 180 | "name": "Symfony Community", 181 | "homepage": "https://symfony.com/contributors" 182 | } 183 | ], 184 | "description": "Symfony polyfill for the Mbstring extension", 185 | "homepage": "https://symfony.com", 186 | "keywords": [ 187 | "compatibility", 188 | "mbstring", 189 | "polyfill", 190 | "portable", 191 | "shim" 192 | ], 193 | "time": "2018-09-21T13:07:52+00:00" 194 | }, 195 | { 196 | "name": "symfony/translation", 197 | "version": "v4.2.0", 198 | "source": { 199 | "type": "git", 200 | "url": "https://github.com/symfony/translation.git", 201 | "reference": "ff9a878c9b8f8bcd4d9138e2d32f508c942773d9" 202 | }, 203 | "dist": { 204 | "type": "zip", 205 | "url": "https://api.github.com/repos/symfony/translation/zipball/ff9a878c9b8f8bcd4d9138e2d32f508c942773d9", 206 | "reference": "ff9a878c9b8f8bcd4d9138e2d32f508c942773d9", 207 | "shasum": "" 208 | }, 209 | "require": { 210 | "php": "^7.1.3", 211 | "symfony/contracts": "^1.0", 212 | "symfony/polyfill-mbstring": "~1.0" 213 | }, 214 | "conflict": { 215 | "symfony/config": "<3.4", 216 | "symfony/dependency-injection": "<3.4", 217 | "symfony/yaml": "<3.4" 218 | }, 219 | "provide": { 220 | "symfony/translation-contracts-implementation": "1.0" 221 | }, 222 | "require-dev": { 223 | "psr/log": "~1.0", 224 | "symfony/config": "~3.4|~4.0", 225 | "symfony/console": "~3.4|~4.0", 226 | "symfony/dependency-injection": "~3.4|~4.0", 227 | "symfony/finder": "~2.8|~3.0|~4.0", 228 | "symfony/intl": "~3.4|~4.0", 229 | "symfony/yaml": "~3.4|~4.0" 230 | }, 231 | "suggest": { 232 | "psr/log-implementation": "To use logging capability in translator", 233 | "symfony/config": "", 234 | "symfony/yaml": "" 235 | }, 236 | "type": "library", 237 | "extra": { 238 | "branch-alias": { 239 | "dev-master": "4.2-dev" 240 | } 241 | }, 242 | "autoload": { 243 | "psr-4": { 244 | "Symfony\\Component\\Translation\\": "" 245 | }, 246 | "exclude-from-classmap": [ 247 | "/Tests/" 248 | ] 249 | }, 250 | "notification-url": "https://packagist.org/downloads/", 251 | "license": [ 252 | "MIT" 253 | ], 254 | "authors": [ 255 | { 256 | "name": "Fabien Potencier", 257 | "email": "fabien@symfony.com" 258 | }, 259 | { 260 | "name": "Symfony Community", 261 | "homepage": "https://symfony.com/contributors" 262 | } 263 | ], 264 | "description": "Symfony Translation Component", 265 | "homepage": "https://symfony.com", 266 | "time": "2018-11-27T07:20:32+00:00" 267 | }, 268 | { 269 | "name": "vlucas/phpdotenv", 270 | "version": "v2.5.1", 271 | "source": { 272 | "type": "git", 273 | "url": "https://github.com/vlucas/phpdotenv.git", 274 | "reference": "8abb4f9aa89ddea9d52112c65bbe8d0125e2fa8e" 275 | }, 276 | "dist": { 277 | "type": "zip", 278 | "url": "https://api.github.com/repos/vlucas/phpdotenv/zipball/8abb4f9aa89ddea9d52112c65bbe8d0125e2fa8e", 279 | "reference": "8abb4f9aa89ddea9d52112c65bbe8d0125e2fa8e", 280 | "shasum": "" 281 | }, 282 | "require": { 283 | "php": ">=5.3.9" 284 | }, 285 | "require-dev": { 286 | "phpunit/phpunit": "^4.8.35 || ^5.0" 287 | }, 288 | "type": "library", 289 | "extra": { 290 | "branch-alias": { 291 | "dev-master": "2.5-dev" 292 | } 293 | }, 294 | "autoload": { 295 | "psr-4": { 296 | "Dotenv\\": "src/" 297 | } 298 | }, 299 | "notification-url": "https://packagist.org/downloads/", 300 | "license": [ 301 | "BSD-3-Clause" 302 | ], 303 | "authors": [ 304 | { 305 | "name": "Vance Lucas", 306 | "email": "vance@vancelucas.com", 307 | "homepage": "http://www.vancelucas.com" 308 | } 309 | ], 310 | "description": "Loads environment variables from `.env` to `getenv()`, `$_ENV` and `$_SERVER` automagically.", 311 | "keywords": [ 312 | "dotenv", 313 | "env", 314 | "environment" 315 | ], 316 | "time": "2018-07-29T20:33:41+00:00" 317 | } 318 | ], 319 | "packages-dev": [], 320 | "aliases": [], 321 | "minimum-stability": "stable", 322 | "stability-flags": [], 323 | "prefer-stable": false, 324 | "prefer-lowest": false, 325 | "platform": [], 326 | "platform-dev": [] 327 | } 328 | -------------------------------------------------------------------------------- /generate_jwt.php: -------------------------------------------------------------------------------- 1 | 'JWT', 10 | 'alg' => 'HS256' 11 | ]); 12 | 13 | // Create the token payload 14 | $payload = json_encode([ 15 | 'user_id' => 1, 16 | 'role' => 'admin', 17 | 'exp' => 1593828222 18 | ]); 19 | 20 | // Encode Header 21 | $base64UrlHeader = base64UrlEncode($header); 22 | 23 | // Encode Payload 24 | $base64UrlPayload = base64UrlEncode($payload); 25 | 26 | // Create Signature Hash 27 | $signature = hash_hmac('sha256', $base64UrlHeader . "." . $base64UrlPayload, $secret, true); 28 | 29 | // Encode Signature to Base64Url String 30 | $base64UrlSignature = base64UrlEncode($signature); 31 | 32 | // Create JWT 33 | $jwt = $base64UrlHeader . "." . $base64UrlPayload . "." . $base64UrlSignature; 34 | 35 | echo "Your token:\n" . $jwt; 36 | ?> -------------------------------------------------------------------------------- /generate_key.php: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oktadev/okta-php-core-jwt-example/bb847fbd856a8d684f82ab74c26b2969b4aa88f4/src/.keep -------------------------------------------------------------------------------- /validate_jwt.php: -------------------------------------------------------------------------------- 1 | exp); 22 | $tokenExpired = (Carbon::now()->diffInSeconds($expiration, false) < 0); 23 | 24 | // build a signature based on the header and payload using the secret 25 | $base64UrlHeader = base64UrlEncode($header); 26 | $base64UrlPayload = base64UrlEncode($payload); 27 | $signature = hash_hmac('sha256', $base64UrlHeader . "." . $base64UrlPayload, $secret, true); 28 | $base64UrlSignature = base64UrlEncode($signature); 29 | 30 | // verify it matches the signature provided in the token 31 | $signatureValid = ($base64UrlSignature === $signatureProvided); 32 | 33 | echo "Header:\n" . $header . "\n"; 34 | echo "Payload:\n" . $payload . "\n"; 35 | 36 | if ($tokenExpired) { 37 | echo "Token has expired.\n"; 38 | } else { 39 | echo "Token has not expired yet.\n"; 40 | } 41 | 42 | if ($signatureValid) { 43 | echo "The signature is valid.\n"; 44 | } else { 45 | echo "The signature is NOT valid\n"; 46 | } 47 | ?> --------------------------------------------------------------------------------