定制 okta/jwt-verifier 二次开发

按需修改功能、优化性能、对接业务系统,提供一站式技术支持

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

okta/jwt-verifier

最新稳定版本:1.4.0

Composer 安装命令:

composer require okta/jwt-verifier

包简介

A verifier library for working with Okta JWT's

README 文档

README

68747470733a2f2f617773312e646973636f757273652d63646e2e636f6d2f7374616e6461726431342f75706c6f6164732f6f6b74616465762f6f726967696e616c2f31582f306336343032363533646662373065646336363164343937366134336134366633336535653931392e706e67 Packagist License Support

NOTICE: We're excited about the acquisition of Auth0 to bring you better support in PHP. This repo will be placed into security patch only mode and we will not be adding any further features. If you are looking for an API that is not supported in this library, please call the API directly. Our documentation for the supported Management APIs are located here: https://developer.okta.com/docs/reference/core-okta-api/. Please reach out to the DevForum for any questions.

Okta JWT Verifier for PHP

As a result of a successful authentication by obtaining an authorization grant from a user or using the Okta API, you will be provided with a signed JWT (id_token and/or access_token). A common use case for these access tokens is to use it inside of the Bearer authentication header to let your application know who the user is that is making the request. In order for you to know this use is valid, you will need to know how to validate the token against Okta. This guide gives you an example of how to do this using Okta's JWT Validation library for PHP.

This code does not work with the default authorization server. You must be using a custom authorization server. Please check if this is the case before using this code.

Release status

This library uses semantic versioning and follows Okta's library version policy.

Version Status
0.x ⚠️ Beta Release (Retired)
1.x ✔️ Release

The latest release can always be found on the releases page.

Installation

The Okta JWT Verifier can be installed through composer.

composer require okta/jwt-verifier

This library requires a JWT library. We currently support firebase/php-jwt version 5.2. You will have to install this or create your own adaptor.

composer require firebase/php-jwt ^5.2

To create your own adaptor, just implement the Okta/JwtVerifier/Adaptors/Adaptor in your own class.

You will also need to install a PSR-7 compliant library. We suggest that you use guzzlehttp/psr7 in your project.

composer require guzzlehttp/psr7

Setting up the Library

To validate a JWT, you will need a few different items:

  1. Your issuer URL
  2. The JWT string you want to verify
  3. Access to your vendor autoload file in your script.
require_once("/vendor/autoload.php"); // This should be replaced with your path to your vendor/autoload.php file

$jwtVerifier = (new \Okta\JwtVerifier\JwtVerifierBuilder())
    ->setDiscovery(new \Okta\JwtVerifier\Discovery\Oauth) // This is not needed if using oauth.  The other option is `new \Okta\JwtVerifier\Discovery\OIDC`
    ->setAdaptor(new \Okta\JwtVerifier\Adaptors\FirebasePhpJwt)
    ->setAudience('api://default')
    ->setClientId('{clientId}')
    ->setIssuer('https://{yourOktaDomain}.com/oauth2/default')
    ->build();

Caching

It's strongly suggested to cache the keys to improve performance. You can pass an implementation of \Psr\SimpleCache\CacheInterface to the Adaptor constructor.

For example, in laravel:

// note: named parameters are only valid for php >= 8.0
->setAdaptor(new \Okta\JwtVerifier\Adaptors\FirebasePhpJwt(request: null, leeway: 120, cache: app('cache')->store()))

If using symphony, you may need to use an adaptor: https://symfony.com/doc/current/components/cache/psr6_psr16_adapters.html

Validating an Access Token

After you have a $jwtVerifier from the above section and an access_token from a successful sign in, or from a Bearer token in the authorization header, you will need to make sure that it is still valid. All you need to do is call the verifyAccessToken method (where $jwtString is your access token in string format).

$jwt = $jwtVerifier->verifyAccessToken($jwtString);

This will validate your JWT for the following:

  • token expiration time
  • the time it was issue at
  • that the token issuer matches the expected value passed into the above helper
  • that the token audience matches the expected value passed into the above helper

The result from the verify method is a Jwt object which has a few helper methods for you:

dump($jwt); //Returns instance of \Okta\JwtVerifier\JWT

dump($jwt->toJson()); // Returns Claims as JSON Object

dump($jwt->getClaims()); // Returns Claims as they come from the JWT Package used

dump($jwt->getIssuedAt()); // returns Carbon instance of issued at time
dump($jwt->getIssuedAt(false)); // returns timestamp of issued at time

dump($jwt->getExpirationTime()); //returns Carbon instance of Expiration Time
dump($jwt->getExpirationTime(false)); //returns timestamp of Expiration Time

Validating an Id Token

$jwt = $jwtVerifier->verifyIdToken($jwtString);

This will validate your JWT for the following:

  • token expiration time
  • the time it was issue at
  • that the token issuer matches the expected value passed into the above helper
  • that the token audience matches the expected value passed into the above helper

The result from the verify method is a Jwt object which has a few helper methods for you:

dump($jwt); //Returns instance of \Okta\JwtVerifier\JWT

dump($jwt->toJson()); // Returns Claims as JSON Object

dump($jwt->getClaims()); // Returns Claims as they come from the JWT Package used

dump($jwt->getIssuedAt()); // returns Carbon instance of issued at time
dump($jwt->getIssuedAt(false)); // returns timestamp of issued at time

dump($jwt->getExpirationTime()); //returns Carbon instance of Expiration Time
dump($jwt->getExpirationTime(false)); //returns timestamp of Expiration Time

Need help?

If you run into problems using the SDK, you can

Conclusion

The above are the basic steps for verifying an access token locally. The steps are not tied directly to a framework so you could plug in the okta/okta-jwt into the framework of your choice.

okta/jwt-verifier 适用场景与选型建议

okta/jwt-verifier 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 2.17M 次下载、GitHub Stars 达 35, 最近一次更新时间为 2026 年 01 月 04 日, 在 PHP 生态内属于活跃度较高的组件。

我们在过去多个企业项目中使用过 okta/jwt-verifier 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 okta/jwt-verifier 我们能提供哪些服务?
定制开发 / 二次开发

基于 okta/jwt-verifier 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 2.17M
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 35
  • 点击次数: 31
  • 依赖项目数: 1
  • 推荐数: 0

GitHub 信息

  • Stars: 35
  • Watchers: 90
  • Forks: 63
  • 开发语言: PHP

其他信息

  • 授权协议: Apache-2.0
  • 更新时间: 2026-01-04