teamgantt/juhwit
Composer 安装命令:
composer require teamgantt/juhwit
包简介
Verify JWTs from AWS Cognito
README 文档
README
Verify JWT's from AWS Cognito
Usage
Juhwit ships with a handful of interfaces and their default implementations.
The main service provided by Juhwit is the JwtDecoder which is composed with the complimentary CognitoClaimVerifier.
<?php use TeamGantt\Juhwit\JwtDecoder; use TeamGantt\Juhwit\Models\UserPool; use TeamGantt\Juhwit\CognitoClaimVerifier; // Create a UserPool to pass to the CognitoClaimVerifier $poolId = 'some pool id from cognito'; $clientIds = ['some client id from cognito']; $region = 'us-east-2'; // we need some public keys in the form of a jwk (accessible via cognito) $jwk = json_decode(file_get_contents('path/to/jwk.json'), true); $pool = new UserPool($poolId, $clientIds, $region, $jwk); $verifier = new CognitoClaimVerifier($pool); $decoder = new JwtDecoder($verifier); // If all is valid we will get a token back - otherwise a TokenException is thrown $token = $decoder->decode($someTokenFromARequest);
Requiring extra claims
A token may be required to have certain claims.
If you want to require claims, such as custom:foo or custom:user, you can require those by providing a second argument to the decode method.
<?php use TeamGantt\Juhwit\JwtDecoder; $decoder = new JwtDecoder($verifier); $token = $decoder->decode($someTokenFromARequest, ['custom:foo', 'custom:user']);
It is also possible to require claim values to be a specific value.
use TeamGantt\Juhwit\JwtDecoder; $decoder = new JwtDecoder($verifier); $token = $decoder->decode($someTokenFromARequest, ['custom:user', 'token_use' => 'id']);
Keep in mind that instances of Token will perform their own checks against required claims. See TeamGantt\Juhwit\Models\Token::getClaimsErrors() for more information.
Customizing token creation
Juhwit provides a default implementations for id tokens and access tokens. After a jwt is verified against
a public key, the claims and user provided $requiredClaims are passed to the create method of a TokenFactoryInterface.
The default CognitoTokenFactory will return an IdToken or AccessToken depending on the token type provided. When constructing the JwtDecoder
a custom TokenFactoryInterface can be passed to the constructor.
This factory can be used to create custom tokens - the only requirement is that the create method returns a TokenInterface. Any TokenExceptions thrown
by the factory will be caught and the token will be considered invalid.
Leveraging docker
Juhwit is tested and developed against PHP 7.4.11. This project uses a combination of docker and direnv
to keep a consistent environment. To leverage direnv, cd into the juhwit project directory and run the following:
$ docker build -t juhwit:dev .
$ direnv allow
This will put your current terminal into an environment that uses the dockerized php and composer binaries. You can use them like you normally would i.e:
$ php -v
$ composer list
Running Tests
$ composer test
teamgantt/juhwit 适用场景与选型建议
teamgantt/juhwit 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 64.28k 次下载、GitHub Stars 达 6, 最近一次更新时间为 2020 年 02 月 10 日, 在 PHP 生态内属于活跃度较高的组件。
我们在过去多个企业项目中使用过 teamgantt/juhwit 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 teamgantt/juhwit 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
统计信息
- 总下载量: 64.28k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 6
- 点击次数: 22
- 依赖项目数: 2
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2020-02-10