Installation

composer require attla/token

Usage

Creating and managing a token:

useAttla\Token\FactoryasToken;useAttla\Token\FacadeasTokenFacade;// create token on PHP projects$token = Token::create();// on laravel projects$token = TokenFacade::create();// or with global alias on laravel projects$token = \Token::create();// set a payload$token->body('token value..');// get the token value$tokenEncoded =$token->get();

Configure the token instance:

$token = Token::create()->secret('your secret phrase');// changing the secret on exist instance$token->secret('your secret phrase');// secret aliases$token->phrase('your secret phrase');$token->passphrase('your secret phrase');// Set token body type when it can be converted (array, stdClass, object)$token->associative();// set token payload as associative array$token->asObject();// set payload as stdClass object// defines that it will always generate the same result$token->same();

Setup token claims:

useCarbon\Carbon;$time =strtotime('+1 hour');$token->exp($time);$token->expiration((new \DateTime())->setTimeStamp($time));$token->expiresAt(Carbon::createFromTimestamp($time));

useCarbon\Carbon;$time =strtotime('-1 day');$token->iat($time);$token->issuedAt((new \DateTime())->setTimeStamp($time));$token->issuedBefore(Carbon::createFromTimestamp($time));

useCarbon\Carbon;$time =strtotime('+30 day');$token->nbf($time);$token->notBefore((new \DateTime())->setTimeStamp($time));$token->canOnlyBeUsedAfter(Carbon::createFromTimestamp($time));

$token->aud('https://example.com');$token->audience('https://example.com','https://example.app');$token->permittedFor(['https://example.net','https://example.org']);

$token->relatedTo('exampl@e.com');$token->sub('exampl@e.com');

$token->issuedBy('https://example.com');$token->iss('https://example.net');

$jti =hash('sha256',uniqid(mt_rand(),true));$token->jti($jti);$token->identifiedBy($jti);

Custom validation claims:

// current browser$token->bwr();$token->broser();// setup a user agent by string$token->browser('Mozilla/5.0 (U; Linux x86_64; en-US) Gecko/20100101 Firefox/50.9');

// current request ip address$token->ip();// setup a ip address by string$token->ip('1.1.1.1');$token->ip('1.1.1.1','2001:db8:0:0:0:0:2:1');$token->ip(['1.1.1.1','8.8.8.8']);

// setup a location by coordinate string$token->loc('-44.05964,77.10679,5');

Setup custom claim:

// set a custom claim "uid"$token->withClaim('uid',1);$token->with('uid',1);// alias// on parse validate using:$token->with('uid',1);

// insert the payload as array or object$token->payload(['uid' =>1]);// on parse validate use:$token->with('uid',1);

$hasUid =$token->has('uid');// isset(uid)$hasUidWithValue =$token->has('uid',1);// isset(uid) && uid === 1

Parse a token:

$tokenValue = Token::parse($tokenEncoded)    ->associative()    ->get();

Real world example:

// Creating$token = Token::create()    ->secret('your secret phrase')// secret key    ->iss($_SERVER['HTTP_HOST'])// Set 'issuer' claim    ->aud('e.com',$_SERVER['HTTP_HOST'])// Set 'audience' claim    ->sub('7urkg6uDkMISjZBuFGdeySokAIrSuWAB')// Set 'subject' claim    ->iat(time())// Set 'issued' date in seconds    ->exp(7200)// Set 'expiration' in seconds (2 hours)    ->bwr()// Lock the token by user agent of browser    ->ip()// Lock the token with IP (v6 or v4)    ->payload([// Set the token payload'name' =>'Acme LLC','email' =>'acme@e.com',    ]);// Get the token$tokenEncoded =$token->get();echo$tokenEncoded .PHP_EOL;$tokenParse = Token::parse($tokenEncoded)    ->iss($_SERVER['HTTP_HOST'])// Set the issuer claim for validate    ->validAt(time() -3600)// Rewrites the current date for 'exp', 'iat', 'nbf' validations    ->associative();if ($tokenParse->isValid()) {echo'Subject:'.$tokenParse->sub() .PHP_EOL;echo'Audience:'.implode(',',$tokenParse->audience()) .PHP_EOL;echo$tokenParse->get() .PHP_EOL;}else {echo"Token as invalid!" .PHP_EOL;}

License