php-jwt
AutoRoute
php-jwt | AutoRoute | |
---|---|---|
16 | 10 | |
9,228 | 190 | |
0.3% | - | |
5.8 | 1.5 | |
about 1 month ago | about 1 year ago | |
PHP | PHP | |
BSD 3-clause "New" or "Revised" License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
php-jwt
- firebase/php-jwt: PHP package for JWT
-
Understanding user authentication on web and API
So basically if the login is successfull I have to create a JWT token (with something like this library) with the userID inside and send it via `setcookie()` for web or in a JSON response to the API client and consider it the long lived refresh token.
-
What is the best way to implement in-app purchases without a third-party service?
This depends on the library you end up downloading for the platform of your choosing. Some of the parts I explained above will be handled by the library for example in my case I decoded signedTransactionInfo using firebase/php-jwt. This has the added benefit of always checking the validity of the signature which was omitted in the manual method.
- Why there's not a native way to work with JWT in Laravel?
-
How can I decode the header from the JWT?
https://github.com/firebase/php-jwt i use this one, its really good
- ElastiCache for Redis as session handler for ECS container...
- Weekly "ask anything" thread
-
API Tokens: A Tedious Survey
> Why all the hate for JWTs?
> Just pick a crypto scheme and the JWT is just an encoding that makes it easier to use.
That's not what JWT is, but I can understand why someone would be misled into believing that.
JWT isn't just an encoding format, it also includes a crypto algorithm negotiation protocol that lets the attacker choose the algorithm. Even if you strictly allow-list which algorithm you want to support, you can accidentally bypass this control in many libraries if you suppor the `kid` (key ID) header. [1]
It also allows attackers to completely strip the security. [2] [3]
Put shortly, JWT is a gun aimed directly at your foot. That's why there's so much hate for JWTs.
[1] https://github.com/firebase/php-jwt/issues/351
[2] https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-ba...
[3] https://www.howmanydayssinceajwtalgnonevuln.com/
- Firebase/PHP-JWT: New Risk of HS256/RSA256 Algorithm Confusion
- Possible security issue involving the Firebase JWT library for PHP (Algorithm Confusion with Key IDs)
AutoRoute
-
How do router frameworks efficiently handle 1000s of routes?
Also if you use a convention-based approach to your routes instead of hardcoding them you can support any number of routes. Something like how pmjones/AutoRoute and CodeIgniter's AutoRouting work.
-
A Faster Router System in PHP
You may wish to take a look at AutoRoute. I am the lead, and you can see benchmarks for it here.
-
PSX - Build fully typed REST APIs
This sounds remarkably similar to AutoRoute.
-
Building the Fastest PHP Router Ever
Interesting; AutoRoute is 2x faster than FastRoute in common cases; see benchmark. And it's pretty feature-filled at that.
-
Why I prefer a routing config file to Controller annotations
There is another alternative: AutoRoute automatically maps incoming HTTP requests (by verb and path) to PHP action classes in a specified namespace. No more route files or annotations/attributes.
-
Make your own Framework: (The Fastest) Router Edition
Might be nice to see AutoRoute included in the mix; it too is faster than FastRoute, and has some interesting additional features.
-
The case for route attributes
Not to yammer on about it, but that is exactly what AutoRoute does.
-
Piko router, a fast router for PHP based on radix tree
Nice! I'd be interested to see how it fares against AutoRoute -- benchmarks against FastRoute here.
-
Weekly "ask anything" thread
You might additionally appreciate this: https://github.com/pmjones/AutoRoute
What are some alternatives?
PHP OAuth 2.0 Server - A spec compliant, secure by default PHP OAuth 2.0 Server
Fast Route - Fast request router for PHP
Ratchet - Asynchronous WebSocket server
Laravel - The Laravel Framework.
php-router-benchmark
fusionauth-jwt - A simple to use Java 8 JWT Library. Verify, Sign, Encode, Decode all day.
AutoRoute-benchmark - Benchmarking for AutoRoute.
paseto - Platform-Agnostic Security Tokens
Halite - High-level cryptography interface powered by libsodium
RiafCore