php-jwt | Ratchet | |
---|---|---|
16 | 12 | |
9,228 | 6,157 | |
0.3% | 0.2% | |
5.8 | 0.0 | |
about 1 month ago | about 1 month ago | |
PHP | PHP | |
BSD 3-clause "New" or "Revised" License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
php-jwt
- firebase/php-jwt: PHP package for JWT
-
Understanding user authentication on web and API
So basically if the login is successfull I have to create a JWT token (with something like this library) with the userID inside and send it via `setcookie()` for web or in a JSON response to the API client and consider it the long lived refresh token.
-
What is the best way to implement in-app purchases without a third-party service?
This depends on the library you end up downloading for the platform of your choosing. Some of the parts I explained above will be handled by the library for example in my case I decoded signedTransactionInfo using firebase/php-jwt. This has the added benefit of always checking the validity of the signature which was omitted in the manual method.
- Why there's not a native way to work with JWT in Laravel?
-
How can I decode the header from the JWT?
https://github.com/firebase/php-jwt i use this one, its really good
- ElastiCache for Redis as session handler for ECS container...
- Weekly "ask anything" thread
-
API Tokens: A Tedious Survey
> Why all the hate for JWTs?
> Just pick a crypto scheme and the JWT is just an encoding that makes it easier to use.
That's not what JWT is, but I can understand why someone would be misled into believing that.
JWT isn't just an encoding format, it also includes a crypto algorithm negotiation protocol that lets the attacker choose the algorithm. Even if you strictly allow-list which algorithm you want to support, you can accidentally bypass this control in many libraries if you suppor the `kid` (key ID) header. [1]
It also allows attackers to completely strip the security. [2] [3]
Put shortly, JWT is a gun aimed directly at your foot. That's why there's so much hate for JWTs.
[1] https://github.com/firebase/php-jwt/issues/351
[2] https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-ba...
[3] https://www.howmanydayssinceajwtalgnonevuln.com/
- Firebase/PHP-JWT: New Risk of HS256/RSA256 Algorithm Confusion
- Possible security issue involving the Firebase JWT library for PHP (Algorithm Confusion with Key IDs)
Ratchet
-
Connecting to PHP using Apache's mod_proxy_wstunnel without using 3rd Party APIs
1) Do we must need to use some 3rd Party APIs or Libraries like Ratchet, PHP-Push-WebSocket or PHP WebSocket to enable PHP to communicate over WebSocket protocol?
-
I made a simple chat socket server
I am using http://socketo.me/ to create the socket server.
-
Weekly help thread
Sockets: https://github.com/reactphp/socket WebSocket: https://github.com/ratchetphp/Ratchet
-
How good does ajax long polling work in PHP?
Have you considered using web sockets? Check out Ratchet PHP http://socketo.me/. Once the client and server make a connection your server can send notifications to the client while that connection is open.
-
Ratchet tutorial/implementation of subscribe, unsubscribe and publish to channel
How should I implement these functions? I am successful with using this documentation to implement basic websocket functions. However, I am still unable to subscribe to a channel/topic. The code is long so I put a github question here. Hope that you can help me with this.
-
The benefits and pitfalls of using Laravel to make a persistent browser-based game
You can do native websockets with PHP, but it's not straightforward with Laravel. Laravel Echo helps handle the client-side of websockets, but you need to manage the server side on your own.
-
Chatmosphere - a chat app I made a few weeks ago. Let me know what ya think!
Nice work. I have something similar I built on Ratchet, I looked at Socket.io in the early days but shelved plans to run a Node backend. Your front end looks a lot more appealing than mine does. ;)
-
Converting a custom chat to use serverless AWS for it's backend (Part 1: The Setup)
However, the websockets server is based on a php package http://socketo.me/ , and sometimes that mini-app goes down without warning, leaving the chat to fallback to an old-school chat-archive. Even monitoring and being certain that the chat websocket server is -up- isn't obvious.
-
How to use ratchet for a WssServeur ?
Hello, I have just start to learn web socket in php but I have one issue I would use a secure web socket for https pages but one their website: https://socketo.me They use a class, MyChat but vscode doesn’t find it. Does anybody know ? Thanks
-
Weekly "ask anything" thread
Which implementation would you like? * http://socketo.me/ * https://amphp.org/websocket-client/ * https://www.swoole.co.uk/docs/modules/swoole-websocket-server
What are some alternatives?
PHP OAuth 2.0 Server - A spec compliant, secure by default PHP OAuth 2.0 Server
Workerman - An asynchronous event driven PHP socket framework. Supports HTTP, Websocket, SSL and other custom protocols.
Fast Route - Fast request router for PHP
React - Event-driven, non-blocking I/O with PHP.
fusionauth-jwt - A simple to use Java 8 JWT Library. Verify, Sign, Encode, Decode all day.
php-websocket - Simple WebSocket server implemented in PHP.
paseto - Platform-Agnostic Security Tokens
Elephant.io - Ça trompe énormément
Halite - High-level cryptography interface powered by libsodium
Amp - A non-blocking concurrency framework for PHP applications. 🐘
bubble - bubble 旨在为项目快速开发提供一系列的基础能力,方便使用者根据项目需求快速进行功能拓展。已将所有 JAR 包都推送至中央仓库,也会为每个版本的升级改动列出详细的更新日志
Hoa WebSocket - The Hoa\Websocket library.