JWT

Configuration & usage

Phalcon\Security\JWT is a namespace that contains components that allow you to issue, parse and validate JSON Web Tokens as described in RFC 7519. These components are:

Builder (Phalcon\Security\JWT\Builder)
Parser (Phalcon\Security\JWT\Token\Parser)
Validator (Phalcon\Security\JWT\Validator)

Configurations

Crypt Settings

You can define the JWT signer, algorithm and content type.

# Security JWT Settings
SECURITY_JWT_SIGNER=\Phalcon\Security\JWT\Signer\Hmac
SECURITY_JWT_ALGO=sha512
SECURITY_JWT_CONTENT_TYPE=application/json

SECURITY_JWT_EXPIRATION=+1 day
SECURITY_JWT_NOT_BEFORE=-1 minute
SECURITY_JWT_ISSUED_AT=now

SECURITY_JWT_ISSUER=<default-issuer>
SECURITY_JWT_AUDIENCE=<default-audience>
SECURITY_JWT_ID=<default-id>
SECURITY_JWT_SUBJECT=<default-subject>
SECURITY_JWT_PASSPHRASE=<your-passphrase>

Usage

// if the class is aware of injections
$jwt = $this->jwt;

// if the container is present
$jwt = $this->di->get('jwt');

// to access the shared db service
$jwt = Di::getDefault()->get('jwt');

External Links

Phalcon 4.0 - Security - JWT

Sources

PreviousCrypt NextImap

Last updated 11 months ago