This repo contains the JWT SDK for parsing and validating JWT tokens from OFCP. The main code is written in TypeScript, but we also provide a JsonSchema and a PHP equivalent.
TypeScript / JavaScript:
npm install @tecsafe/jwt-sdk
PHP:
composer require tecsafe/jwt-sdk
JsonSchema:
curl -O https://tecsafe.github.io/jwt-sdk/json-schema/latest.json
TypeScript / JavaScript:
import { getJWK, parseUnknownJwt, compareRoles } from '@tecsafe/jwt-sdk';
const TOKEN = 'eyJhbGci...';
const jwk = await getJWK();
const body = parseUnknownJwt(TOKEN, jwk);
// or if you don't want to validate the signature, and just want to parse the token
const body = parseUnknownJwt(TOKEN);
// compare roles
const isAllowed = compareRoles(body.meta.role, 'COMPANY_ADMIN');
Visit https://tecsafe.github.io/jwt-sdk/ for a more detailed documentation.
PHP:
First of all, you need an implementation for
Example:
composer require nyholm/psr7 symfony/http-client symfony/cache
<?php
use Nyholm\Psr7\Factory\Psr17Factory;
use Symfony\Component\HttpClient\Psr18Client;
use Tecsafe\OFCP\JWT\SDK\JWKLoader;
use Tecsafe\OFCP\JWT\SDK\JWTParser;
/* Load JWKS from URL */
$jwkUri = "https://api-gateway.tecsafe.example.com/.well-known/jwks";
$jwkLoader = new JWKLoader(new Psr18Client(), new Psr17Factory());
$jwk = $jwkLoader->getJWK($jwkUri);
/* Optional: Decorate JWKLoader with Cache */
use Tecsafe\OFCP\JWT\SDK\CachedJWKLoader;
use Symfony\Component\Cache\Psr16Cache;
use Symfony\Component\Cache\Adapter\ArrayAdapter;
$cachedLoader = new CachedJWKLoader($jwkLoader, new Psr16Cache(new ArrayAdapter()));
$jwk = $cachedLoader->getJWK($jwkUri);
$jwk = $cachedLoader->getJWK($jwkUri); // Loaded from cache
/* Parse and validate tokens */
$TOKEN = 'eyJhbGci...';
$body = JWTParser::parseCustomerJwt($TOKEN, $jwk);
// same as above, if you don't want to validate the signature
$body = JWTParser::parseCustomerJwt($TOKEN);
JsonSchema:
See https://json-schema.org/ for more information on how to use JsonSchema.