How to use JSON Web Tokens for API authentication in PHP

JSON Web Tokens (JWT) are a secure method of transferring information in web applications. It is an open standard (RFC 7519) that defines a compact, self-contained and secure way to communicate between all parties. Securely transfer information in the form of JSON objects. The use of JWT is particularly important when using APIs for authentication. In PHP, we can implement JWT authentication through some simple steps.

1. Install the JWT library

First, we need to install the JWT library through Composer. Add the following code in the composer.json file:

{
    "require": {
        "firebase/php-jwt": "3.0.*"
    }
}

Alternatively, use the following command to install in the terminal:

composer require firebase/php-jwt

2. Create JWT

In progress Before API authentication, we need to create a JWT. In PHP, we can create a JWT with the following code:

use FirebaseJWTJWT;

$key = "example_key";
$payload = array(
    "iss" => "http://example.org",
    "aud" => "http://example.com",
    "iat" => 1356999524,
    "nbf" => 1357000000
);

$jwt = JWT::encode($payload, $key);

In this example, we create a key named $key and use the $payload array as the payload of the JWT. The payload contains some basic information such as "iss" (issuer), "aud" (receiver), "iat" (issuance time) and "nbf" (validity time), which will be used in API authentication .

3. Validating a JWT

The process of validating a JWT is the reverse of the process of creating it. We need to use the secret key and the original JWT to decode the JWT and verify the information contained within it. In PHP, we can use the following code to validate the JWT:

use FirebaseJWTJWT;

$key = "example_key";
$jwt = $_POST["jwt"];

try {
    $decoded = JWT::decode($jwt, $key, array('HS256'));
    return $decoded;

} catch (Exception $e) {
    return false;
}

Here, we use $_POST["jwt"] to submit the raw JWT to the server. We then pass the key and encryption rules as parameters to the JWT::decode() method. If the verification is successful, this method will return the JWT payload data.

4. Send JWT to client

In PHP, we can send JWT to client and let client send JWT in every request as authentication Credentials. In the following example, we store the JWT in $_SESSION and send it back to the client:

use FirebaseJWTJWT;

$key = "example_key";
$payload = array(
    "iss" => "http://example.org",
    "aud" => "http://example.com",
    "iat" => 1356999524,
    "nbf" => 1357000000
);

$jwt = JWT::encode($payload, $key);

$_SESSION["jwt"] = $jwt;

header('Content-Type: application/json');
echo json_encode(array("jwt" => $jwt));

Here, we store the JWT using $_SESSION["jwt"] and send it as JSON The object is sent back to the client. The client can store the JWT locally and send it to the API for authentication.

Summary

The process of using JWT for API authentication in PHP is very simple, just follow the above steps. Using JWT for authentication not only improves security but also improves the performance of your application because it eliminates the need for authentication with every request. However, please note that if the key is lost or stolen by a hacker, it can have fatal effects on the application, so make sure to store the key in a safe place.

The above is the detailed content of How to use JSON Web Tokens for API authentication in PHP. For more information, please follow other related articles on the PHP Chinese website!