第基于PHP實現(xiàn)JWT登錄鑒權(quán)的示例代碼useLcobucci\JWT\Validation\Constraint\IdentifiedBy;

useLcobucci\JWT\Validation\Constraint\IssuedBy;

useLcobucci\JWT\Validation\Constraint\PermittedFor;

useLcobucci\JWT\ValidationData;

classJwtUtil

//jwtgithub:/lcobucci/jwthttps://jwt.io/

protected$issuer="";

protected$audience="";

protected$id="4f1g23a12aa11";

//key是絕對不允許泄露的

protectedstatic$key="8swQsm1Xb0TA0Jw5ASPwClKVZPoTyS7GvhtaW0MxzKEihs1BNpcS2q3FYMJ11111";

*簽發(fā)令牌

publicfunctiongetToken()

$time=time();

$config=self::getConfig();

assert($configinstanceofConfiguration);

//簽發(fā)token,設(shè)置簽發(fā)人、接收人、唯一標(biāo)識、簽發(fā)時間、立即生效、過期時間、用戶id、用戶username、簽名

$token=$config-builder()

-issuedBy($this-issuer)//Configurestheissuer(issclaim)

-permittedFor($this-audience)//Configurestheaudience(audclaim)

-identifiedBy($this-id,true)//Configurestheid(jticlaim),replicatingasaheaderitem

-issuedAt($time)//Configuresthetimethatthetokenwasissue(iatclaim)

-canOnlyBeUsedAfter($time+1)//Configuresthetimethatthetokencanbeused(nbfclaim)簽發(fā)x秒鐘后生效

-expiresAt($time+3600)//Configurestheexpirationtimeofthetoken(expclaim)

-withClaim('uid',20)//Configuresanewclaim,called"uid"

-withClaim('username',"Make")//Configuresanewclaim,called"uid"

-getToken($config-signer(),$config-signingKey());//Retrievesthegeneratedtoken

return$token-toString();

*驗證jwttoken并返回其中的用戶id

*verifytoken

publicfunctionverifyToken_bak($token)

try{

$config=self::getConfig();

assert($configinstanceofConfiguration);

$token=$config-parser()-parse($token);

assert($tokeninstanceofPlain);

//Lcobucci\JWT\Validation\Constraint\IdentifiedBy:驗證jwtid是否匹配

//Lcobucci\JWT\Validation\Constraint\IssuedBy:驗證簽發(fā)人參數(shù)是否匹配

//Lcobucci\JWT\Validation\Constraint\PermittedFor:驗證受眾人參數(shù)是否匹配

//Lcobucci\JWT\Validation\Constraint\RelatedTo:驗證自定義cliam參數(shù)是否匹配

//Lcobucci\JWT\Validation\Constraint\SignedWith:驗證令牌是否已使用預(yù)期的簽名者和密鑰簽名

//Lcobucci\JWT\Validation\Constraint\StrictValidAt:：：驗證存在及其有效性的權(quán)利要求中的iat，nbf和exp（支持余地配置

//Lcobucci\JWT\Validation\Constraint\LooseValidAt:驗證的權(quán)利要求iat，nbf和exp，當(dāng)存在時（支持余地配置）

//驗證jwtid是否匹配

$validate_jwt_id=newIdentifiedBy($this-

//驗證簽發(fā)人url是否正確

$validate_issued=newIssuedBy($this-issuer);

//驗證客戶端url是否匹配

$validate_aud=newPermittedFor($this-audience);

$config-setValidationConstraints($validate_jwt_id,$validate_issued,$validate_aud);

$constraints=$config-validationConstraints();

if(!$config-validator()-validate($token,...$constraints)){

die("tokeninvalid!");

}catch(\Exception$e){

die("error:".$e-getMessage());

$jwtInfo=$token-claims();//這是jwttoken中存儲的所有信息

return$jwtInfo-get("uid");//獲取uid

*加密解密使用的配置

*@returnConfiguration

publicstaticfunctiongetConfig()

$configuration=Configuration::forSymmetricSigner(

//YoumayuseanyHMACvariations(256,384,and512)

newSha256(),

//replacethevaluebelowwithakeyofyourown!

InMemory::base64Encoded(self::$key)

//YoumayalsooverridetheJOSEencoder/decoderifneededbyprovidingextraargumentshere

return$configuration;

*另一種驗證方法，但是已經(jīng)棄用

*verifytoken

publicfunctionverifyToken($token)

$token=(newParser())-parse((string)$token);

//驗證token

$data=newValidationData();

$data-setIssuer($this-issuer);//驗證的簽發(fā)人

$data-setAudience($this-audience);//驗證的接收人

$data-setId($this-//驗證token標(biāo)識

if(!$token-validate($data)){

//toke