jsq / iron-php
A PHP port of hueniverse/iron
Installs: 2 240
Dependents: 1
Suggesters: 1
Security: 0
Stars: 1
Watchers: 2
Forks: 0
Open Issues: 0
Requires
- php: >=7.0
- ext-openssl: *
Requires (Dev)
- phpunit/phpunit: ^5.2
This package is auto-updated.
Last update: 2024-12-29 05:21:35 UTC
README
iron-php
is a PHP implementation of the Iron
library. Iron generates encapsulated tokens suitable for embedding in cookies,
query parameters, and HTTP headers.
$ composer require jsq/iron-php
Please consult the Iron [security considerations] (https://github.com/hueniverse/iron#security-considerations) before using this library.
Differences from Iron
iron-php
supports the token format generated by Iron 4.0, with the
following exceptions:
- The payload encryption cipher method is configurable but cannot be set to any GCM or CTR variant of AES. This is due to a PHP limitation that will be addressed in PHP 7.1.
- Separate encryption and signature passwords are not supported.
Usage
<?php use Jsq\Iron; use Jsq\Iron\Password; // payloads can be anything that can be serialized by json_encode $payload = ['an' => 'array']; // passwords must be at least 32 characters long $password = base64_encode(openssl_random_pseudo_bytes(24)); // tokens can be set to expire after a fixed number of seconds $ttl = 300; // create a sealed token $token = Iron\seal($payload, $password, $ttl); // The token will be unsealable with the correct password until the token expires $unsealed = Iron\unseal($token, $password); // Named passwords can also be used $password = new Password(base64_encode(openssl_random_pseudo_bytes(24)), 'my_password'); // create a sealed token with the named password $token = Iron\seal($payload, $password);