Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 4.3.x will end 7 October 2024 (12 months).
  • Bug fixes for security issues in 4.3.x will end 21 April 2025 (18 months).
  • PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.2.x is supported too.

Differences Between: [Versions 310 and 403] [Versions 311 and 403] [Versions 39 and 403] [Versions 400 and 403] [Versions 401 and 403] [Versions 402 and 403]

(no description)

File Size: 662 lines (24 kb)
Included or required:0 times
Referenced: 0 times
Includes or requires: 0 files

Defines 1 class

JWT:: (17 methods):
  decode()
  encode()
  sign()
  verify()
  jsonDecode()
  jsonEncode()
  urlsafeB64Decode()
  convertBase64UrlToBase64()
  urlsafeB64Encode()
  getKey()
  constantTimeEquals()
  handleJsonError()
  safeStrlen()
  signatureToDER()
  encodeDER()
  signatureFromDER()
  readDER()


Class: JWT  - X-Ref

JSON Web Token implementation, based on this spec:
https://tools.ietf.org/html/rfc7519

PHP version 5

decode(string $jwt,$keyOrKeyArray,stdClass &$headers = null)   X-Ref
Decodes a JWT string into a PHP object.

param: string                 $jwt            The JWT
param: Key|ArrayAccess<string,Key>|array<string,Key> $keyOrKeyArray  The Key or associative array of key IDs
param: stdClass               $headers                               Optional. Populates stdClass with headers.
return: stdClass The JWT's payload as a PHP object

encode(array $payload,$key,string $alg,string $keyId = null,array $head = null)   X-Ref
Converts and signs a PHP array into a JWT string.

param: array<mixed>          $payload PHP array
param: string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate $key The secret key.
param: string                $alg     Supported algorithms are 'ES384','ES256', 'ES256K', 'HS256',
param: string                $keyId
param: array<string, string> $head    An array with header elements to attach
return: string A signed JWT

sign(string $msg,$key,string $alg)   X-Ref
Sign a string with a given key and algorithm.

param: string $msg  The message to sign
param: string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate  $key  The secret key.
param: string $alg  Supported algorithms are 'EdDSA', 'ES384', 'ES256', 'ES256K', 'HS256',
return: string An encrypted message

verify(string $msg,string $signature,$keyMaterial,string $alg)   X-Ref
Verify a signature with the message, key and method. Not all methods
are symmetric, so we must have a separate verify and sign method.

param: string $msg         The original message (header and body)
param: string $signature   The original signature
param: string|resource|OpenSSLAsymmetricKey|OpenSSLCertificate  $keyMaterial For Ed*, ES*, HS*, a string key works. for RS*, must be an instance of OpenSSLAsymmetricKey
param: string $alg         The algorithm
return: bool

jsonDecode(string $input)   X-Ref
Decode a JSON string into a PHP object.

param: string $input JSON string
return: mixed The decoded JSON string

jsonEncode(array $input)   X-Ref
Encode a PHP array into a JSON string.

param: array<mixed> $input A PHP array
return: string JSON representation of the PHP array

urlsafeB64Decode(string $input)   X-Ref
Decode a string with URL-safe Base64.

param: string $input A Base64 encoded string
return: string A decoded string

convertBase64UrlToBase64(string $input)   X-Ref
Convert a string in the base64url (URL-safe Base64) encoding to standard base64.

param: string $input A Base64 encoded string with URL-safe characters (-_ and no padding)
return: string A Base64 encoded string with standard characters (+/) and padding (=), when

urlsafeB64Encode(string $input)   X-Ref
Encode a string with URL-safe Base64.

param: string $input The string you want encoded
return: string The base64 encode of what you passed in

getKey($keyOrKeyArray,?string $kid)   X-Ref
Determine if an algorithm has been provided for each Key

param: Key|ArrayAccess<string,Key>|array<string,Key> $keyOrKeyArray
param: string|null            $kid
return: Key

constantTimeEquals(string $left, string $right)   X-Ref

param: string $left  The string of known length to compare against
param: string $right The user-supplied string
return: bool

handleJsonError(int $errno)   X-Ref
Helper method to create a JSON error.

param: int $errno An error number from json_last_error()
return: void

safeStrlen(string $str)   X-Ref
Get the number of bytes in cryptographic strings.

param: string $str
return: int

signatureToDER(string $sig)   X-Ref
Convert an ECDSA signature to an ASN.1 DER sequence

param: string $sig The ECDSA signature to convert
return: string The encoded DER object

encodeDER(int $type, string $value)   X-Ref
Encodes a value into a DER object.

param: int     $type DER tag
param: string  $value the value to encode
return: string  the encoded object

signatureFromDER(string $der, int $keySize)   X-Ref
Encodes signature from a DER object.

param: string  $der binary signature in DER format
param: int     $keySize the number of bits in the key
return: string  the signature

readDER(string $der, int $offset = 0)   X-Ref
Reads binary DER-encoded data and decodes into a single object

param: string $der the binary data in DER format
param: int $offset the offset of the data stream containing the object
return: array{int, string|null} the new offset and the decoded object