JwtHeader uses ConstantsTrait
Enumeration of standard JOSE header parameter names.
Covers the parameters defined by:
- RFC 7515 §4.1 — JSON Web Signature (JWS) header
- RFC 7516 §4.1 — JSON Web Encryption (JWE) header
- RFC 7797 — Unencoded payload option (
b64) - RFC 8555 — ACME (
url,nonce)
These constants are used when building, parsing, or validating the protected header of a JWS / JWE / JWT.
Example:
$header =
[
JwtHeader::ALG => JwtAlgorithm::RS256 ,
JwtHeader::TYP => JwtType::JWT ,
JwtHeader::KID => $keyId ,
] ;
References:
- RFC 7515 §4.1 (JWS Header)
- RFC 7516 §4.1 (JWE Header)
- RFC 7517 §4 (JWK / JWK Thumbprint)
- RFC 7638 (JWK Thumbprint, used as
kid) - RFC 7797 (
b64) - RFC 8555 §6.2 (
url,noncefor ACME)
Tags
Table of Contents
Constants
- ALG : string = 'alg'
- `alg` — Algorithm used to secure the JWS / JWE (RFC 7515 §4.1.1, RFC 7516 §4.1.1).
- B64 : string = 'b64'
- `b64` — Boolean indicating whether the payload is base64url-encoded (RFC 7797). Used by detached signatures over raw payloads.
- CRIT : string = 'crit'
- `crit` — Critical header parameters: list of header names that the implementation MUST understand and process (RFC 7515 §4.1.11).
- CTY : string = 'cty'
- `cty` — Content type of the secured payload (RFC 7515 §4.1.10).
- ENC : string = 'enc'
- `enc` — Content encryption algorithm used to perform authenticated encryption on the plaintext (RFC 7516 §4.1.2).
- JKU : string = 'jku'
- `jku` — JWK Set URL: HTTPS URI referring to a resource for a set of JSON-encoded public keys (RFC 7515 §4.1.2).
- JWK : string = 'jwk'
- `jwk` — JSON Web Key corresponding to the key used to digitally sign the JWS (RFC 7515 §4.1.3).
- KID : string = 'kid'
- `kid` — Key ID hinting which key was used to secure the JWS / JWE (RFC 7515 §4.1.4).
- NONCE : string = 'nonce'
- `nonce` — Server-issued nonce echoed back in a JWS (RFC 8555).
- PPT : string = 'ppt'
- `ppt` — PASSporT type, used to identify the type of payload (RFC 8225, used by STIR).
- TYP : string = 'typ'
- `typ` — Media type of the complete JOSE object (RFC 7515 §4.1.9).
- URL : string = 'url'
- `url` — Target URL of the JWS request (RFC 8555 §6.2). Used by ACME (RFC 8555).
- X5C : string = 'x5c'
- `x5c` — X.509 Certificate Chain (RFC 7515 §4.1.6).
- X5T : string = 'x5t'
- `x5t` — X.509 Certificate SHA-1 Thumbprint (RFC 7515 §4.1.7).
- X5T_S256 : string = 'x5t#S256'
- `x5t#S256` — X.509 Certificate SHA-256 Thumbprint (RFC 7515 §4.1.8).
- X5U : string = 'x5u'
- `x5u` — X.509 URL referring to a resource for the X.509 public key certificate or certificate chain (RFC 7515 §4.1.5).
- ZIP : string = 'zip'
- `zip` — Compression algorithm applied to the plaintext before encryption (RFC 7516 §4.1.3). The only registered value is `DEF`.
Constants
ALG
`alg` — Algorithm used to secure the JWS / JWE (RFC 7515 §4.1.1, RFC 7516 §4.1.1).
public
string
ALG
= 'alg'
Value: one of the algorithm names registered in the IANA "JSON Web Signature and Encryption Algorithms" registry — see JwtAlgorithm.
B64
`b64` — Boolean indicating whether the payload is base64url-encoded (RFC 7797). Used by detached signatures over raw payloads.
public
string
B64
= 'b64'
CRIT
`crit` — Critical header parameters: list of header names that the implementation MUST understand and process (RFC 7515 §4.1.11).
public
string
CRIT
= 'crit'
CTY
`cty` — Content type of the secured payload (RFC 7515 §4.1.10).
public
string
CTY
= 'cty'
Used when the payload is itself a JOSE object (nested JWT).
ENC
`enc` — Content encryption algorithm used to perform authenticated encryption on the plaintext (RFC 7516 §4.1.2).
public
string
ENC
= 'enc'
JKU
`jku` — JWK Set URL: HTTPS URI referring to a resource for a set of JSON-encoded public keys (RFC 7515 §4.1.2).
public
string
JKU
= 'jku'
JWK
`jwk` — JSON Web Key corresponding to the key used to digitally sign the JWS (RFC 7515 §4.1.3).
public
string
JWK
= 'jwk'
KID
`kid` — Key ID hinting which key was used to secure the JWS / JWE (RFC 7515 §4.1.4).
public
string
KID
= 'kid'
NONCE
`nonce` — Server-issued nonce echoed back in a JWS (RFC 8555).
public
string
NONCE
= 'nonce'
PPT
`ppt` — PASSporT type, used to identify the type of payload (RFC 8225, used by STIR).
public
string
PPT
= 'ppt'
TYP
`typ` — Media type of the complete JOSE object (RFC 7515 §4.1.9).
public
string
TYP
= 'typ'
Typical values are documented in JwtType.
URL
`url` — Target URL of the JWS request (RFC 8555 §6.2). Used by ACME (RFC 8555).
public
string
URL
= 'url'
X5C
`x5c` — X.509 Certificate Chain (RFC 7515 §4.1.6).
public
string
X5C
= 'x5c'
X5T
`x5t` — X.509 Certificate SHA-1 Thumbprint (RFC 7515 §4.1.7).
public
string
X5T
= 'x5t'
X5T_S256
`x5t#S256` — X.509 Certificate SHA-256 Thumbprint (RFC 7515 §4.1.8).
public
string
X5T_S256
= 'x5t#S256'
X5U
`x5u` — X.509 URL referring to a resource for the X.509 public key certificate or certificate chain (RFC 7515 §4.1.5).
public
string
X5U
= 'x5u'
ZIP
`zip` — Compression algorithm applied to the plaintext before encryption (RFC 7516 §4.1.3). The only registered value is `DEF`.
public
string
ZIP
= 'zip'