Security
Raxos Security is a compact collection of cryptographic primitives and identifier utilities used across Raxos applications. It provides base64 encoding variants, HMAC signing, cryptographically secure token generation, timing attack mitigation, short and sortable unique identifier generators, a JSON Web Token encoder and decoder with claim validation, and a TOTP based two factor authentication implementation with QR provisioning support.
Every class is a small, dependency light static helper or value object, built on PHP's openssl and hash extensions and the shared Raxos error and foundation packages.
Highlights
JwtEncode and decode JSON Web Tokens with signature and claim validation.TwoFactorAuthTOTP based two factor authentication with QR provisioning URLs.UlidLexicographically sortable identifiers that encode a millisecond timestamp.HmacSign data with a shared secret and verify it in constant time.Explore by category
- Encoding, signing and tokens: base64 variants, HMAC signatures, secure tokens and timing attack mitigation.
- Identifiers: the NanoId and Ulid identifier generators.
- JSON Web Tokens: sign and verify JWTs with claim validation.
- Two factor authentication: the TOTP enrollment and login flow.
Quick example
php
<?php
declare(strict_types=1);
use Raxos\Security\Jwt\{Jwt, JwtAlgorithm};
$token = Jwt::encode([
'sub' => '1234',
'iat' => time(),
'exp' => time() + 3600,
], 'a-shared-secret', JwtAlgorithm::HS256);
$payload = Jwt::decode($token, ['a-shared-secret'], [JwtAlgorithm::HS256]);Installation
Install it with Composer.
shell
composer require raxos/securitySee installation for requirements, or use the sidebar to navigate this package.