PHP JWT token generator using AWS KMS for encryption

About AWS KMS JWT

• Utilizes AWS KMS data keys for JWT generation using an envelope encryption method.
• Supports PHP >=5.3 (excluding GCM and CCM cipher algorithms)

Installing via Composer

You can install AWS KMS JWT using Composer.

# Install Composer
curl -sS https://getcomposer.org/installer | php

# Add it as a dependency
php composer.phar require iweron/aws-kms-jwt

After installing, you need to require Composer's autoloader:

require 'vendor/autoload.php';

Before using this lib, you will need to issue a spare AWS KMS master key. Check this article to figure out how to create one https://nsmith.net/aws-kms-cli You can check an examples directory to get more info on usage.

Envelope encryption

This lib implements envelope encryption with symmetric keys based on AWS KMS initially proposed by Latacora.

NB! This repo does not have the code for token verification/decryption. You might need to implement it yourself as it is shown in the following diagram:

Reference: https://developer.okta.com/blog/2019/07/25/the-hardest-thing-about-data-encryption#data-encryption-key-management-solutions