Pragmatism in the real world

Creating JWKS.json file in PHP

In order to verify a JWT created with an asymmetric key, the verifier needs to get the correct public key. One way to do is described in RFC7517 which describes the JSON Web Key format. Within the header of the JWT there is a kid property which is the key ID which is then used to find the correct key within a list provided at the /.well-known/jwks.json endpoint. The JWT header therefore looks something like… continue reading.

A quick guide to JWTs in PHP

The most common use of JWTs is as an authentication token, usually within an OAuth2 workflow. Creating these tokens is part and parcel of the authentication library that you use. I recently had a requirement to use a JWT independent of authentication and these are some notes on what I learned when researching with Lcobucci\JWT. Make up of a JWT To really understand JWTs, read RFC7519. For a more readable introduction, read the one on… continue reading.

PHPUK 2023

I have just returned from the 2023 edition of PHPUK and, as always, found it a valuable conference to catch up with the PHP community and find out what’s happening in the ecosystem. This year, I was accepted to speak on the differences between RPC, REST and GraphQL APIs and was surprised and gratified that the room was at full capacity. Thank you to everyone that attended; I hope that you learnt something useful. I… continue reading.

Installing Xdebug on PHP 8.1 installed with Homebrew

I have recently set up a new M2 MacBook Air and as usual, installed Homebrew and then installed PHP. Homebrew is always up to date, so it installed PHP 8.1 for me. Again, as usual, I installed Xdebug using pecl install xdebug. This whirrs and clicks for a while downloading and compiling the xdebug.so and then fails with: rob@ardent ~ $ pecl install xdebug downloading xdebug-3.1.5.tgz … Starting to download xdebug-3.1.5.tgz (232,070 bytes) … Build… continue reading.

Changelog generator for GitHub milestones

For many years now, I've been using Matthew Weier O'Phinney's changelog_generator script to generate an easy-to-read list of changes for a given milestone. Time has moved on; the Laminas project now uses Laminas Automatic Releases and Matthew hasn't updated his script since 2013. Since PHP 8, warnings have started appear, so it's clear updates were required. While I fully intend to see if I can use Automatic Releases on some projects, I have others where… continue reading.

Setting HTTP status code based on Exception in Slim 4

One thing that's quite convenient is to be able to throw an exception with a valid HTTP code set and have that code sent to the client. For example, you may have: throw new \RuntimeException("Not Found", 404); With the standard Slim 4 error handler, this response is sent to the client: $ curl -i -H "Accept:application/json" http://localhost:8888 HTTP/1.1 500 Internal Server Error Host: localhost:8888 Content-type: application/json { "message": "Slim Application Error" } Ideally we want… continue reading.

Dependency injection in Serverless PHP with Bref

When writing PHP for AWS Lambda, Bref is the way to do it. One thing I like about Bref is that you can use PSR-15 Request Handlers to respond to API Gateway HTTP events as documented in the API Gateway HTTP events section of the Bref docs. The request handler is the same as used in PSR-7 micro-frameworks like Slim or Mezzio and can be thought of as a controller action. As such, it's really… continue reading.

Installing PHP extensions without pecl in PHP 8 Docker images

UPDATE: Since this was published, PR 1087 has been raised and merged with restores pecl to the Docker PHP 8 images. I discovered recently that pecl is no longer shipped in the PHP Docker images for PHP 8. This appears to be related to the deprecation of –with-pear in PHP core as noted in issue 1029. Consider this Dockerfile: FROM php:8.0.0RC5-cli-buster RUN pecl install mongodb && docker-php-ext-enable mongodb If you build, you'll discover the pecl… continue reading.

Step-debugging linked composer dependencies with PhpStorm

One project I'm working on has multiple separate parts in different git repositories that are brought into the main project using linked composer directories. I needed to get step debugging working in PhpStorm and this is the approach I took.