Php Jwt

Ultra lightweight, dependency free and standalone JSON web token (JWT) library for PHP5.6 to PHP8.1. This library makes JWT a cheese.
Alternatives To Php Jwt
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
Next Auth15,32221734 hours ago567August 01, 2022210iscTypeScript
Authentication for the Web.
Jwt6,9116,817535a day ago51August 19, 20227bsd-3-clausePHP
A simple library to work with JSON Web Token and JSON Web Signature
Java Jwt5,1481,9022896 days ago50June 24, 20224mitJava
Java implementation of JSON Web Token (JWT)
Pyjwt4,5189,4431,6063 days ago45May 12, 202222mitPython
JSON Web Token implementation in Python
Express Jwt4,32012,538724a month ago59May 31, 202244mitTypeScript
connect/express middleware that validates a JsonWebToken (JWT) and set the req.user with the attributes
Learn Json Web Tokens4,164
a month ago3April 15, 201920mitJavaScript
:closed_lock_with_key: Learn how to use JSON Web Token (JWT) to secure your next Web App! (Tutorial/Example with Tests!!)
15 days ago47gpl-3.0Python
:snake: A toolkit for testing, tweaking and cracking JSON Web Tokens
Guardian3,254685274 months ago50September 02, 20226mitElixir
Elixir Authentication
Paseto3,09876a month ago24June 20, 20221otherPHP
Platform-Agnostic Security Tokens
Iot Technical Guide3,002
6 months ago10apache-2.0Java
:honeybee: IoT Technical Guide --- 从零搭建高性能物联网平台及物联网解决方案和Thingsboard源码分析 :sparkles: :sparkles: :sparkles: (IoT Platform, SaaS, MQTT, CoAP, HTTP, Modbus, OPC, WebSocket, 物模型,Protobuf, PostgreSQL, MongoDB, Spring Security, OAuth2, RuleEngine, Kafka, Docker)
Alternatives To Php Jwt
Select To Compare

Alternative Project Comparisons


If you are new to JWT or want to refresh your familiarity with it, please check

Latest Version Build Scrutinizer CI Codecov branch StyleCI Software License Donate 15 Donate 25 Donate 50 Tweet

  • Lightweight JSON Web Token (JWT) library for PHP7.
  • Zero dependency (no vendor bloat).
  • If you still use PHP5.6, use version 0.1.2


# PHP7.0+
composer require adhocore/jwt

# PHP5.6
composer require adhocore/jwt:0.1.2

# For PHP5.4-5.5, use version 0.1.2 with a polyfill for


  • Six algorithms supported:
'HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512'
  • kid support.
  • Leeway support 0-120 seconds.
  • Timestamp spoofing for tests.
  • Passphrase support for RS* algos.


use Ahc\Jwt\JWT;

// Instantiate with key, algo, maxAge and leeway.
$jwt = new JWT('secret', 'HS256', 3600, 10);

Only the key is required. Defaults will be used for the rest:

$jwt = new JWT('secret');
// algo = HS256, maxAge = 3600, leeway = 0

For RS* algo, the key should be either a resource like below:

$key = openssl_pkey_new([
    'digest_alg' => 'sha256',
    'private_key_bits' => 1024,
    'private_key_type' => OPENSSL_KEYTYPE_RSA,

OR, a string with full path to the RSA private key like below:

$key = '/path/to/rsa.key';

// Then, instantiate JWT with this key and RS* as algo:
$jwt = new JWT($key, 'RS384');

Pro You dont need to specify pub key path, that is deduced from priv key.

Generate JWT token from payload array:

$token = $jwt->encode([
    'uid'    => 1,
    'aud'    => '',
    'scopes' => ['user'],
    'iss'    => '',

Retrieve the payload array:

$payload = $jwt->decode($token);


$token   = (new JWT('topSecret', 'HS512', 1800))->encode(['uid' => 1, 'scopes' => ['user']]);
$payload = (new JWT('topSecret', 'HS512', 1800))->decode($token);


Can pass extra headers into encode() with second parameter:

$token = $jwt->encode($payload, ['hdr' => 'hdr_value']);

Test mocking

Spoof time() for testing token expiry:

$jwt->setTestTimestamp(time() + 10000);

// Throws Exception.

Call again without parameter to stop spoofing time():


Examples with kid

$jwt = new JWT(['key1' => 'secret1', 'key2' => 'secret2']);

// Use key2
$token = $jwt->encode(['a' => 1, 'exp' => time() + 1000], ['kid' => 'key2']);

$payload = $jwt->decode($token);

$token = $jwt->encode(['a' => 1, 'exp' => time() + 1000], ['kid' => 'key3']);
// -> Exception with message Unknown key ID key3


The library is now marked at version 1.*.* as being stable in functionality and API.



Check adhocore/phalcon-ext.


Coming soon laravel-jwt.


Be aware of some security related considerations as outlined here which can be valid for any JWT implementations.

Popular Jwt Projects
Popular Token Projects
Popular Security Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Jwt Authentication