PHPackages aleksandarjockovic226/php-jwt - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. aleksandarjockovic226/php-jwt ActiveLibrary[Authentication & Authorization](/categories/authentication) aleksandarjockovic226/php-jwt ============================= Framework agnostic JWT library for PHP. v1.0.0(yesterday)01↑2900%MITPHPPHP ^8.5 Since Jun 22Pushed yesterdayCompare [ Source](https://github.com/aleksandarjockovic226/jwt-package)[ Packagist](https://packagist.org/packages/aleksandarjockovic226/php-jwt)[ RSS](/packages/aleksandarjockovic226-php-jwt/feed)WikiDiscussions main Synced today READMEChangelogDependencies (2)Versions (2)Used By (0) JWT Package =========== [](#jwt-package) Simple, framework-agnostic JWT library for PHP with RS256 support. Features -------- [](#features) - JWT encoding and decoding - RS256 signing and verification - Custom key providers - Token validation - Expiration (`exp`) validation - Issued At (`iat`) validation - Not Before (`nbf`) validation - Framework agnostic - Fully typed (`strict_types=1`) - PHPUnit tested - PHPStan clean --- Installation ------------ [](#installation) ``` composer require aleksandarjockovic226/php-jwt ``` --- Generate RSA Keys ----------------- [](#generate-rsa-keys) Generate a private key: ``` openssl genrsa -out private.pem 2048 ``` Generate the corresponding public key: ``` openssl rsa -in private.pem -pubout -out public.pem ``` --- Basic Usage ----------- [](#basic-usage) ### Create JWT Service [](#create-jwt-service) ``` use aleksandarjockovic226\Jwt\Algorithms\RsaSha256Algorithm; use aleksandarjockovic226\Jwt\Factories\DefaultJwtHeaderFactory; use aleksandarjockovic226\Jwt\Providers\FileKeyProvider; use aleksandarjockovic226\Jwt\Services\JwtService; use aleksandarjockovic226\Jwt\Support\TokenParser; $jwt = new JwtService( algorithm: new RsaSha256Algorithm( new FileKeyProvider( privateKeyPath: __DIR__ . '/private.pem', publicKeyPath: __DIR__ . '/public.pem', ), ), headerFactory: new DefaultJwtHeaderFactory(), tokenParser: new TokenParser(), ); ``` --- Encode Token ------------ [](#encode-token) ``` use aleksandarjockovic226\Jwt\Builders\JwtPayloadBuilder; $payload = JwtPayloadBuilder::create() ->claim('sub', 123) ->claim('email', 'john@example.com') ->claim('role', 'admin') ->build(); $token = $jwt->encode($payload); echo $token; ``` You can also set multiple claims at once with `claims()`: ``` $payload = JwtPayloadBuilder::create() ->claims([ 'sub' => 123, 'email' => 'john@example.com', 'role' => 'admin', ]) ->build(); ``` --- Decode Token ------------ [](#decode-token) ``` $payload = $jwt->decode($token); echo $payload->get('sub'); echo $payload->get('email'); ``` --- Verify Token ------------ [](#verify-token) ``` $isValid = $jwt->verify($token); if ($isValid) { echo 'Token is valid'; } ``` --- Using Expiration Validation --------------------------- [](#using-expiration-validation) ``` use aleksandarjockovic226\Jwt\Support\SystemClock; use aleksandarjockovic226\Jwt\Validators\ExpirationValidator; $jwt = new JwtService( algorithm: $algorithm, headerFactory: new DefaultJwtHeaderFactory(), tokenParser: new TokenParser(), validators: [ new ExpirationValidator( new SystemClock(), ), ], ); ``` Generate token: ``` $payload = JwtPayloadBuilder::create() ->claim('sub', 123) ->claim('exp', time() + 3600) ->build(); ``` --- Using Issued At Validation -------------------------- [](#using-issued-at-validation) ``` use aleksandarjockovic226\Jwt\Validators\IssuedAtValidator; $jwt = new JwtService( algorithm: $algorithm, headerFactory: new DefaultJwtHeaderFactory(), tokenParser: new TokenParser(), validators: [ new IssuedAtValidator( new SystemClock(), ), ], ); ``` ``` $payload = JwtPayloadBuilder::create() ->claim('iat', time()) ->build(); ``` --- Using Not Before Validation --------------------------- [](#using-not-before-validation) ``` use aleksandarjockovic226\Jwt\Validators\NotBeforeValidator; $jwt = new JwtService( algorithm: $algorithm, headerFactory: new DefaultJwtHeaderFactory(), tokenParser: new TokenParser(), validators: [ new NotBeforeValidator( new SystemClock(), ), ], ); ``` ``` $payload = JwtPayloadBuilder::create() ->claim('nbf', time() + 60) ->build(); ``` The token will become valid after 60 seconds. --- Combining Validators -------------------- [](#combining-validators) ``` $jwt = new JwtService( algorithm: $algorithm, headerFactory: new DefaultJwtHeaderFactory(), tokenParser: new TokenParser(), validators: [ new ExpirationValidator( new SystemClock(), ), new IssuedAtValidator( new SystemClock(), ), new NotBeforeValidator( new SystemClock(), ), ], ); ``` --- In-Memory Keys -------------- [](#in-memory-keys) Useful when keys are stored in environment variables or secrets managers. ``` use aleksandarjockovic226\Jwt\Providers\InMemoryKeyProvider; $keyProvider = new InMemoryKeyProvider( privateKey: getenv('JWT_PRIVATE_KEY'), publicKey: getenv('JWT_PUBLIC_KEY'), ); ``` --- Access Payload Claims --------------------- [](#access-payload-claims) ``` $payload->has('email'); $payload->get('email'); $payload->get('missing', 'default-value'); $payload->all(); ``` --- Exceptions ---------- [](#exceptions) The package throws specialized exceptions: ``` JwtException ├── InvalidTokenException ├── InvalidHeaderException ├── InvalidPayloadException ├── InvalidSignatureException ├── TokenExpiredException ├── InvalidClaimException ├── KeyException └── AlgorithmException ``` Example: ``` try { $payload = $jwt->decode($token); } catch (TokenExpiredException $e) { echo 'Token expired'; } catch (InvalidSignatureException $e) { echo 'Invalid signature'; } ``` --- Requirements ------------ [](#requirements) - PHP 8.5+ - OpenSSL extension --- License ------- [](#license) MIT License ### Health Score 42 — FairBetter than 89% of packages Maintenance100 Actively maintained with recent releases Popularity2 Limited adoption so far Community8 Small or concentrated contributor base Maturity50 Maturing project, gaining track record Bus Factor1 Top contributor holds 50% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 1d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/51327741?v=4)[Aleksandar Jocković](/maintainers/aleksandarjockovic226)[@aleksandarjockovic226](https://github.com/aleksandarjockovic226) --- Top Contributors [![aleksandarjockovicparagraf](https://avatars.githubusercontent.com/u/171549610?v=4)](https://github.com/aleksandarjockovicparagraf "aleksandarjockovicparagraf (2 commits)")[![zivojindavidovic](https://avatars.githubusercontent.com/u/96872288?v=4)](https://github.com/zivojindavidovic "zivojindavidovic (2 commits)") --- Tags jwtsecurityauthtoken ### Code Quality TestsPHPUnit Static AnalysisPHPStan Type Coverage Yes ### Embed Badge ![Health badge](/badges/aleksandarjockovic226-php-jwt/health.svg) ``` [![Health](https://phpackages.com/badges/aleksandarjockovic226-php-jwt/health.svg)](https://phpackages.com/packages/aleksandarjockovic226-php-jwt) ``` ### Alternatives [tymon/jwt-auth JSON Web Token Authentication for Laravel and Lumen 11.5k50.9M364](/packages/tymon-jwt-auth)[namshi/jose JSON Object Signing and Encryption library for PHP. 1.8k102.0M102](/packages/namshi-jose)[adhocore/jwt Ultra lightweight JSON web token (JWT) library for PHP5.5+. 3011.7M20](/packages/adhocore-jwt)[auth0/auth0-php PHP SDK for Auth0 Authentication and Management APIs. 40921.3M85](/packages/auth0-auth0-php)[kreait/firebase-tokens A library to work with Firebase tokens 23943.8M18](/packages/kreait-firebase-tokens)[matricali/akamai-token-auth This library provides necessary logic to generate Akamai edge authorization token and signed URL. 111.2M](/packages/matricali-akamai-token-auth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)