PHPackages                             aliirfaan/laravel-simple-jwt - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. aliirfaan/laravel-simple-jwt

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

aliirfaan/laravel-simple-jwt
============================

Generate and verify Json Web Token (JWT) in Laravel

9.1.0(2mo ago)22.5k↑22.2%MITPHP

Since Feb 1Pushed 2mo ago1 watchersCompare

[ Source](https://github.com/aliirfaan/laravel-simple-jwt)[ Packagist](https://packagist.org/packages/aliirfaan/laravel-simple-jwt)[ RSS](/packages/aliirfaan-laravel-simple-jwt/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (10)Dependencies (1)Versions (19)Used By (0)

Laravel Simple JWT
==================

[](#laravel-simple-jwt)

This package allows you to generate JSON Web Tokens. You can then verify the JWT code and grant access based on its validity. You can also use the optional refresh token flow for long lived sessions. You can generate and verify JWT directly inside a controller or use the provided authentication guard.

JWT flow
--------

[](#jwt-flow)

- User logs in and gets a JWT with custom claims
- For each request consumer sends JWT
- App verifies JWT and allow of disallow user based on validity

Refresh token flow
------------------

[](#refresh-token-flow)

- User logs in and gets a JWT with custom claims and also gets a refresh token with an expiry date
- For each request consumer sends JWT, refresh token is extended and gets a later expiry date
- If JWT expires, consumer sends refresh token
- App checks if refresh token is expired
- If refresh token is not expired, issue a JWT and extend refresh token

Features
--------

[](#features)

- Multiple JWT profiles. Each profile can have its own expiry, secret, etc...
- Generate JWT with custom claim
- Public claims can be included/overridden on generation
- Verify JWT
- Configuration for JWT expiry
- Refresh token flow after JWT expires
- Extend refresh token everytime the application is used so that user is not logged out
- Blacklist user so that token is not refreshed
- Authentication guard to authenticate users

Requirements
------------

[](#requirements)

- [Composer](https://getcomposer.org/)
- [Laravel](http://laravel.com/)
- [firebase/php-jwt](https://github.com/firebase/php-jwt)

Installation
------------

[](#installation)

You can install this package on an existing Laravel project with using composer:

```
 $ composer require aliirfaan/laravel-simple-jwt
```

Register the ServiceProvider by editing **config/app.php** file and adding to providers array:

```
  aliirfaan\LaravelSimpleJwt\SimpleJwtServiceProvider::class,
```

Note: use the following for Laravel &lt;5.1 versions:

```
 'aliirfaan\LaravelSimpleJwt\SimpleJwtServiceProvider',
```

Publish files with:

```
 $ php artisan vendor:publish --provider="aliirfaan\LaravelSimpleJwt\SimpleJwtServiceProvider"
```

or by using only `php artisan vendor:publish` and select the `aliirfaan\LaravelSimpleJwt\SimpleJwtServiceProvider` from the outputted list.

Apply the migrations:

```
 $ php artisan migrate
```

Configuration
-------------

[](#configuration)

This package publishes an `simple-jwt.php` file inside your applications's `config` folder which contains the settings for this package. Most of the variables are bound to environment variables, but you are free to directly edit this file, or add the configuration keys to the `.env` file.

The configurations are encapsulated in a profiles array with a 'default' profile available. You can add new profiles by adding a new array key.

jwt\_secret | String Secret key to use to encode JWT. You can generate one using an online service () or package.

```
'jwt_secret' => env('JWT_SECRET')
```

jwt\_algo | String Name of supported hashing algorithm

```
'jwt_algo' => env('JWT_ALGO', 'HS256')
```

jwt\_issuer | String Name of authority issuing JWT, normally your application name

```
'jwt_issuer' => env('JWT_ISSUER', config('app.name'))
```

jwt\_audience | String Name of resource server that will accept the claim, normally application url

```
'jwt_audience' => env('JWT_AUDIENCE', config('app.url'))
```

jwt\_does\_expire | Bool (true or false) Whether the jwt expires

```
'jwt_does_expire' => env('JWT_DOES_EXPIRE', true)
```

jwt\_ttl\_seconds | Numeric Number of seconds after which the JWT expires if jwt\_does\_expire is set to true

```
'jwt_ttl_seconds' => env('JWT_TTL_SECONDS', 900)
```

jwt\_leeway\_seconds | Numeric When checking nbf, iat or expiration times, we want to provide some extra leeway time to account for clock skew

```
'jwt_leeway_seconds' => env('JWT_LEEWAY_SECONDS', 0)
```

jwt\_refresh\_should\_extend | Bool (true or false) Whether we should automatically extend the JWT refresh token

```
'jwt_refresh_should_extend' => env('JWT_REFRESH_SHOULD_EXTEND', true)
```

jwt\_refresh\_ttl\_days | Numeric Number of days to extend refresh token expiry

```
'jwt_refresh_ttl_days' => env('JWT_REFRESH_TTL_DAYS', 90)
```

Usage
-----

[](#usage)

### New profile

[](#new-profile)

```