PHPackages antikirra/token - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. antikirra/token ActiveLibrary antikirra/token =============== 1.0.0(7mo ago)0185PHPPHP ^8.1 Since Jan 31Pushed 7mo ago1 watchersCompare [ Source](https://github.com/antikirra/token)[ Packagist](https://packagist.org/packages/antikirra/token)[ RSS](/packages/antikirra-token/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (2)Versions (8)Used By (0) Lightweight Cryptographically Signed Tokens for PHP =================================================== [](#lightweight-cryptographically-signed-tokens-for-php) [![Packagist Dependency Version](https://camo.githubusercontent.com/53a61fc388bd8806673b60ff0d19fdd88da05d4a5da315275324b65507d6f0fd/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f646570656e64656e63792d762f616e74696b697272612f746f6b656e2f706870)](https://camo.githubusercontent.com/53a61fc388bd8806673b60ff0d19fdd88da05d4a5da315275324b65507d6f0fd/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f646570656e64656e63792d762f616e74696b697272612f746f6b656e2f706870)[![Packagist Version](https://camo.githubusercontent.com/618e86a6b2bbaa85cb1b0aa1f6d44d744d5ed6d72491b5fe419c731a42b016d9/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f616e74696b697272612f746f6b656e)](https://camo.githubusercontent.com/618e86a6b2bbaa85cb1b0aa1f6d44d744d5ed6d72491b5fe419c731a42b016d9/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f616e74696b697272612f746f6b656e)[![Code Coverage](https://camo.githubusercontent.com/32855e94577df9d0a30995653b17d33a5fbfdf644518f96ea0374313397d19b7/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f636f7665726167652d3130302532352d627269676874677265656e)](https://camo.githubusercontent.com/32855e94577df9d0a30995653b17d33a5fbfdf644518f96ea0374313397d19b7/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f636f7665726167652d3130302532352d627269676874677265656e) **Secure, lightweight PHP library for creating cryptographically signed tokens with built-in expiration and validation.** Supports any PHP hash algorithm for flexible performance and security trade-offs. Perfect for API authentication, session management, temporary access grants, and distributed systems requiring tamper-proof tokens without external dependencies. Install ------- [](#install) ``` composer require antikirra/token:^1.0 ``` Why Choose This Library? ------------------------ [](#why-choose-this-library) - ๐Ÿ”’ **Cryptographically Secure** - HMAC-based signatures prevent tampering and forgery - โฐ **Built-in Expiration** - Native timestamp-based expiration with microsecond precision - ๐ŸŽฏ **Type-Safe Design** - Strongly typed tokens with customizable type identifiers (1-255) - ๐Ÿ”ง **Algorithm Flexibility** - Support for any PHP hash algorithm (xxHash, SHA-3, BLAKE2, etc.) - ๐Ÿ“ฆ **Compact Encoding** - Efficient binary packing with URL-safe Base64 encoding - โœ… **Signature Verification** - Constant-time hash comparison prevents timing attacks - ๐Ÿš€ **Production Ready** - Battle-tested with comprehensive boundary testing - ๐Ÿงช **Fully Tested** - Extensive test coverage with Pest test suite - ๐Ÿ”„ **Serialization Support** - Built-in PHP serialization with validation - ๐Ÿ›ก๏ธ **Clone Protection** - Prevents token cloning for enhanced security Features -------- [](#features) - **Cryptographic Signatures**: HMAC-based signing with customizable salt and hash algorithms - **Expiration Management**: Built-in timestamp validation with timezone support - **Type System**: 255 distinct token types for multi-purpose authentication systems - **Identity Binding**: Supports 64-bit integer identities (up to 18,446,744,073,709,551,615) - **Nonce Generation**: Cryptographically secure random nonce (268,435,456 to 4,294,967,295) - **Binary Efficiency**: Compact binary packing reduces token size by ~40% vs JSON - **URL-Safe Encoding**: Base64url encoding compatible with URLs and HTTP headers - **Tamper Detection**: Constant-time signature verification with hash\_equals() - **Strict Validation**: Comprehensive input validation with clear error messages - **Zero Configuration**: Works out of the box, extend and configure as needed - **Memory Efficient**: Minimal memory footprint with readonly properties Perfect for ----------- [](#perfect-for) - **API Authentication**: Stateless authentication tokens with built-in expiration - **Session Management**: Secure session identifiers with tamper protection - **Temporary Access**: Time-limited resource access grants and one-time tokens - **OAuth/JWT Alternative**: Lightweight alternative for internal authentication systems - **Password Reset Tokens**: Secure, expiring tokens for password recovery flows - **Email Verification**: Tamper-proof verification tokens with expiration - **Download Links**: Time-limited, signed download URLs - **Invitation Systems**: Secure invitation tokens with type-based permissions - **Multi-Tenant Systems**: Type-based token segregation for different services - **Microservices**: Service-to-service authentication without shared state Requirements ------------ [](#requirements) - **PHP**: 8.1 or higher - **Extensions**: - `ext-mbstring` - For byte-safe string operations - **Dependencies**: - `antikirra/base64url` - URL-safe Base64 encoding/decoding Basic usage ----------- [](#basic-usage) ```