PHPackages                             arrow-web-sol/laravel-jwt-auth - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. arrow-web-sol/laravel-jwt-auth

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

arrow-web-sol/laravel-jwt-auth
==============================

Authenticate users via JWT in Laravel.

v0.6.1(1y ago)03.6k[1 PRs](https://github.com/ArrowWebSolutions/Laravel-JWT-Auth/pulls)MITPHPPHP 8.0.\*|8.1.\*|8.2.\*

Since Mar 3Pushed 1y ago2 watchersCompare

[ Source](https://github.com/ArrowWebSolutions/Laravel-JWT-Auth)[ Packagist](https://packagist.org/packages/arrow-web-sol/laravel-jwt-auth)[ Docs](https://github.com/ArrowWebSolutions/Laravel-JWT-Auth)[ RSS](/packages/arrow-web-sol-laravel-jwt-auth/feed)WikiDiscussions main Synced 2mo ago

READMEChangelog (7)Dependencies (19)Versions (18)Used By (0)

Laravel JWT Auth
================

[](#laravel-jwt-auth)

A simple method to authenticate users in Laravel via a JWT -

A bearer token is taken from the request, this token is then checked using the configured JWT algorithm. If the token is deemed valid, the the request is "authenticated". This package will check to ensure the token was signed using an appropriate key and is valid at the time of the request (iat, nbf and exp claim checks).

A common use case is in authentication in Laravel micro-services. Your auth service (Passport for example) can issue a JWT on successful login. Your other services can then use this package to authenticate requests without touching your auth service. Because a JWT is cryptographicaly signed you can verify the token originated from your auth service and hasn't been tampered with.

Installation
------------

[](#installation)

```
composer require arrow-web-sol/laravel-jwt-auth

```

Then run

```
php artisan jwt-auth:publish:config

```

That creates a jwt-config.php config file, in here you can set the signing method used, hash used, key (hmac only) and the public key (rsa and ecdsa). The key or public key is used to verify the JWT.

NOTE: the `jwt-config.php` is merged into `auth.php` as part of the service provider boot process. It adds a guard and provider for 'jwt', which in most cases will never be set nor used. But if you do have a 'jwt' guard and or provider in your `auth.php` file then be aware this package will override that key.

Middleware
----------

[](#middleware)

To protect routes, you can now use `'auth:jwt'`:

```
Route::middleware('auth:jwt')->get('/user', [UserController::class, 'index']);
```

Or, to set default auth method, edit `config/auth.php`

```
	    'defaults' => [
        	'guard' => 'jwt',
```

The package needs the token to be sent as a bearer token in the authorization header.

Testing
-------

[](#testing)

You can use the normal Laravel test methods:

```
//if jwt isn't your default guard
$this->actingAs($user, 'jwt');

//if jwt is your default guard
$this->actingAs($user);
```

Although we do this as part of our test suite, you can test the full token flow:

```
//NOTE: You need the private key set in config to do this for asymetric signatures
$jwtConfig = $this->app()->make(\Arrow\JwtAuth\Contracts\JwtConfiguration::class);

$token = $jwtConfig
    ->builder()
    ->issuedBy('https://arrow-web.dev')
    ->permittedFor('https://example.com')
    ->identifiedBy(Str::random(12))
    ->issuedAt(now()->toDateTimeImmutable())
    ->canOnlyBeUsedAfter(now()->toDateTimeImmutable())
    ->expiresAt(now()->addHour()->toDateTimeImmutable())
    ->withClaim('claim-name', 'claim-value')
    ->getToken($jwtConfig->signer(), $jwtConfig()->signingKey());

$this->withToken($token->toString())
    ->getJson('/user')
    ->assertSuccessful();
```

###  Health Score

37

—

LowBetter than 83% of packages

Maintenance33

Infrequent updates — may be unmaintained

Popularity16

Limited adoption so far

Community11

Small or concentrated contributor base

Maturity74

Established project with proven stability

 Bus Factor1

Top contributor holds 62.3% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~203 days

Total

16

Last Release

677d ago

PHP version history (2 changes)v0.3.0PHP 8.0.\*|8.1.\*

v0.4.0PHP 8.0.\*|8.1.\*|8.2.\*

### Community

Maintainers

![](https://www.gravatar.com/avatar/42e5e0efab7dca55d40171e679d8b78f0b2e0aec8d224cfb752105ff8bcf61ca?d=identicon)[ArronKing](/maintainers/ArronKing)

---

Top Contributors

[![ArronKing](https://avatars.githubusercontent.com/u/2041079?v=4)](https://github.com/ArronKing "ArronKing (33 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (12 commits)")[![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)](https://github.com/github-actions[bot] "github-actions[bot] (8 commits)")

---

Tags

jwtjwt-authenticationlaraveljwtlaravelAuthenticationArrow Web Solutions

###  Code Quality

TestsPest

Static AnalysisPHPStan

### Embed Badge

![Health badge](/badges/arrow-web-sol-laravel-jwt-auth/health.svg)

```
[![Health](https://phpackages.com/badges/arrow-web-sol-laravel-jwt-auth/health.svg)](https://phpackages.com/packages/arrow-web-sol-laravel-jwt-auth)
```

###  Alternatives

[tymon/jwt-auth

JSON Web Token Authentication for Laravel and Lumen

11.5k49.1M350](/packages/tymon-jwt-auth)[php-open-source-saver/jwt-auth

JSON Web Token Authentication for Laravel and Lumen

8359.8M53](/packages/php-open-source-saver-jwt-auth)[alajusticia/laravel-logins

Session management in Laravel apps, user notifications on new access, support for multiple separate remember tokens, IP geolocation, User-Agent parser

2011.0k](/packages/alajusticia-laravel-logins)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)