PHPackages bayfrontmedia/php-jwt - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. bayfrontmedia/php-jwt ActiveLibrary[Authentication & Authorization](/categories/authentication) bayfrontmedia/php-jwt ===================== A simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming to RFC 7519. v2.0.1(1y ago)01.0k11MITPHPPHP ^8.0 Since Oct 20Pushed 1y ago1 watchersCompare [ Source](https://github.com/bayfrontmedia/php-jwt)[ Packagist](https://packagist.org/packages/bayfrontmedia/php-jwt)[ Docs](https://github.com/bayfrontmedia/php-jwt)[ RSS](/packages/bayfrontmedia-php-jwt/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (6)DependenciesVersions (7)Used By (1) PHP-JWT ------- [](#php-jwt) A simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming to [RFC 7519](https://tools.ietf.org/html/rfc7519). Currently, the only supported algorithm is "HS256". Support for additional algorithms is planned for future versions. - [License](#license) - [Author](#author) - [Requirements](#requirements) - [Installation](#installation) - [Usage](#usage) License ------- [](#license) This project is open source and available under the [MIT License](LICENSE). Author ------ [](#author) [![Bayfront Media](https://camo.githubusercontent.com/0c0163913b2092e97dbf9684970adaf86f2f25871298d3d28b2dff4bf75b2915/68747470733a2f2f63646e312e6f6e62617966726f6e742e636f6d2f62666d2f6272616e642f62666d2d6c6f676f2e737667)](https://camo.githubusercontent.com/0c0163913b2092e97dbf9684970adaf86f2f25871298d3d28b2dff4bf75b2915/68747470733a2f2f63646e312e6f6e62617966726f6e742e636f6d2f62666d2f6272616e642f62666d2d6c6f676f2e737667) - [Bayfront Media homepage](https://www.bayfrontmedia.com?utm_source=github&utm_medium=direct) - [Bayfront Media GitHub](https://github.com/bayfrontmedia) Requirements ------------ [](#requirements) - PHP `^8.0` (Tested up to `8.4`) - JSON PHP extension Installation ------------ [](#installation) ``` composer require bayfrontmedia/php-jwt ``` Usage ----- [](#usage) A private, reproducible secret must be passed to the constructor. The same secret used to encode the JWT must also be used when decoding in order to verify the signature. A cryptographically secure secret can be generated using the static `createSecret()` method, if needed. ``` use Bayfront\JWT\Jwt; $secret = Jwt::createSecret(); // Be sure to save the secret to be used to decode the JWT $jwt = new Jwt($secret); ``` ### Public methods [](#public-methods) - [createSecret](#createsecret) - [getHeader](#getheader) - [setHeader](#setheader) - [removeHeader](#removeheader) - [getPayload](#getpayload) - [setPayload](#setpayload) - [removePayload](#removepayload) - [aud](#aud) - [exp](#exp) - [iat](#iat) - [iss](#iss) - [jti](#jti) - [nbf](#nbf) - [sub](#sub) - [encode](#encode) - [decode](#decode) - [validateSignature](#validatesignature) - [validateClaims](#validateclaims) --- ### createSecret [](#createsecret) **Description:** Create a cryptographically secure secret of random bytes. **NOTE:** Secrets are meant to be stored, as the same secret used to encode a JWT must be used to decode it. **Parameters:** - `$characters = 32` (int): Number of characters **Returns:** - (string) **Throws:** - `Exception` **Example:** ``` use Bayfront\JWT\Jwt; try { $secret = Jwt::createSecret(); } catch (Exception $e) { die($e->getMessage()); } ``` --- ### getHeader [](#getheader) **Description:** Returns current header array. **Parameters:** - None **Returns:** - (array) **Example:** ``` print_r($jwt->getHeader()); ``` --- ### setHeader [](#setheader) **Description:** Set custom value(s) to the current header array. **Parameters:** - `$header` (array): Key/value pairs to set to the header array **Returns:** - (self) **Example:** ``` $header = [ 'cty' => 'custom-content-type;v=1' ]; $jwt->setHeader($header); ``` --- ### removeHeader [](#removeheader) **Description:** Remove header key, if existing. **Parameters:** - `$key` (string) **Returns:** - (self) **Example:** ``` $jwt->removeHeader('cty'); ``` --- ### getPayload [](#getpayload) **Description:** Returns current payload array. **Parameters:** - None **Returns:** - (array) **Example:** ``` print_r($jwt->getPayload()); ``` --- ### setPayload [](#setpayload) **Description:** Set custom value(s) to the current payload array. **Parameters:** - `$payload` (array): Key/value pairs to set to the payload array **Returns:** - (self) **Example:** ``` $payload = [ 'user_id' => 10 ]; $jwt->setPayload($payload); ``` --- ### removePayload [](#removepayload) **Description:** Remove payload key, if existing. **Parameters:** - `$key` (string) **Returns:** - (self) **Example:** ``` $jwt->removePayload('user_id'); ``` --- ### aud [](#aud) **Description:** Set audience. **Parameters:** - `$aud` (string) **Returns:** - (self) --- ### exp [](#exp) **Description:** Set expiration time. **Parameters:** - `$exp` (int) **Returns:** - (self) --- ### iat [](#iat) **Description:** Set issued at time. **Parameters:** - `$iat` (int) **Returns:** - (self) --- ### iss [](#iss) **Description:** Set issuer. **Parameters:** - `$iss` (string) **Returns:** - (self) --- ### jti [](#jti) **Description:** Set JWT ID. **Parameters:** - `$jti` (string) **Returns:** - (self) --- ### nbf [](#nbf) **Description:** Set not before time. **Parameters:** - `$nbf` (int) **Returns:** - (self) --- ### sub [](#sub) **Description:** Set subject. **Parameters:** - `$sub` (string) **Returns:** - (self) --- ### encode [](#encode) **Description:** Encode and return a signed JWT. **Parameters:** - `$payload = []` (array) **Returns:** - (string) **Example:** ``` $now = time(); $token = $jwt->iss('API key whose secret signs the token') ->iat($now) ->nbf($now) ->exp($now + 86400) // 24 hours ->encode([ 'user_id' => 10 ]); ``` --- ### decode [](#decode) **Description:** Decode a JWT. This method validates the token structure as three segments separated by dots. The returned array will contain the keys `header`, `payload` and `signature`. If `$validate = true`, the signature and claims will also be validated. **Parameters:** - `$jwt` (string): The JWT itself or the entire `Authorization` header can be used - `$validate = true` (bool): Validate signature and claims **Returns:** - (array) **Throws:** - `Bayfront\JWT\TokenException` **Example:** ``` try { $decoded = $jwt->decode('encoded.jwt'); } catch (TokenException $e) { die($e->getMessage()); } ``` --- ### validateSignature [](#validatesignature) **Description:** Validate signature. **Parameters:** - `$jwt` (string): The JWT itself or the entire `Authorization` header can be used **Returns:** - (self) **Throws:** - `Bayfront\JWT\TokenException` **Example:** ``` try { $decoded = $jwt->validateSignature('encoded.jwt')->decode('encoded.jwt', false); } catch (TokenException $e) { die($e->getMessage()); } ``` --- ### validateClaims [](#validateclaims) **Description:** Validate the claims "iat", "nbf" and "exp", if existing. **Parameters:** - `$jwt` (string): The JWT itself or the entire `Authorization` header can be used **Returns:** - (self) **Throws:** - `Bayfront\JWT\TokenException` **Example:** ``` try { $decoded = $jwt->validateClaims('encoded.jwt')->decode('encoded.jwt', false); } catch (TokenException $e) { die($e->getMessage()); } ``` --- ### Health Score 35 — LowBetter than 80% of packages Maintenance40 Moderate activity, may be stable Popularity16 Limited adoption so far Community10 Small or concentrated contributor base Maturity63 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~305 days Recently: every ~377 days Total 6 Last Release 511d ago Major Versions v1.1.1 → v2.0.02023-01-26 PHP version history (2 changes)1.0.0PHP >=7.1.0 v2.0.0PHP ^8.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/5ad62c8d0e69358fd63b16fdaa71d5359231cd0cf660bbc3419071dc705c63a8?d=identicon)[bayfrontmedia](/maintainers/bayfrontmedia) --- Top Contributors [![robinsonjohn](https://avatars.githubusercontent.com/u/24327848?v=4)](https://github.com/robinsonjohn "robinsonjohn (13 commits)") --- Tags decodeencodejsonjwtphptokenphpjwtjsontokenencodedecode ### Embed Badge ![Health badge](/badges/bayfrontmedia-php-jwt/health.svg) ``` [![Health](https://phpackages.com/badges/bayfrontmedia-php-jwt/health.svg)](https://phpackages.com/packages/bayfrontmedia-php-jwt) ``` ### Alternatives [namshi/jose JSON Object Signing and Encryption library for PHP. 1.8k99.6M101](/packages/namshi-jose)[rbdwllr/reallysimplejwt A really simple library to generate user authentication JSON Web Tokens. 2902.4M22](/packages/rbdwllr-reallysimplejwt)[psecio/jwt A JWT (JSON Web Token) Encoding & Decoding library 109352.2k2](/packages/psecio-jwt)[nowakowskir/php-jwt JSON Web Token implementation for PHP. 41257.4k8](/packages/nowakowskir-php-jwt)[sop/jwx A PHP library for JSON web tokens (JWT) with signature (JWS) and encryption (JWE) support. 26257.5k1](/packages/sop-jwx)[paulvl/jwt-guard JWT Guard for Laravel 5.\* 1518.0k1](/packages/paulvl-jwt-guard) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)