PHPackages                             beastbytes/token - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. beastbytes/token

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

beastbytes/token
================

Token management library to generate and validate tokens

015PHP

Since Mar 24Pushed 1y ago1 watchersCompare

[ Source](https://github.com/beastbytes/token)[ Packagist](https://packagist.org/packages/beastbytes/token)[ RSS](/packages/beastbytes-token/feed)WikiDiscussions master Synced 1mo ago

READMEChangelogDependenciesVersions (1)Used By (0)

BeastBytes Token
================

[](#beastbytes-token)

BeastBytes Token creates, manages, and validates time limited tokens.

Tokens can be used for a variety of purposes, such as:

- Account verification
- Email confirmation
- Password reset

Requirements
------------

[](#requirements)

- PHP 8.1 or higher.

Installation
------------

[](#installation)

This package is installed when installing one of the token storage packages:

- BeastBytes Token PHP
- [BeastBytes Token Db](https://github.com/beastbytes/token-db.git)or the token factory package:
- [BeastBytes Token UUID4](https://github.com/beastbytes/token-uuid4.git)

To install the package directly:

```
composer require beastbytes/token
```

or add the following to the 'require' section composer.json:

```
"beastbytes/token": "^1.0"
```

Implementation
--------------

[](#implementation)

Token makes no assumptions about the token format or the token storage. Token generation is performed by a TokenFactoryInterface instance ([BeastBytes Token UUID4](https://github.com/beastbytes/token-uuid4.git) creates UUID V4 tokens), and storage is performed by a TokenStorageInterface instance (BeastBytes Token PHP and [BeastBytes Token Db](https://github.com/beastbytes/token-db.git)provide storage implementations for PHP files and databases respectively).

### TokenManager

[](#tokenmanager)

TokenManager provides a simple interface for creating, retrieving, and deleting tokens; abstracting away the storage implementation.

#### Configuration

[](#configuration)

To use with Yii's dependency injection container, see the configuration section of the token storage and factory packages.

### Token Types

[](#token-types)

Token types define the purpose of a token and its duration; token types are application specific and must be defined by the application. Token types are defined using an int backed enum that implements TokenTypeInterface; the enum name is the token type and the int value is the token duration in minutes. Each token type must have a unique duration.

Example TokenType enum:

```
enum TokenType: int implements TokenTypeInterface
{
    use TokenTypeTrait; // implements TokenTypeInterface

    case changePassword = 30;
    case confirmEmail = 15;
}
```

Usage
-----

[](#usage)

Take the case of a user account verification process. Once the user has registered their account, the application will raise an event that sends an email to the user; the email will contain a link that will verify that the user created the account.

### Event handler

[](#event-handler)

```
$token = $tokenManager->add(TokenType::verifyAccount, $currentUser->getId());
$email->send($currentUser, $token);
```

### Verification action

[](#verification-action)

On clicking the link in the email, the user is redirected to a page, and so action, that verifies the token; the token is typically a URL parameter.

```
public function actionVerifyAccount(
    #[RouteArgument('token')] string $tokenValue,
    TokenManager $tokenManager,
): ResponseInterface
{
    $token = $tokenManager->get($tokenValue);

    if ($token instanceof Token) {
        if ($token->isValid(TokenType::verifyAccount)) {
            $tokenManager->delete($token);

            $userId = $token->getUserId();
            // enable the user account

            // set success flash message
            return $this->redirect('/login');
        }

        // determine why the token is invalid
        $expired = $token->isExpired();
        if ($expired) {
            $tokenManager->delete($token);
            // set token expired flash message
        } else {
            if (!$token->isType(TokenType::verifyAccount)) {
                // set wrong token type flash message
            }
        }
    } else {
        // set token does not exist flash message
    }

    return $this->redirect('/');
}
```

###  Health Score

16

—

LowBetter than 5% of packages

Maintenance34

Infrequent updates — may be unmaintained

Popularity6

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity15

Early-stage or recently created project

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

### Community

Maintainers

![](https://www.gravatar.com/avatar/b0b5133b5137b26eeb25056449c28364ac0af31836eefba78912a9c8f0743aa3?d=identicon)[BeastBytes](/maintainers/BeastBytes)

---

Top Contributors

[![beastbytes](https://avatars.githubusercontent.com/u/1470144?v=4)](https://github.com/beastbytes "beastbytes (22 commits)")

### Embed Badge

![Health badge](/badges/beastbytes-token/health.svg)

```
[![Health](https://phpackages.com/badges/beastbytes-token/health.svg)](https://phpackages.com/packages/beastbytes-token)
```

###  Alternatives

[namshi/jose

JSON Object Signing and Encryption library for PHP.

1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client

OAuth 1.0 Client Library

99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield

Filament support for `spatie/laravel-permission`.

2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle

Implements a refresh token system over Json Web Tokens in Symfony

70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google

Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client

41721.2M118](/packages/league-oauth2-google)[illuminate/auth

The Illuminate Auth package.

9327.3M1.0k](/packages/illuminate-auth)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)