PHPackages                             bleeld/think-token - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. bleeld/think-token

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

bleeld/think-token
==================

This is a collection of JWT Token remote file management drivers developed in factory mode. Users can use different JWT extensions according to their business needs. In the future, developers can further improve more token drivers according to their own needs.

1.0.0(1y ago)03MITPHPPHP &gt;=7.4

Since Apr 17Pushed 2w agoCompare

[ Source](https://github.com/bleeld/think-token)[ Packagist](https://packagist.org/packages/bleeld/think-token)[ Docs](https://github.com/bleeld/think-token)[ RSS](/packages/bleeld-think-token/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (1)DependenciesVersions (2)Used By (0)

Think-Token - JWT Token 管理插件
============================

[](#think-token---jwt-token-管理插件)

[![License](https://camo.githubusercontent.com/7013272bd27ece47364536a221edb554cd69683b68a46fc0ee96881174c4214c/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d626c75652e737667)](LICENSE)[![PHP](https://camo.githubusercontent.com/8f88630d8fde65c4c0cb7f27c8ad47f201e275ef867516af10f6acdd54918ea1/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7068702d253345253344372e342d677265656e2e737667)](https://php.net)[![ThinkPHP](https://camo.githubusercontent.com/8398ee1f8dac444e5532ef7c53541cf75ccbd3aa7a5fc2b8211a602d77af2280/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7468696e6b7068702d362e782d6f72616e67652e737667)](https://www.thinkphp.cn)

一个为 ThinkPHP 6.x 设计的轻量级 JWT Token 管理插件，提供完整的认证解决方案。

✨ 特性
----

[](#-特性)

- 🔐 **安全的JWT实现** - 基于RFC 7519标准
- 🔄 **Token刷新机制** - Access Token + Refresh Token
- 🚫 **Token黑名单** - 支持撤销和强制下线
- ⚡ **高性能** - 智能缓存和初始化
- 🛡️ **防重放攻击** - Refresh Token一次性使用
- 📝 **完整文档** - 详细的使用指南和示例
- 🎯 **双模式支持** - Cookie模式和前端模式灵活切换

📦 安装
----

[](#-安装)

```
composer require bleeld/think-token
```

🚀 快速开始
------

[](#-快速开始)

### 1. 配置

[](#1-配置)

在 `.env` 文件中添加：

```
TOKEN_KEY=your_secure_64_character_hex_key_here
TOKEN_EXPIRE_TIME=7200
TOKEN_METHOD=HS256
TOKEN_COOKIE_MODE=0  # 0=前端模式(默认), 1=Cookie模式
```

生成安全密钥：

```
php -r "echo \think\Token::generateKey();"
```

### 2. 选择Token管理模式

[](#2-选择token管理模式)

Think-Token 支持两种模式，根据项目需求选择：

#### 模式一：Cookie模式（更安全）

[](#模式一cookie模式更安全)

```
// config/token.php
'cookie_mode' => true,

// 后端自动设置HttpOnly Cookie，JavaScript无法访问
$result = Token::createToken($userData, true);
// Token已存储在Cookie中，浏览器自动携带
```

#### 模式二：前端模式（更灵活，默认）

[](#模式二前端模式更灵活默认)

```
// config/token.php
'cookie_mode' => false,  // 或不配置

// Token返回给前端，前端自行存储
$result = Token::createToken($userData, true);
// 返回: {"access_token": "...", "refresh_token": "..."}
```

📚 详细对比和使用指南请查看：[双模式使用指南](DUAL_MODE_GUIDE.md)

### 3. 生成Token

[](#3-生成token)

```
use think\Token;

// 用户登录成功后
$userData = [
    'user_id' => 1,
    'username' => 'john_doe',
    'role' => 'admin'
];

$result = Token::createToken($userData, true);

// 返回:
// {
//     "code": 200,
//     "msg": "success",
//     "data": {
//         "access_token": "eyJ0eXAiOiJKV1QiLCJhbGc...",
//         "refresh_token": "eyJ0eXAiOiJKV1QiLCJhbGc...",
//         "token_type": "Bearer",
//         "expires_in": 7200,
//         "refresh_expires_in": 86400
//     }
// }
```

### 4. 验证Token

[](#4-验证token)

```
$token = request()->header('Authorization');
$token = str_replace('Bearer ', '', $token);

$result = Token::verifyToken($token);

if ($result['code'] === 200) {
    // Token有效
    $userId = $result['data']['user_id'];
} else {
    // Token无效
    echo $result['msg'];
}
```

### 5. 刷新Token

[](#5-刷新token)

```
$refreshToken = request()->param('refresh_token');

$result = Token::swapToken($refreshToken);

if ($result['code'] === 200) {
    // 获取新的tokens
    $newAccessToken = $result['data']['access_token'];
    $newRefreshToken = $result['data']['refresh_token'];
}
```

### 6. 撤销Token（登出）

[](#6-撤销token登出)

```
$token = request()->header('Authorization');
$token = str_replace('Bearer ', '', $token);

Token::blacklistToken($token);

// Token已被撤销，无法再使用
```

📖 文档
----

[](#-文档)

- [📚 完整使用指南](USAGE_EXAMPLE.md) - 详细的API文档和示例
- [🍪 双模式使用指南](DUAL_MODE_GUIDE.md) - Cookie模式 vs 前端模式详解
- [📊 优化报告](OPTIMIZATION_REPORT.md) - 本次优化的详细说明
- [🧪 测试脚本](test_token_quick.php) - 功能测试用例

🔧 API 参考
--------

[](#-api-参考)

### 核心方法

[](#核心方法)

方法说明参数返回值`createToken()`生成Token`$data`, `$isRefreshToken`, `$expTime``array``verifyToken()`验证Token`$token`, `$getData``array``swapToken()`刷新Token`$refresh_token`, `$isAutoSet`, `$revokeOld``array``autoSwapToken()`自动刷新Token`$tokens`, `$isAutoSet``array``blacklistToken()`撤销Token`$token`, `$ttl``bool``generateKey()`生成密钥`$length``string`### 配置方法

[](#配置方法)

方法说明参数`setKey()`设置密钥`$key``setExpireTime()`设置过期时间`$expire_time``setMethod()`设置加密方法`$method``setStorage()`设置存储驱动`$storage`🛡️ 安全建议
-------

[](#️-安全建议)

1. **使用强密钥** - 至少32个字符的十六进制字符串
2. **环境变量存储** - 不要在代码中硬编码密钥
3. **HTTPS传输** - 始终使用HTTPS传输Token
4. **合理设置过期时间** - Access Token建议1-2小时
5. **及时撤销Token** - 用户登出时调用`blacklistToken()`
6. **不要存储敏感信息** - Token中只存必要的用户标识

📝 更新日志
------

[](#-更新日志)

### v2.0.0 (2026-04-15)

[](#v200-2026-04-15)

**新增功能**:

- ✅ Token黑名单机制
- ✅ 增强的错误处理
- ✅ 完整的类型提示
- ✅ 防重放攻击保护

**修复问题**:

- ✅ 修复autoSwapToken逻辑缺陷
- ✅ 修复swapToken返回值问题
- ✅ 强化密钥验证规则
- ✅ 改进参数检查顺序

**性能优化**:

- ✅ 统一初始化机制
- ✅ 延长配置缓存时间
- ✅ 减少重复函数调用

**破坏性变更**:

- ⚠️ 最小密钥长度从16提升到32字符
- ⚠️ 某些方法的返回值结构有调整（更规范）

查看完整的 [优化报告](OPTIMIZATION_REPORT.md) 了解更多详情。

🤝 贡献
----

[](#-贡献)

欢迎提交 Issue 和 Pull Request！

📄 许可证
-----

[](#-许可证)

MIT License - 查看 [LICENSE](LICENSE) 文件了解详情。

💡 示例项目
------

[](#-示例项目)

查看完整的使用示例：

- [登录控制器示例](USAGE_EXAMPLE.md#2-%E5%AE%8C%E6%95%B4%E7%9A%84%E7%99%BB%E5%BD%95%E6%8E%A7%E5%88%B6%E5%99%A8%E7%A4%BA%E4%BE%8B)
- [认证中间件](USAGE_EXAMPLE.md#1-%E5%88%9B%E5%BB%BA%E4%B8%AD%E9%97%B4%E4%BB%B6%E8%BF%9B%E8%A1%8Ctoken%E9%AA%8C%E8%AF%81)
- [前端调用示例](USAGE_EXAMPLE.md#3-%E5%89%8D%E7%AB%AF%E8%B0%83%E7%94%A8%E7%A4%BA%E4%BE%8Bjavascript)

📞 支持
----

[](#-支持)

遇到问题？

1. 查看 [使用指南](USAGE_EXAMPLE.md)
2. 查看 [常见问题](USAGE_EXAMPLE.md#-%E5%B8%B8%E8%A7%81%E9%97%AE%E9%A2%98)
3. 提交 [Issue](https://github.com/bleeld/think-token/issues)

---

**Made with ❤️ for ThinkPHP Community**

###  Health Score

31

—

LowBetter than 66% of packages

Maintenance73

Regular maintenance activity

Popularity3

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity37

Early-stage or recently created project

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

442d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/160822439?v=4)[bleeld](/maintainers/bleeld)[@bleeld](https://github.com/bleeld)

---

Top Contributors

[![bleeld](https://avatars.githubusercontent.com/u/160822439?v=4)](https://github.com/bleeld "bleeld (2 commits)")

---

Tags

tokenthinkphp6thinkphp8

### Embed Badge

![Health badge](/badges/bleeld-think-token/health.svg)

```
[![Health](https://phpackages.com/badges/bleeld-think-token/health.svg)](https://phpackages.com/packages/bleeld-think-token)
```

###  Alternatives

[namshi/jose

JSON Object Signing and Encryption library for PHP.

1.8k103.2M103](/packages/namshi-jose)[kreait/firebase-tokens

A library to work with Firebase tokens

23945.4M18](/packages/kreait-firebase-tokens)[adhocore/jwt

Ultra lightweight JSON web token (JWT) library for PHP5.5+.

3031.8M29](/packages/adhocore-jwt)[psecio/jwt

A JWT (JSON Web Token) Encoding &amp; Decoding library

109362.5k2](/packages/psecio-jwt)[bizley/jwt

JWT integration for Yii 2

69478.8k2](/packages/bizley-jwt)[miladrahimi/php-jwt

A PHP implementation of JWT (JSON Web Token) generator, parser, verifier, and validator

70277.3k2](/packages/miladrahimi-php-jwt)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
