PHPackages codecasts/laravel-jwt - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. codecasts/laravel-jwt ActiveLibrary[Authentication & Authorization](/categories/authentication) codecasts/laravel-jwt ===================== Dead simple JWT Auth Provider for Laravel 5.4+ 0.11.0(6y ago)230120.7k↓85.9%26[7 issues](https://github.com/codecasts/laravel-jwt/issues)[3 PRs](https://github.com/codecasts/laravel-jwt/pulls)MITPHPPHP >=7.0.0CI failing Since May 15Pushed 4y ago19 watchersCompare [ Source](https://github.com/codecasts/laravel-jwt)[ Packagist](https://packagist.org/packages/codecasts/laravel-jwt)[ RSS](/packages/codecasts-laravel-jwt/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (2)Dependencies (5)Versions (11)Used By (0) [![Readme Art](https://camo.githubusercontent.com/0abc4328b72cc91ba4ab47bf4b8cc05217726515ee16560d6c319934cb8e3b5c/687474703a2f2f696d616765736861636b2e636f6d2f612f696d673932322f343438392f7466747851312e706e67)](https://camo.githubusercontent.com/0abc4328b72cc91ba4ab47bf4b8cc05217726515ee16560d6c319934cb8e3b5c/687474703a2f2f696d616765736861636b2e636f6d2f612f696d673932322f343438392f7466747851312e706e67) Laravel JWT =========== [](#laravel-jwt) [![Latest Stable Version](https://camo.githubusercontent.com/4064084a5c70963ee8b38fcac1eb5ff8e58b66b959d5eda3ec9ed721aff6aa8f/68747470733a2f2f706f7365722e707567782e6f72672f636f646563617374732f6c61726176656c2d6a77742f762f737461626c65)](https://packagist.org/packages/codecasts/laravel-jwt)[![Total Downloads](https://camo.githubusercontent.com/605e8265163b22a15d8e55c34900dc4a5bc02e2ed273caf2c9ede325c9616f2a/68747470733a2f2f706f7365722e707567782e6f72672f636f646563617374732f6c61726176656c2d6a77742f646f776e6c6f616473)](https://packagist.org/packages/codecasts/laravel-jwt)[![License](https://camo.githubusercontent.com/a5abb1af4c6d4c956d1c462422916475dc5ca1ff5148c24ca92028b50b3f20a3/68747470733a2f2f706f7365722e707567782e6f72672f636f646563617374732f6c61726176656c2d6a77742f6c6963656e7365)](https://packagist.org/packages/codecasts/laravel-jwt) This package provides out-of-the-box API authentication using JWT for Laravel. Installation. ------------- [](#installation) You can install this package by running: ``` composer require codecasts/laravel-jwt ``` Setup. ------ [](#setup) In order to setup this package into your application, minimal configuration is actually needed. ### 1) Service Provider. [](#1-service-provider) Register this package's Service Provider by adding it to the `providers`section of your `config/app.php` file: > You may skip this step on Laravel 5.5 due to the [auto-discovery package feature](https://laravel.com/docs/5.5/packages#package-discovery). ``` 'providers' => [ // ... other providers omitted Codecasts\Auth\JWT\ServiceProvider::class, ], ``` ### 2) Configuration file. [](#2-configuration-file) Publish the configuration file (`config/jwt.php`) by running the following command after registering the Service Provider. ``` php artisan vendor:publish --provider="Codecasts\Auth\JWT\ServiceProvider" ``` ### 3) Generate a Secret. [](#3-generate-a-secret) In order for this package to works, you will need a separate secret (do not use the application key). This package provides a command that can be used for generating a strong key. Get a new key by running: ``` php artisan jwt:generate ``` Then, copy the generated key contents into your `.env` file. **NOTICE**: The key generation process will not automatically set it inside your `.env` file, do it manually. ### 4) Setup Guard [](#4-setup-guard) In order to automatically authenticate your routes using `JWT` tokens, you need to change the guard driver to `jwt` Inside `config/auth.php` set the corresponding guard group you want to protect: If you have the default guard group named `api`, your `auth.php`should be like this: ``` 'guards' => [ // ... other guards omitted. 'api' => [ 'driver' => 'jwt', // this is the line you need to change. 'provider' => 'users', ], ], ``` That's it, we are all ready to use it. Usage. ------ [](#usage) This package aims to be dead simple to use. The following templates can be used to setup your existing authentication controllers and resources. **NOTICE**: Full working examples of use for this package will be added on this package when it reaches it's 1.0 version. ### Protecting Routes. [](#protecting-routes) This package is fully integrated with Laravel Authentication. The default configuration (`config/jwt.php`) brings a sensitive value that is very useful when your application is not completely an API: **`middleware_match`** By not completely an API, I mean, the JWT guard is not the default one. In those cases, in order to use the `auth` middleware, the config key **`middleware_match`** **MUST** be set to true. This configuration key allows non protected routes to work properly. Notice that this option will match middleware group names with guard names. **In this case, the 'api' middleware group will always use the `api` guard.** **Also, the 'web' middleware group will always use the `web` guard** If you do not use this value, you will need to use suffixes when referencing the `auth` middleware, like `auth:api`. ### Issuing and Renewing Tokens. [](#issuing-and-renewing-tokens) For issuing tokens, no special class is actually needed, you can just expect create a Guard current implementation from the IoC and work from there. Check out the examples. **On the following examples, all Guard instances are injected from `Illuminate\Contracts\Auth\Guard`** **On the following examples, all Request instances are injected from `Illuminate\Http\Request`** #### Token from User Instance. [](#token-from-user-instance) This method should be used when you just registered a user and any other special cases. ``` public function tokenFromUser(Guard $auth) { // generating a token from a given user. $user = SomeUserModel::find(12); // logs in the user $auth->login($user); // get and return a new token $token = $auth->issue(); return $token; } ``` #### Token from User Credentials. [](#token-from-user-credentials) This method should be used when you just registered a user and any other special cases. ``` public function tokenFromCredentials(Guard $auth, Request $request) { // get some credentials $credentials = $request->only(['email', 'password']); if ($auth->attempt($credentials)) { return $token = $auth->issue(); } return ['Invalid Credentials']; } ``` #### Refreshing Tokens. [](#refreshing-tokens) Tokens can be refreshed in 2 different ways: Auto detect or manual. If you do not pass any argument into the refresh method, the Guard will look for either a **`Authorization`** header or a **`token`** field on the request's body. ``` public function refreshToken(Guard $auth) { // auto detecting token from request. $token = $auth->refresh(); // manually passing the token to be refreshed. $token = $auth->refresh($oldToken); return $token; } ``` ### Custom Claims. [](#custom-claims) Of course, there are support for custom claims. You can set them in two ways. #### By explicitly passing them. [](#by-explicitly-passing-them) ``` $customClaims = [ 'custom1' => 'value1', 'custom2' => 'value2', ]; // when issuing $auth->issue($customClaims); // when refreshing // custom claims are the second parameter as the first one is the // old token $auth->refresh(null, $customClaims); ``` #### By Authenticatable method. [](#by-authenticatable-method) If all your users will have the same custom claims, you can setup a default custom claims method on your User's model (or any other Authenticatable you're using): If the method `customJWTClaims()` is present on the model being issue the token against, this claims will be automatically included. ``` class User extends Model implements Authenticatable { public function customJWTClaims() { return [ 'email' => $this->email, 'name' => $this->name, ]; } } ``` Contributing ------------ [](#contributing) Please see [CONTRIBUTING](CONTRIBUTING.md) for details. ### Health Score 39 — LowBetter than 85% of packages Maintenance19 Infrequent updates — may be unmaintained Popularity48 Moderate usage in the ecosystem Community23 Small or concentrated contributor base Maturity54 Maturing project, gaining track record Bus Factor2 2 contributors hold 50%+ of commits How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~115 days Recently: every ~218 days Total 9 Last Release 2360d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/799b2351104c65a512e9d428cce029e2e51cfa1ba10342ba50aba3bd5b71bf71?d=identicon)[hernandev](/maintainers/hernandev) --- Top Contributors [![hernandev](https://avatars.githubusercontent.com/u/1143355?v=4)](https://github.com/hernandev "hernandev (6 commits)")[![mateusjatenee](https://avatars.githubusercontent.com/u/10816999?v=4)](https://github.com/mateusjatenee "mateusjatenee (5 commits)")[![flyingluscas](https://avatars.githubusercontent.com/u/6232791?v=4)](https://github.com/flyingluscas "flyingluscas (5 commits)")[![motia](https://avatars.githubusercontent.com/u/20706253?v=4)](https://github.com/motia "motia (2 commits)")[![jonagoldman](https://avatars.githubusercontent.com/u/1297559?v=4)](https://github.com/jonagoldman "jonagoldman (1 commits)")[![emtudo](https://avatars.githubusercontent.com/u/191396?v=4)](https://github.com/emtudo "emtudo (1 commits)")[![jvlppm](https://avatars.githubusercontent.com/u/171599?v=4)](https://github.com/jvlppm "jvlppm (1 commits)") --- Tags json-web-tokenjwtjwt-authjwt-authenticationlaravellaravel-5-packagelaravel-54 ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/codecasts-laravel-jwt/health.svg) ``` [![Health](https://phpackages.com/badges/codecasts-laravel-jwt/health.svg)](https://phpackages.com/packages/codecasts-laravel-jwt) ``` ### Alternatives [tymon/jwt-auth JSON Web Token Authentication for Laravel and Lumen 11.5k49.1M344](/packages/tymon-jwt-auth)[php-open-source-saver/jwt-auth JSON Web Token Authentication for Laravel and Lumen 8359.8M52](/packages/php-open-source-saver-jwt-auth)[stechstudio/laravel-jwt Helper package that makes it easy to generate, consume, and protect routes with JWT tokens in Laravel 126117.6k](/packages/stechstudio-laravel-jwt)[truckersmp/steam-socialite Laravel Socialite provider for Steam OpenID. 1516.7k](/packages/truckersmp-steam-socialite)[pschocke/laravel-telegram-login-widget Easily integrate Telegrams login widget into your Laravel application to send Telegram messages 1610.4k](/packages/pschocke-laravel-telegram-login-widget) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)