PHPackages                             coffin-laughter/jwt-auth - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. coffin-laughter/jwt-auth

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

coffin-laughter/jwt-auth
========================

thinkphp jwt auth composer

v5.3.1(2y ago)0109MITPHPPHP ~8.1.0 || ~8.2.0 || ~8.3.0

Since Sep 26Pushed 2y ago2 watchersCompare

[ Source](https://github.com/coffin-laughter/jwt-auth)[ Packagist](https://packagist.org/packages/coffin-laughter/jwt-auth)[ RSS](/packages/coffin-laughter-jwt-auth/feed)WikiDiscussions master Synced today

READMEChangelog (3)Dependencies (2)Versions (7)Used By (0)

JWT-AUTH

[](#jwt-auth)

 thinkphp的jwt（JSON Web Token）身份验证包。支持Header、Cookie、Param等多种传参方式。包含：验证、验证并且自动刷新等多种中间件。

**在原来基础上优化，支持token进入黑名单之后，延迟token的有效期，解决前端并发请求携带旧token导致的问题**

支持Swoole
--------

[](#支持swoole)

环境要求
----

[](#环境要求)

1. php &gt;= 7.4
2. thinkphp ^6.0.0

说明
--

[](#说明)

> 目前支持如下三大类型加密方式：RSA,HASH,DSA。再各分256、384、512位。 默认是HS256，即hash 256位加密。

> 需要修改加密方式，请修改参数：ALGO，参数选项：

- HS256 > 备注：hash 256位
- HS384 > 备注：hash 384位
- HS512 > 备注：hash 512位
- RS256 > 备注：rsa 256位
- RS384 > 备注：rsa 384位
- RS512 > 备注：rsa 512位
- ES256 > 备注：dsa 256位
- ES384 > 备注：dsa 384位
- ES512 > 备注：dsa 512位

> 重要：RSA和DSA 都是非对称加密方式，除了修改参数ALGO外，需要配置：PUBLIC\_KEY、PRIVATE\_KEY两个参数， 这两个参数支持文本（不要开头、结尾和换行）或密钥文件路径。如果密钥设置了密码，请配置好参数：PASSWORD

> env文件不支持内容有等于号，遇到这种情况： 1、使用路径 2、生成没有等于号的密钥。

安装
--

[](#安装)

第一步:

```
$ composer require coffin-laughter/jwt-auth
```

第二步:

```
$ php think jwt:create
```

此举将生成jwt.php和.env配置文件。不推荐直接修改jwt.php 同时，env中会随机生成secret。请不要随意更新secret，也请保障secret安全。

使用方式
----

[](#使用方式)

对于需要验证的路由或者模块添加中间件：

```
 coffin\jwtauth\middleware\JWTAuth::class,
```

示例：

```
use coffin\jwtauth\facade\JWTAuth;

$token = JWTAuth::builder(['uid' => 1]);//参数为用户认证的信息，请自行添加

JWTAuth::auth();//token验证

JWTAuth::refresh();//刷新token，会将旧token加入黑名单

```

token刷新说明：

> token默认有效期为60秒，如果需要修改请修改env文件。 refresh\_ttl为刷新token有效期参数，单位为分钟。默认有效期14天。 token过期后，旧token将会被加入黑名单。 token进入黑名单后有个延迟缓冲期，期间旧token仍可用，默认3秒 如果需要自动刷新，请使用中间件 coffin\\jwtauth\\middleware\\JWTAuthAndRefresh::class, 自动刷新后会通过header返回，请保存好。（注意，此中间件过期后第一次访问正常，第二次进入黑名单。）

token传参方式如下：

> 可通过jwt.php配置文件内token\_mode参数来调整参数接收方式及优先级 token\_mode默认值为\['header', 'cookie', 'param'\];

> 在某些前后端分离的情况下可选择取消cookie接收方式来避免token冲突

- 将token加入到url中作为参数。键名为token
- 将token加入到cookie。键名为token
- 将token加入header，如下：Authorization:bearer token值
- 以上三种方式，任选其一即可。推荐加入header中。

#### 其他操作

[](#其他操作)

1. 拉黑Token JWTAuth::invalidate($token);
2. 查询Token是否黑名单 JWTAuth::validate($token);

参考与借鉴
-----

[](#参考与借鉴)

感谢
--

[](#感谢)

- tymondesigns/jwt-auth
- php
- lcobucci/jwt
- thinkphp

License
-------

[](#license)

MIT

###  Health Score

29

—

LowBetter than 57% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity10

Limited adoption so far

Community8

Small or concentrated contributor base

Maturity66

Established project with proven stability

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~90 days

Recently: every ~113 days

Total

6

Last Release

925d ago

Major Versions

v4.3.1 → v5.3.12023-12-21

PHP version history (2 changes)v4.2.1PHP ^7.0

v5.3.1PHP ~8.1.0 || ~8.2.0 || ~8.3.0

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/18454614?v=4)[coffin\_laughter](/maintainers/coffin-laughter)[@coffin-laughter](https://github.com/coffin-laughter)

---

Top Contributors

[![coffin-laughter](https://avatars.githubusercontent.com/u/18454614?v=4)](https://github.com/coffin-laughter "coffin-laughter (18 commits)")

### Embed Badge

![Health badge](/badges/coffin-laughter-jwt-auth/health.svg)

```
[![Health](https://phpackages.com/badges/coffin-laughter-jwt-auth/health.svg)](https://phpackages.com/packages/coffin-laughter-jwt-auth)
```

###  Alternatives

[tymon/jwt-auth

JSON Web Token Authentication for Laravel and Lumen

11.7k51.8M370](/packages/tymon-jwt-auth)[league/oauth2-server

A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.

6.7k147.0M289](/packages/league-oauth2-server)[php-open-source-saver/jwt-auth

JSON Web Token Authentication for Laravel and Lumen

84611.1M63](/packages/php-open-source-saver-jwt-auth)[scheb/2fa

Two-factor authentication for Symfony applications (please use scheb/2fa-bundle to install)

585684.2k1](/packages/scheb-2fa)[jeremy379/laravel-openid-connect

OpenID Connect support to the PHP League's OAuth2 Server. Compatible with Laravel Passport.

59437.0k9](/packages/jeremy379-laravel-openid-connect)[scheb/2fa-trusted-device

Extends scheb/2fa-bundle with trusted devices support

365.8M34](/packages/scheb-2fa-trusted-device)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
