PHPackages emog/phalcon-jwt-auth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. emog/phalcon-jwt-auth AbandonedLibrary[Authentication & Authorization](/categories/authentication) emog/phalcon-jwt-auth ===================== A simple JWT middleware for Phalcon Micro to handle stateless authentication 1.0.0(8y ago)234PHPPHP >=5.6 Since Aug 31Pushed 8y ago2 watchersCompare [ Source](https://github.com/emog/phalcon-jwt-auth-php56)[ Packagist](https://packagist.org/packages/emog/phalcon-jwt-auth)[ RSS](/packages/emog-phalcon-jwt-auth/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (1)Dependencies (1)Versions (2)Used By (0) phalcon-jwt-auth ================ [](#phalcon-jwt-auth) A simple JWT middleware for Phalcon Micro to handle stateless authentication. Installation ------------ [](#installation) ``` $ composer require emog/phalcon-jwt-auth ``` or in your composer.json ``` { "require": { "emog/phalcon-jwt-auth" : "dev-master" } } ``` then run ``` $ composer update ``` Usage ----- [](#usage) ### Configuration - Loading the config service [](#configuration---loading-the-config-service) in config.ini or in any config file ``` [jwtAuth] ; JWT Secret Key secretKey = 923753F2317FC1EE5B52DF23951B ; JWT default Payload ;; expiry time in minutes payload[exp] = 1440 payload[iss] = phalcon-jwt-auth ; Micro Applications do not have a controller or dispatcher ; so to know the resource being called we have to check the actual URL. ; If you want to disable the middleware on certain routes or resource: ;; index ignoreUri[] = / ;; regex pattern with http methods ignoreUri[] = regex:/application/ ignoreUri[] = regex:/users/:POST,PUT ;; literal strings ignoreUri[] = /auth/user:POST,PUT ignoreUri[] = /auth/application ``` in bootstrap or index file ``` use Phalcon\Mvc\Micro; use Phalcon\Config\Adapter\Ini as ConfigIni; use Phalcon\Di\FactoryDefault; use EmoG\Phalcon\Auth\Middleware\Micro as AuthMicro; // set default services $di = new FactoryDefault(); /** * IMPORTANT: * You must set "config" service that will load the configuration file. */ $config = new ConfigIni( APP_PATH . "app/config/config.ini"); $di->set( "config", function () use($config) { return $config; } ); $app = new Micro($di); // AUTH MICRO $auth = new AuthMicro($app); $app->handle(); ``` ### Configuration - Don't want to use a config file? then pass the config instead [](#configuration---dont-want-to-use-a-config-file-then-pass-the-config-instead) in bootstrap or index file ``` use Phalcon\Mvc\Micro; use Phalcon\Config\Adapter\Ini as ConfigIni; use Phalcon\Di\FactoryDefault; use EmoG\Phalcon\Auth\Middleware\Micro as AuthMicro; // set default services $di = new FactoryDefault(); $app = new Micro($di); // SETUP THE CONFIG $authConfig = [ 'secretKey' => '923753F2317FC1EE5B52DF23951B1', 'payload' => [ 'exp' => 1440, 'iss' => 'phalcon-jwt-auth' ], 'ignoreUri' : [ '/', 'regex:/application/', 'regex:/users/:POST,PUT', '/auth/user:POST,PUT', '/auth/application' ] ]; // AUTH MICRO $auth = new AuthMicro($app, $authConfig); $app->handle(); ``` ### Authentication [](#authentication) To make authenticated requests via http, you will need to set an authorization headers as follows: ``` Authorization: Bearer {yourtokenhere} ``` or pass the token as a query string ``` ?token={yourtokenhere} ``` ### Callbacks [](#callbacks) By default if the authentication fails, the middleware will stop the execution of routes and will immediately return a response of 401 Unauthorized. If you want to add your own handler: ``` $auth->onUnauthorized(function($authMicro, $app) { $response = $app["response"]; $response->setStatusCode(401, 'Unauthorized'); $response->setContentType("application/json"); // to get the error messages $response->setContent(json_encode([$authMicro->getMessages()[0]])); $response->send(); // return false to stop the execution return false; }); ``` If you want an additional checking on the authentication, like intentionally expiring a token based on the payload issued date, you may do so: ``` $auth->onCheck(function($auth) { // to get the payload $data = $auth->data(); if($data['iat'] data() ); print_r( $app->getDI()->get('auth')->data('email') ); // in your contoller print_r( $this->auth->data() ); ``` If you want to change the service name: ``` AuthMicro::$diName = 'jwtAuth'; ``` ### Creating a token [](#creating-a-token) In your controller or route handler ``` $payload = [ 'sub' => $user->id, 'email' => $user->email, 'username' => $user->username, 'role' => 'admin', 'iat' => time(), ]; $token = $this->auth->make($payload); ``` ### Accessing the authenticated user / data [](#accessing-the-authenticated-user--data) In your controller or route handler ``` echo $this->auth->id(); // will look for sub or id payload echo $this->auth->data(); // return all payload echo $this->auth->data('email'); ``` ### Extending [](#extending) If you want to add your own middleware or play around: ``` EmoG\Phalcon\Auth\Auth.php and its adapters - does all the authentication EmoG\Phalcon\Auth\TokenGetter\TokenGetter.php and its adapters - does the parsing or getting of token ``` ### JWT [](#jwt) Phalcon JWT Auth uses the Firebase JWT library. To learn more about it and JSON Web Tokens in general, visit: If you are using php 7 you can use Dmkit version which is compatible ### Health Score 27 — LowBetter than 49% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity10 Limited adoption so far Community10 Small or concentrated contributor base Maturity58 Maturing project, gaining track record Bus Factor1 Top contributor holds 92.3% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 3173d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/4a50e71c35cbbc198546419c09751eb53c680b6b014c87fb20e2e746ffeb984f?d=identicon)[emog](/maintainers/emog) --- Top Contributors [![emog](https://avatars.githubusercontent.com/u/3330081?v=4)](https://github.com/emog "emog (12 commits)")[![gabbanaesteban](https://avatars.githubusercontent.com/u/11374198?v=4)](https://github.com/gabbanaesteban "gabbanaesteban (1 commits)") --- Tags jwtAuthenticationphalcon ### Embed Badge ![Health badge](/badges/emog-phalcon-jwt-auth/health.svg) ``` [![Health](https://phpackages.com/badges/emog-phalcon-jwt-auth/health.svg)](https://phpackages.com/packages/emog-phalcon-jwt-auth) ``` ### Alternatives [admad/cakephp-jwt-auth CakePHP plugin for authenticating using JSON Web Tokens 160680.3k8](/packages/admad-cakephp-jwt-auth)[dmkit/phalcon-jwt-auth A simple JWT middleware for Phalcon Micro to handle stateless authentication 3541.5k](/packages/dmkit-phalcon-jwt-auth)[internacionalweb/cognito-token-verifier This library verifies that the signature of the JWT is valid, comes from a desired application, and that the token has not been tampered with or expired. 102.1k](/packages/internacionalweb-cognito-token-verifier) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)