PHPackages eutkin/nette-jwt - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. eutkin/nette-jwt ActiveLibrary[Authentication & Authorization](/categories/authentication) eutkin/nette-jwt ================ Nette IUserStorage implementation using JWT instead of sessions. v1.1(8y ago)0181MITPHPPHP >= 5.4.0 Since Jul 10Pushed 8y ago1 watchersCompare [ Source](https://github.com/thewulf7/nette-jwt)[ Packagist](https://packagist.org/packages/eutkin/nette-jwt)[ RSS](/packages/eutkin-nette-jwt/feed)WikiDiscussions master Synced 2w ago READMEChangelog (2)Dependencies (5)Versions (3)Used By (0) nette-jwt-user-storage ====================== [](#nette-jwt-user-storage) [![Join the chat at https://gitter.im/klimesf/nette-jwt-user-storage](https://camo.githubusercontent.com/abe08b740a4156153736f791393ec4da6619c4be73212e75769f52edacc0e2b5/68747470733a2f2f6261646765732e6769747465722e696d2f4a6f696e253230436861742e737667)](https://gitter.im/klimesf/nette-jwt-user-storage?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)[![Latest Stable Version](https://camo.githubusercontent.com/abbce24050f2b30d27a9716f6d864290b54b8ff68a8da26974bc76238b31c285/68747470733a2f2f706f7365722e707567782e6f72672f6b6c696d6573662f6e657474652d6a77742d757365722d73746f726167652f76657273696f6e)](https://packagist.org/packages/klimesf/nette-jwt-user-storage)[![License](https://camo.githubusercontent.com/78f30f51b2dad95cf5b784eea795d79420dd393e67a30eda27c08bc632bb324d/68747470733a2f2f706f7365722e707567782e6f72672f6b6c696d6573662f6e657474652d6a77742d757365722d73746f726167652f6c6963656e7365)](https://packagist.org/packages/klimesf/nette-jwt-user-storage)[![Build Status](https://camo.githubusercontent.com/311f825eb32e1e4cfbaa2f4ec505e1ca581b3ebfd965463e3fa0d6fb54743568/68747470733a2f2f7472617669732d63692e6f72672f6b6c696d6573662f6e657474652d6a77742d757365722d73746f726167652e737667)](https://travis-ci.org/klimesf/nette-jwt-user-storage) [![JWT](https://camo.githubusercontent.com/794a7e938f720a3dfb2865db867b4bf087abbafd2d93f54766def6c075534c4e/687474703a2f2f6a77742e696f2f6173736574732f62616467652d636f6d70617469626c652e737667)](http://jwt.io/) Nette IUserStorage implementation using JWT access token instead of PHP sessions. > Disclaimer: If you don't know what JWT is, please refer to [JWT draft](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32) or to [JWT homepage](http://jwt.io/). On user login, the application stores `jwt_access_token` cookie instead of bad old `PHPSESSID` one. The cookie contains an encoded JWT signed by the application. The user authentication is then based on verifying the JWT rather than the session. > Warning: CSRF protection rules still apply! This means you no longer need to solve PHP session implementation, scaling and testing problems. All the things that you would normally store in the `SessionStorage` can be stored in a key-value storage, where the JWT is a key. This also means your application is ready to become SPA in the future. :) Configuration ------------- [](#configuration) Register the extension in your `config.neon`. ``` extensions: jwtUserStorage: Klimesf\Security\DI\JWTUserStorageExtension ``` Then configure its required properties. ``` JWTUserStorage: privateKey: 'secret-cat' # this secret is used to sign the JWT algorithm: 'HS256' # this is the signing algorithm ``` Both the JWT and the cookie in which it's stored is by default set to expire in 20 days. If you want to fiddle with expiration time, use `expiration` option: ``` JWTUserStorage: expiration: 20 days # sets JWT and cookie expiration time to 20 days (this is the default option) expiration: 20 minutes # sets JWT and cookie expiration time to 20 minutes expiration: false # sets JWT and cookie to never expire ``` By default, `jti` and `iat` (see [JWT draft](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32)) are added to your JWTs. If you don't want to use them, set `generateJti` and `generateIat` options to false. ``` JWTUserStorage: generateJti: false # disables jti generation for your JWT access tokens generateIat: false # disables iat generation for your JWT access tokens ``` If you want to define your own `Nette\Security\IIdentity` serializer, which serializes your identity implementation into the JWT body, you can implement `Klimesf\Security\IIdentitySerializer` ``` namespace Your\Own; class IdentitySerializer implements \Klimesf\Security\IIdentitySerializer { // ... } ``` and register it in configuration. ``` JWTUserStorage: identitySerializer: Your\Own\IdentitySerializer ``` And that's it, you're ready to go! Known issues ------------ [](#known-issues) - If you are developing an app with JWT User Storage and you still see `PHPSESSID` in your cookies, it's probably because [Tracy\\Tracy](https://github.com/tracy/tracy) uses it. Discussion threads ------------------ [](#discussion-threads) - Czech discussion thread on [Nette Forum](https://forum.nette.org/cs/24081-nette-jwt-user-storage-dejte-sbohem-php-session#p161518) Literature ---------- [](#literature) - [Stormpath: Where to store JWTs](https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage/) - [Reddit: JWT vs session cookies](https://www.reddit.com/r/webdev/comments/3afcs9/jwt_vs_session_cookies_authentication/) - [Dev Kimchi](http://devkimchi.com/1622/can-json-web-token-jwt-be-an-alternative-for-session/) - [JTI Generation](https://github.com/bshaffer/oauth2-server-php/issues/265) ### Health Score 26 — LowBetter than 41% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity7 Limited adoption so far Community10 Small or concentrated contributor base Maturity59 Maturing project, gaining track record Bus Factor1 Top contributor holds 66.7% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~136 days Total 2 Last Release 3141d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/e28af5e47c51b76c74aac86e13679d9629c516c481f8ce8cb5e771a7324d14f0?d=identicon)[thewulf7](/maintainers/thewulf7) --- Top Contributors [![thewulf7](https://avatars.githubusercontent.com/u/1582808?v=4)](https://github.com/thewulf7 "thewulf7 (2 commits)")[![starosta33](https://avatars.githubusercontent.com/u/8767323?v=4)](https://github.com/starosta33 "starosta33 (1 commits)") ### Embed Badge ![Health badge](/badges/eutkin-nette-jwt/health.svg) ``` [![Health](https://phpackages.com/badges/eutkin-nette-jwt/health.svg)](https://phpackages.com/packages/eutkin-nette-jwt) ``` ### Alternatives [google/auth Google Auth Library for PHP 1.4k286.7M205](/packages/google-auth)[stevenmaguire/oauth2-keycloak Keycloak OAuth 2.0 Client Provider for The PHP League OAuth2-Client 2276.2M36](/packages/stevenmaguire-oauth2-keycloak)[robsontenorio/laravel-keycloak-guard 🔑 Simple Keycloak Guard for Laravel 5181.1M3](/packages/robsontenorio-laravel-keycloak-guard)[ellaisys/aws-cognito AWS Cognito package that allows Auth and other related features using the AWS SDK for PHP 121242.9k1](/packages/ellaisys-aws-cognito)[microsoft/kiota-authentication-phpleague Authentication provider for Kiota using the PHP League OAuth 2.0 client to authenticate against the Microsoft Identity platform 153.8M9](/packages/microsoft-kiota-authentication-phpleague)[kovah/laravel-socialite-oidc OpenID Connect OAuth2 Provider for Laravel Socialite 24110.5k](/packages/kovah-laravel-socialite-oidc) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)