PHPackages flipboxfactory/craft-jwt - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. flipboxfactory/craft-jwt ActiveCraft-plugin[Authentication & Authorization](/categories/authentication) flipboxfactory/craft-jwt ======================== JWT Authorization 5.0.1(6mo ago)119.3k2[1 issues](https://github.com/flipboxfactory/craft-jwt/issues)PHPCI failing Since Mar 20Pushed 6mo ago2 watchersCompare [ Source](https://github.com/flipboxfactory/craft-jwt)[ Packagist](https://packagist.org/packages/flipboxfactory/craft-jwt)[ RSS](/packages/flipboxfactory-craft-jwt/feed)WikiDiscussions master Synced today READMEChangelog (10)Dependencies (4)Versions (15)Used By (0) JWT Tokens for Craft CMS ======================== [](#jwt-tokens-for-craft-cms) [![Join the chat at https://gitter.im/flipboxfactory/craft-jwt](https://camo.githubusercontent.com/1dfea56c7fd182f1d617c0d140617114440f1c8988d94c1152a59f641bcc181b/68747470733a2f2f6261646765732e6769747465722e696d2f666c6970626f78666163746f72792f63726166742d6a77742e737667)](https://gitter.im/flipboxfactory/craft-jwt?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)[![Latest Version](https://camo.githubusercontent.com/8ac4bdae914926fa71eec8c315e040bda77de02d760fb8b2199d844d636beddd/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f72656c656173652f666c6970626f78666163746f72792f63726166742d6a77742e7376673f7374796c653d666c61742d737175617265)](https://github.com/flipboxfactory/craft-jwt/releases)[![Software License](https://camo.githubusercontent.com/55c0218c8f8009f06ad4ddae837ddd05301481fcf0dff8e0ed9dadda8780713e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](LICENSE.md)[![Build Status](https://camo.githubusercontent.com/761839bb761f5ec4e28cac8e6cc17d5b297c47ce3448f2e24333a82b7e9c2a62/68747470733a2f2f696d672e736869656c64732e696f2f7472617669732f666c6970626f78666163746f72792f63726166742d6a77742f6d61737465722e7376673f7374796c653d666c61742d737175617265)](https://travis-ci.com/flipboxfactory/craft-jwt)[![Coverage Status](https://camo.githubusercontent.com/45288c67e25997b323394b197cbd5359ba416dad7c6e7c6f0034222a991a8b4b/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f636f7665726167652f672f666c6970626f78666163746f72792f63726166742d6a77742e7376673f7374796c653d666c61742d737175617265)](https://scrutinizer-ci.com/g/flipboxfactory/craft-jwt/code-structure)[![Quality Score](https://camo.githubusercontent.com/5be8a3f76444f0367dc013d00c4bba023f05ae160a8da23b482ab637781170dc/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f672f666c6970626f78666163746f72792f63726166742d6a77742e7376673f7374796c653d666c61742d737175617265)](https://scrutinizer-ci.com/g/flipboxfactory/craft-jwt)[![Total Downloads](https://camo.githubusercontent.com/0d584d089025431b6c225af6ba8add830a8001e4747263a5ed6f1ab8e4e5cac3/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f666c6970626f78666163746f72792f63726166742d6a77742e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/flipboxfactory/craft-jwt) JWT (JSON Web Token) for Craft CMS assists in issuing and claiming tokens. The intent is to issue a token which, at a later time, can be claimed and used to perform various actions. The life of a JWT is defined upon creation and Use Cases --------- [](#use-cases) - Protected downloads - Protected pages/content - Authorization to API - Tracking actions (by user) - Sharing downloads/pages to guests To learn more about JWT visit [JWT.IO](https://jwt.io/introduction/) Requirements ------------ [](#requirements) This plugin requires Craft CMS 3.0 or later. Installation ------------ [](#installation) Simply run the following command from your project root: ``` composer require flipboxfactory/craft-jwt ``` Once the plugin is included in your project, navigate to the Control Panel, go to Settings → Plugins and click the “Install” button for the [JWT Plugin](https://github.com/flipboxfactory/craft-jwt). ### Templating [](#templating) The `craft.jwt` template variable provides access to the entire [JWT](https://github.com/flipboxfactory/craft-jwt) plugin. To access the services, you may use: Identity Service: ``` {% set token = craft.jwt.identity.issue(currentUser) %} {# To generate a token (store the identity) #} {% set claim = craft.jwt.identity.claim(token|trim) %} {# To claim a token (retrieve the identity) #} ``` Route Service: ``` {% set token = craft.jwt.route.issue('action/path') %} {# To generate a token (store the action path) #} {% set claim = craft.jwt.route.claim(token|trim) %} {# To claim a token (retrieve the action path) #} ``` Examples -------- [](#examples) Common usages of this plugin are as follows: ### Self-Consumable API (Hybrid API - calling your own API) [](#self-consumable-api-hybrid-api---calling-your-own-api) Making calls to your own API is a great candidate for JWT Identity tokens. The flow works something like this: 1. Set a JavaScript variable: `let jwt = '{{ craft.jwt.identity.issue(currentUser) }}'` 2. Using [Axois](https://github.com/axios/axios) (or other HTTP client library), make a call to your own API using the JWT token created in step 1. 3. Apply the Authentication filter to your API controller(s). ``` /** * @inheritdoc */ public function behaviors() { return \craft\helpers\ArrayHelper::merge( parent::behaviors(), [ 'authenticator' => [ 'authMethods' => [ \flipbox\craft\jwt\filters\JwtHttpBearerAuth::class ] ] ] ); } ``` A full example of the Authentication filter implementation can be found in our [RESTful API for Craft CMS](https://github.com/flipboxfactory/craft-restful/blob/master/src/controllers/AbstractController.php) ### Protected Downloads (or page access) [](#protected-downloads-or-page-access) Perhaps a user needs to access a protected page or file download. To circumvent exposing the url publicly, issue a JWT Route token. ##### Render template: [](#render-template) ``` {% set token = craft.jwt.route.issue(['templates/render', {'template': '_protected/template'}], currentUser) {# the link will automatically render the template #} View Protected Page ``` ##### File Download [](#file-download) ``` {% set asset = craft.assets.one() %} {% set token = craft.jwt.route.issue(['assets/thumb', {'uid': asset.uid, width: 100, height: 100}], currentUser) %} Download Protected File ``` Note: It's important to note that in the File Download example, we're also passing the `currentUser` param when generating the token. As a result, when the action is processed we're assuming the identity of the user who issued the token prior to performing the action. This means a user doesn't have to be logged in to Craft. Caution ------- [](#caution) JWTs created by this plugin are technically JWS (JSON Web Signature) tokens. The contents of a token can be easily decoded and viewed using tools such as [jwt.io](https://jwt.io). It is important **NOT** to store sensitive data in a token. The Craft '[security key](https://docs.craftcms.com/v3/installation.html#step-3-set-a-security-key)' is used to sign each token; ensuring the contents have not been tampered with. A token is valid for Contributing ------------ [](#contributing) Please see [CONTRIBUTING](https://github.com/flipboxfactory/craft-jwt/blob/master/CONTRIBUTING.md) for details. Credits ------- [](#credits) - [Flipbox Digital](https://github.com/flipbox) License ------- [](#license) The MIT License (MIT). Please see [License File](https://github.com/flipboxfactory/craft-jwt/blob/master/LICENSE) for more information. ### Health Score 48 — FairBetter than 94% of packages Maintenance67 Regular maintenance activity Popularity27 Limited adoption so far Community9 Small or concentrated contributor base Maturity71 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~253 days Recently: every ~558 days Total 12 Last Release 182d ago Major Versions 1.1.0 → 5.0.02025-10-30 ### Community Maintainers ![](https://www.gravatar.com/avatar/f88ef7075dc76a34393f80402c30cc8eec30d5134835314136669a68b8ce817f?d=identicon)[nateiler](/maintainers/nateiler) --- Top Contributors [![nateiler](https://avatars.githubusercontent.com/u/1892443?v=4)](https://github.com/nateiler "nateiler (37 commits)") ### Code Quality TestsPHPUnit Code StylePHP\_CodeSniffer ### Embed Badge ![Health badge](/badges/flipboxfactory-craft-jwt/health.svg) ``` [![Health](https://phpackages.com/badges/flipboxfactory-craft-jwt/health.svg)](https://phpackages.com/packages/flipboxfactory-craft-jwt) ``` ### Alternatives [tymon/jwt-auth JSON Web Token Authentication for Laravel and Lumen 11.5k49.1M350](/packages/tymon-jwt-auth)[php-open-source-saver/jwt-auth JSON Web Token Authentication for Laravel and Lumen 8359.8M53](/packages/php-open-source-saver-jwt-auth)[scheb/2fa Two-factor authentication for Symfony applications (please use scheb/2fa-bundle to install) 578630.7k1](/packages/scheb-2fa)[patrickbussmann/oauth2-apple Sign in with Apple OAuth 2.0 Client Provider for The PHP League OAuth2-Client 1132.5M6](/packages/patrickbussmann-oauth2-apple)[vonage/jwt A standalone package for creating JWTs for Vonage APIs 424.1M4](/packages/vonage-jwt)[scheb/2fa-trusted-device Extends scheb/2fa-bundle with trusted devices support 355.1M16](/packages/scheb-2fa-trusted-device) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)