PHPackages freedomsex/self-signed-token - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. freedomsex/self-signed-token Abandoned → [a4sex/self-signed-token](/?search=a4sex%2Fself-signed-token)Library[Authentication & Authorization](/categories/authentication) freedomsex/self-signed-token ============================ A simple self-signed token based on a secret string and creation time. 1.0.4(4y ago)0622MITPHPPHP ^7.4CI failing Since Jul 19Pushed 4y ago1 watchersCompare [ Source](https://github.com/freedomsex/self-signed-token)[ Packagist](https://packagist.org/packages/freedomsex/self-signed-token)[ RSS](/packages/freedomsex-self-signed-token/feed)WikiDiscussions master Synced today READMEChangelogDependencies (1)Versions (10)Used By (0) Self Signed Token ================= [](#self-signed-token) A simple self-signed token based on a secret string and expiration time. Expiration time and signature are saved as part of the token. The token is easy to check for token expiration time. It is also easy to verify its authenticity by signature. ``` $signedToken = new SelfSignedToken(); $token = $signedToken->create(); // that's all ``` I use this token to simply check its expiration from the time it was created. And signature based authenticity. All this without queries to the database. Without saving the token itself somewhere else. You can check the token on Web Server level(by Nginx). For example, using the `ngx_http_secure_link_module` I save the Token ID in the database, and the time of its creation. But I do not query the database if the token is not valid or expired. This is convenient for preventing flooding with requests, and as a simple but reliable protection against DDoS, is relatively. --- +**EasySignedToken** - simplified version of the token. Expiration time is not saved in token. Instead, the token *creation time* is saved. During validation, the token lifetime set in the configuration is used. In this case, you can change the token's lifetime after its creation. Token ----- [](#token) `6e000eeabea27aa13a0476d656e5a15e.1560148598.70272e700a46b3040ee53f2b083e3875` - Token ID - 6e000eeabea27aa13a0476d656e5a15e - Expiration time - 1560148598 (Unix Timestamp) - Signature - 70272e700a46b3040ee53f2b083e3875 ### Token ID [](#token-id) MD5 Hash randomly generated string. Very random, but not for any cryptographic protection. Just a random string. You can pass the prefix if you think it is not random enough for you. You can pass any string `[[:alnum:]-+=_]{1,40}` as `id`. ``` $id = $signedToken->generateId(); // OR $id = $signedToken->generateId($prefix); $token = $signedToken->create($id); $token = $signedToken->create('anyrandomstring'); ``` ### Expiration time [](#expiration-time) The time when the token was expired(Unix Timestamp). `$ttl` - Token lifetime in seconds from creation. Default 60 seconds. You can set the time to your taste. ``` $signedToken = new SelfSignedToken(); // OR $signedToken = new SelfSignedToken($ttl); // OR $signedToken->setTtl($time); $token = $signedToken->create(); $created = $signedToken->created(); // get creation time // OR set any time $token = $signedToken->create($id, $created); $token = $signedToken->create(null, $created); ``` ### Signature [](#signature) Simple MD5 Hash string. Generated based on Token ID, Expiration time and Secret phrase. ``` $signedToken = new SelfSignedToken($ttl); // OR $signedToken = new SelfSignedToken($ttl, $secret); $token = $signedToken->create(); ``` #### Bypass [](#bypass) `setBypass(true)` - ignore Signature and Expiration time Validate -------- [](#validate) `$ignoreSign` and `$ignoreExpires` boolean ``` $signedToken->valid($token); // OR $signedToken->valid($token, $ignoreSign); // OR $signedToken->valid($token, $ignoreSign, $ignoreExpires); ``` ### Health Score 29 — LowBetter than 60% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity13 Limited adoption so far Community7 Small or concentrated contributor base Maturity64 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~107 days Recently: every ~147 days Total 9 Last Release 1627d ago Major Versions 0.1.0 → 1.0.02020-04-12 PHP version history (2 changes)0.0.3PHP ^7.2 1.0.4PHP ^7.4 ### Community Maintainers ![](https://www.gravatar.com/avatar/ef0022ba73eb67e483511c396c9377b8d8ebd9541c75a22e8cbaac876c882edd?d=identicon)[freedomsex](/maintainers/freedomsex) --- Top Contributors [![tebaly](https://avatars.githubusercontent.com/u/9466814?v=4)](https://github.com/tebaly "tebaly (17 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/freedomsex-self-signed-token/health.svg) ``` [![Health](https://phpackages.com/badges/freedomsex-self-signed-token/health.svg)](https://phpackages.com/packages/freedomsex-self-signed-token) ``` ### Alternatives [namshi/jose JSON Object Signing and Encryption library for PHP. 1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client OAuth 1.0 Client Library 99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 41721.2M118](/packages/league-oauth2-google)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)