PHPackages                             gamegos/jws - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. gamegos/jws

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

gamegos/jws
===========

Json Web Signature (JWS) PHP implementation

1.0.1(11y ago)26359.6k↓16.6%105MITPHPPHP &gt;=5.4

Since Jun 17Pushed 10y ago15 watchersCompare

[ Source](https://github.com/Gamegos/php-jws)[ Packagist](https://packagist.org/packages/gamegos/jws)[ RSS](/packages/gamegos-jws/feed)WikiDiscussions master Synced 1mo ago

READMEChangelogDependencies (1)Versions (6)Used By (5)

JSON Web Signature (JWS) PHP Library
====================================

[](#json-web-signature-jws-php-library)

A simple and extensible PHP implementation of JWS based on JWS draft\]().

Note
----

[](#note)

**[gamegos/jwt](https://github.com/Gamegos/php-jwt) library is more suitable for a JSON WEB TOKEN(JWT) solution**

Installation
------------

[](#installation)

The recommended way to install gamegos/jws is through [Composer](http://getcomposer.org).

```
{
    "require": {
        "gamegos/jws": "~1.0"
    }
}
```

Basic Usage
-----------

[](#basic-usage)

Encoding

```
$headers = array(
    'alg' => 'HS256', //alg is required. see *Algorithms* section for supported algorithms
    'typ' => 'JWT'
);

// anything that json serializable
$payload = array(
    'sub' => 'someone@example.com',
    'iat' => '1402993531'
);

$key = 'some-secret-for-hmac';

$jws = new \Gamegos\JWS\JWS();
echo $jws->encode($headers, $payload, $key);
//eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzb21lb25lQGV4YW1wbGUuY29tIiwiaWF0IjoiMTQwMjk5MzUzMSJ9.0lgcQRnj_Jour8MLdIc71hPjjLVcQAOtagKVD9soaqU
```

Decoding &amp; Verifying

```
$key = 'some-secret-for-hmac';

//jws encoded string
$jwsString = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJzb21lb25lQGV4YW1wbGUuY29tIiwiaWF0IjoiMTQwMjk5MzUzMSJ9.0lgcQRnj_Jour8MLdIc71hPjjLVcQAOtagKVD9soaqU';

$jws = new \Gamegos\JWS\JWS();

$jws->verify($jwsString, $key);
```

If everything is ok you will get an array with 'headers' and 'payload'.

```
/*
Array
(
    [headers] => Array
        (
            [alg] => HS256
            [typ] => JWT
        )

    [payload] => Array
        (
            [sub] => someone@example.com
            [iat] => 1402993531
        )

)
*/
```

You will get one of [these exceptions](#exceptions) if something bad happens.

If you only want to parse jws string **without** signature verification you can use `decode` method.

```
$jws->decode($jwsString);
```

Supported Algorithms
--------------------

[](#supported-algorithms)

Currently these algorithms are supported.

alg ParameterDigital Signature or MAC AlgorithmHS256HMAC using SHA-256HS384HMAC using SHA-384HS512HMAC using SHA-512RS2561RSASSA-PKCS-v1\_5 using SHA-256RS3841RSASSA-PKCS-v1\_5 using SHA-384RS5121RSASSA-PKCS-v1\_5 using SHA-512noneNo digital signature or MAC performedSee [JWA Cryptographic Algorithms for Digital Signatures and MACs](http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-27#section-3) page for full list of defined algorithms for JWS.

Exceptions
----------

[](#exceptions)

- `InvalidSignatureException`
- `MalformedSignatureException`
- `UnspecifiedAlgorithmException`
- `UnsupportedAlgorithmException`

Extending: Adding New Signature/MAC Algorithm
---------------------------------------------

[](#extending-adding-new-signaturemac-algorithm)

Create an **algorithm class** that implements \\Gamegos\\JWS\\Algorithm\\AlgorithmInterface.

```
//example NoneAlgorithm
class NoneAlgorithm implements \Gamegos\JWS\Algorithm\AlgorithmInterface
{

    public function sign($key, $data)
    {
        return '';
    }

    public function verify($key, $data, $signature)
    {
        return (string) $signature === '';
    }
}
```

Register your class:

```
//...
$jws = new \Gamegos\JWS\JWS();
$jws->registerAlgorithm('my-new-algorithm', new NoneAlgorithm());
```

Now you can use `my-new-algorithm` as a usual 'alg' parameter.

Known Limitations
-----------------

[](#known-limitations)

- *JWS JSON Serialization* is not supported.

---

1 requires [php openssl module](http://www.php.net/manual/en/book.openssl.php).

###  Health Score

41

—

FairBetter than 89% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity47

Moderate usage in the ecosystem

Community25

Small or concentrated contributor base

Maturity62

Established project with proven stability

 Bus Factor1

Top contributor holds 94.1% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~74 days

Total

5

Last Release

4058d ago

Major Versions

0.2.1 → 1.0.02015-01-15

### Community

Maintainers

![](https://www.gravatar.com/avatar/5402895fce341eb0254bd5312d8458d6c85e28cb5f088a6d7f962d4ea4047f0a?d=identicon)[glkz](/maintainers/glkz)

![](https://www.gravatar.com/avatar/f0070858f99354fde68177f3b2604e3d3dec2e9d93f18797059afeaf8f710b94?d=identicon)[gudubeth](/maintainers/gudubeth)

---

Top Contributors

[![glkz](https://avatars.githubusercontent.com/u/281635?v=4)](https://github.com/glkz "glkz (16 commits)")[![bobby-dev](https://avatars.githubusercontent.com/u/6084572?v=4)](https://github.com/bobby-dev "bobby-dev (1 commits)")

---

Tags

jwtJWSjwaJSON Web TokenJSON Web Signaturedigital-signature

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/gamegos-jws/health.svg)

```
[![Health](https://phpackages.com/badges/gamegos-jws/health.svg)](https://phpackages.com/packages/gamegos-jws)
```

###  Alternatives

[namshi/jose

JSON Object Signing and Encryption library for PHP.

1.8k99.6M101](/packages/namshi-jose)[web-token/jwt-framework

JSON Object Signing and Encryption library for PHP and Symfony Bundle.

94818.9M77](/packages/web-token-jwt-framework)[sop/jwx

A PHP library for JSON web tokens (JWT) with signature (JWS) and encryption (JWE) support.

26257.5k1](/packages/sop-jwx)[web-token/jwt-library

JWT library

2011.2M83](/packages/web-token-jwt-library)[web-token/jwt-bundle

JWT Bundle of the JWT Framework.

132.5M7](/packages/web-token-jwt-bundle)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)