PHPackages gandung/jwt - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. gandung/jwt ActiveLibrary[Authentication & Authorization](/categories/authentication) gandung/jwt =========== Implementation Of JSON Web Token (RFC 7519) v1.0.0(8y ago)59MITPHPPHP >=7.0 Since Feb 9Pushed 5y ago2 watchersCompare [ Source](https://github.com/plvhx/jwt)[ Packagist](https://packagist.org/packages/gandung/jwt)[ RSS](/packages/gandung-jwt/feed)WikiDiscussions master Synced 3d ago READMEChangelog (1)Dependencies (4)Versions (4)Used By (0) JSON Web Token ============== [](#json-web-token) [![Scrutinizer Code Quality](https://camo.githubusercontent.com/041094d75f134c4d305a1493835729bf79e527217b6116422d954570be0e8781/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f706c7668782f6a77742f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/plvhx/jwt/?branch=master)[![Build Status](https://camo.githubusercontent.com/f828f5198bbf74361844b237557127a826005544dfb7690bdaccee9c2800151d/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f706c7668782f6a77742f6261646765732f6275696c642e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/plvhx/jwt/build-status/master) An implementation of JSON Web Token based on [RFC 7519](https://tools.ietf.org/html/rfc7519). - [Dependencies](#dependencies) - [Quick Start](#quick-start) - [Creating Signature](#creating-signature) - [HMAC](#hmac) - [RSA](#rsa) - [ECDSA](#ecdsa) - [Validating Signature](#validating-signature) - [HMAC](#hmac) - [RSA](#rsa) - [ECDSA](#ecdsa) - [Validating Token Constraints](#validating-token-constraints) Dependencies ------------ [](#dependencies) - PHP 7.0+ - OpenSSL Extension - Mbstring Extension - GMP Extension Quick Start ----------- [](#quick-start) ### Creating Signature [](#creating-signature) ### HMAC [](#hmac) ``` use Gandung\JWT\JWTFactory; $key = JWTFactory::getKeyManager(); $key->setPassphrase('secret'); $header = JWTFactory::getJoseBuilder() ->algorithm(\Gandung\JWT\Token\Algorithm::HS256) ->type('JWT') ->contentType('application/json'); $claim = JWTFactory::getClaimBuilder() ->issuedBy('me') ->expireAt(new \DateTimeImmutable('@' . (time() + 3600))); $payload = JWTFactory::getPayloadBuilder() ->claim($claim) ->userData([ 'credentials' => [ 'username' => 'me', 'password' => 'this_is_me_who_want_to_get_in' ] ]); $jwt = JWTFactory::getJwt(); $token = $jwt->createToken($header, $payload, $key); echo sprintf("Token: %s\n", $token); ``` ### RSA [](#rsa) ``` use Gandung\JWT\JWTFactory; $key = JWTFactory::getKeyManager(); // See: cert/dummy256.pem (Private Key) $key->setContentFromCertFile('cert/dummy256.pem'); $key->setPassphrase('umar123'); $header = JWTFactory::getJoseBuilder() ->algorithm(\Gandung\JWT\Token\Algorithm::RS256) ->type('JWT') ->contentType('application/json'); $claim = JWTFactory::getClaimBuilder() ->issuedBy('me') ->expireAt(new \DateTimeImmutable('@' . (time() + 3600))); $payload = JWTFactory::getPayloadBuilder() ->claim($claim) ->userData([ 'credentials' => [ 'username' => 'me', 'password' => 'this_is_me_who_want_to_get_in' ] ]); $jwt = JWTFactory::getJwt(); $token = $jwt->createToken($header, $payload, $key); echo sprintf("Token: %s\n", $token); ``` ### ECDSA [](#ecdsa) ``` use Gandung\JWT\JWTFactory; $key = JWTFactory::getKeyManager(); // See: cert/secp256.pem (Elliptic-Curve Private Key) $key->setContentFromCertFile('cert/secp256.pem'); $header = JWTFactory::getJoseBuilder() ->algorithm(\Gandung\JWT\Token\Algorithm::ES256) ->type('JWT') ->contentType('application/json'); $claim = JWTFactory::getClaimBuilder() ->issuedBy('me') ->expireAt(new \DateTimeImmutable('@' . (time() + 3600))); $payload = JWTFactory::getPayloadBuilder() ->claim($claim) ->userData([ 'credentials' => [ 'username' => 'me', 'password' => 'this_is_me_who_want_to_get_in' ] ]); $jwt = JWTFactory::getJwt(); $token = $jwt->createToken($header, $payload, $key); echo sprintf("Token: %s\n", $token); ``` ### Validating Signature [](#validating-signature) ### HMAC [](#hmac-1) ``` use Gandung\JWT\JWTFactory; $token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24ifQ.eyJpc3MiOiJtZSIsImV4cCI6MTUxODE3ODU5MywiY3JlZGVudGlhbHMiOnsidXNlcm5hbWUiOiJtZSIsInBhc3N3b3JkIjoidGhpc19pc19tZV93aG9fd2FudF90b19nZXRfaW4ifX0.NbX9ZGfadSYlAdgCaDklIYb4Nw2UCfxRJxoKgxZVURo"; $key = JWTFactory::getKeyManager(); $key->setPassphrase('secret'); $header = JWTFactory::getJoseBuilder() ->algorithm(\Gandung\JWT\Token\Algorithm::HS256) ->type('JWT') ->contentType('application/json'); $claim = JWTFactory::getClaimBuilder() ->issuedBy('me') ->expireAt(new \DateTimeImmutable('@1518178593')); $payload = JWTFactory::getPayloadBuilder() ->claim($claim) ->userData([ 'credentials' => [ 'username' => 'me', 'password' => 'this_is_me_who_want_to_get_in' ] ]); $jwt = JWTFactory::getJwt(); $isSignatureMatched = $jwt->verifyToken($token, $jose, $payload, $key); var_dump($isSignatureMatched); ``` ### RSA [](#rsa-1) ``` use Gandung\JWT\JWTFactory; $token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24ifQ.eyJpc3MiOiJtZSIsImV4cCI6MTUxODE3OTU0NSwiY3JlZGVudGlhbHMiOnsidXNlcm5hbWUiOiJtZSIsInBhc3N3b3JkIjoidGhpc19pc19tZV93aG9fd2FudF90b19nZXRfaW4ifX0.kU9EwxWNpWjxYv2JloBsH5HGnRzMIMi8yAH2dOi6EfipR4O_BrseFih_2uFeaNg-xKFl2UYTMDo_OtFt-z9FOx-iYHPjj3sHCMoR-KE2MZTj0-3TPFNZhq6iWqA9WTPxpIxFiJBryk6PbS33pMovZHdLAU6H-2CBd5mvc2oT7DITCORqYYGQl-CPUaaPJjml8t9qMPfii5XYu0A1vqz9iD1bLvk7XyOTAONbJvwcZwdqX_OXdvnsAQ0XpEtFEcso5w55DXnltUAADZABGdVvIorWYVOW52neNQYStW83r_XvUynx5QPvJ8oHWr2-ithSrSWgC1YHUCM5QAon8DmG7_8PGSYINwsq9DvKozZnCpuuUaMO7IfA2HMFS0hPxQFTJPXndKTcnB6HbPpWOTTWBROhI-IoZFjD1Yu4zMQSUhlmvTq3IiDhpVpvkojkEmb8GSnOD7Xvs5zfx-7ceqWICeWEzSKQoTXEldzcXHuO0Ia8ihzWQ9S0_YAuYWyS0PJtzLsjUfvCox-aqUt8r4xIlv2ZP3PpWCbXHh_YS6-88ea--HECScl2il1nyrO4j_F4cieP2EGUEizCUbQOB4BWNns_Dea4Zwdt8VLoTxbMwxqrYPRydaQhX1w16kQf8yu5FnN5UpK_BKgz4_N5pNKljSomr_Elbyn3p6ddmDUmweA"; $key = JWTFactory::getKeyManager(); // See: cert/dummy256.pem (Private Key) $key->setContentFromCertFile('cert/dummy256.pem'); $key->setPassphrase('umar123'); $header = JWTFactory::getJoseBuilder() ->algorithm(\Gandung\JWT\Token\Algorithm::RS256) ->type('JWT') ->contentType('application/json'); $claim = JWTFactory::getClaimBuilder() ->issuedBy('me') ->expireAt(new \DateTimeImmutable('@1518179545')); $payload = JWTFactory::getPayloadBuilder() ->claim($claim) ->userData([ 'credentials' => [ 'username' => 'me', 'password' => 'this_is_me_who_want_to_get_in' ] ]); $jwt = JWTFactory::getJwt(); $isSignatureMatched = $jwt->verifyToken($token, $jose, $payload, $key); var_dump($isSignatureMatched); ``` ### ECDSA [](#ecdsa-1) ``` use Gandung\JWT\JWTFactory; $token = "eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24ifQ.eyJpc3MiOiJtZSIsImV4cCI6MTUxODE4MDM3MSwiY3JlZGVudGlhbHMiOnsidXNlcm5hbWUiOiJtZSIsInBhc3N3b3JkIjoidGhpc19pc19tZV93aG9fd2FudF90b19nZXRfaW4ifX0.-rHgMBeVqA5sP_gP6301PZ9NWy93ZO0lBQnJw0g2qCrvF4oz0IjePN8kLVdqIJkGG8E26-5HktKJcCJROBJ5ig"; $key = JWTFactory::getKeyManager(); // See: cert/secp256.pem (Private Key) $key->setContentFromCertFile('cert/secp256.pem'); $header = JWTFactory::getJoseBuilder() ->algorithm(\Gandung\JWT\Token\Algorithm::ES256) ->type('JWT') ->contentType('application/json'); $claim = JWTFactory::getClaimBuilder() ->issuedBy('me') ->expireAt(new \DateTimeImmutable('@1518180371')); $payload = JWTFactory::getPayloadBuilder() ->claim($claim) ->userData([ 'credentials' => [ 'username' => 'me', 'password' => 'this_is_me_who_want_to_get_in' ] ]); $jwt = JWTFactory::getJwt(); $isSignatureMatched = $jwt->verifyToken($token, $jose, $payload, $key); var_dump($isSignatureMatched); ``` ### Validating Token Constraints [](#validating-token-constraints) ``` use Gandung\JWT\Validator\Validator; $token = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImN0eSI6ImFwcGxpY2F0aW9uL2pzb24ifQ.eyJpc3MiOiJtZSIsImV4cCI6MTUxODE3ODU5MywiY3JlZGVudGlhbHMiOnsidXNlcm5hbWUiOiJtZSIsInBhc3N3b3JkIjoidGhpc19pc19tZV93aG9fd2FudF90b19nZXRfaW4ifX0.NbX9ZGfadSYlAdgCaDklIYb4Nw2UCfxRJxoKgxZVURo"; $validator = new Validator; $validator->addConstraint(new \Gandung\JWT\Validator\Constraints\Jose\Algorithm); $validator->addConstraint(new \Gandung\JWT\Validator\Constraints\Jose\ContentType); $validator->addConstraint(new \Gandung\JWT\Validator\Constraints\Jose\Type); $validator->addConstraint(new \Gandung\JWT\Validator\Constraints\Payload\IssuedBy); $validator->addConstraint(new \Gandung\JWT\Validator\Constraints\Payload\ExpirationTime); $isValidated = $validator->validate($token); var_dump($isValidated); ``` If you find any bugs, feel free to send me a pull request. ### Health Score 27 — LowBetter than 49% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity9 Limited adoption so far Community8 Small or concentrated contributor base Maturity60 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 3014d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/3601403?v=4)[gandung](/maintainers/gandung)[@Gandung](https://github.com/Gandung) --- Top Contributors [![plvhx](https://avatars.githubusercontent.com/u/12740518?v=4)](https://github.com/plvhx "plvhx (29 commits)") --- Tags hacktoberfest ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/gandung-jwt/health.svg) ``` [![Health](https://phpackages.com/badges/gandung-jwt/health.svg)](https://phpackages.com/packages/gandung-jwt) ``` ### Alternatives [namshi/jose JSON Object Signing and Encryption library for PHP. 1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client OAuth 1.0 Client Library 99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 41721.2M118](/packages/league-oauth2-google)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)