PHPackages                             gboyegadada/lumen-jwt - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. gboyegadada/lumen-jwt

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

gboyegadada/lumen-jwt
=====================

JWT auth guard for Lumen 5.4

v1.0.73(8y ago)1716.0k5[1 issues](https://github.com/gboyegadada/lumen-jwt/issues)MITPHP

Since Mar 20Pushed 8y ago5 watchersCompare

[ Source](https://github.com/gboyegadada/lumen-jwt)[ Packagist](https://packagist.org/packages/gboyegadada/lumen-jwt)[ RSS](/packages/gboyegadada-lumen-jwt/feed)WikiDiscussions master Synced 4w ago

READMEChangelog (1)Dependencies (1)Versions (30)Used By (0)

lumen-jwt
=========

[](#lumen-jwt)

JWT auth guard for Lumen 5.4

Install
-------

[](#install)

```
$ composer require gboyegadada/lumen-jwt
```

Setup
-----

[](#setup)

```
# edit: bootstrap/app.php

// 1. Uncomment next 2 lines...
$app->withFacades();
$app->withEloquent();

// 2. Uncomment next 3 lines...
$app->routeMiddleware([
     'auth' => App\Http\Middleware\Authenticate::class,
]);

// 3. Register Auth Service Provider
$app->register(Yega\Auth\JWTAuthServiceProvider::class);
```

```
$ mkdir config
$ cp vendor/laravel/lumen-framework/config/auth.php config/
```

```
# edit: config/auth.php

/*
|--------------------------------------------------------------------------
| Authentication Guards
|--------------------------------------------------------------------------
| ........
|
*/

'guards' => [
    'api' => [
        'driver' => 'jwt',
        'provider' => 'users'
    ]
],

/*
|--------------------------------------------------------------------------
| User Providers
|--------------------------------------------------------------------------
| ..............
|
*/

'providers' => [
    'users' => [
        'driver' => 'eloquent',
        'model'  => App\Models\User::class,
    ]
],
```

Configure
---------

[](#configure)

```
# edit: .env

# required fields
JWT_KEY=XXXXXXXXXXXXXXXXXXXXX
JWT_EXPIRE_AFTER=7200
JWT_ISSUER=myappname-or-domain

# optional fields
JWT_ID_FIELD=user_id
JWT_INCLUDE=email,avatar,full_name,first_name,last_name
JWT_NBF_DELAY=5

```

`JWT_ID_FIELD` is the name of the property on the user model that the Laravel authentication provider uses to look up accounts. Defaults to `id`.

`JWT_INCLUDE` lists the user properties to include in the `data` property of the token. If the `JWT_ID_FIELD` is not part of this list, it will be automatically added. Defaults to the id field.

`JWT_NBF_DELAY` is the number of seconds after generation at which the token becomes valid (that is, the token is *n*ot valid *b*e*f*ore now + delay). Defaults to `10`.

Use (server side): Lumen
------------------------

[](#use-server-side-lumen)

```
# edit: routes/web.php

// Wrap protected routes with this...
$app->group(['middleware' => 'auth:api' ], function($app)  {
    // Protected route...
    $app->get('test', function (Request $request) use ($app) {
        return "Yayyy! I'm so safe! Not!"
    });
});
```

```
# edit: app/Http/Controllers/AuthController.php

/**
 * post: /login
 * @return string
 */
public function postLogin(Request $req)
{

    $credentials = $req->only('email', 'password');

    /**
     * Token on success | false on fail
     *
     * @var string | boolean
     */
    $token = Auth::attempt($credentials);

    return ($token !== false)
            ? json_encode(['jwt' => $token])
            : response('Unauthorized.', 401);

}
```

Use (client side): JavaScript
-----------------------------

[](#use-client-side-javascript)

1. Login to get a token:
========================

[](#1-login-to-get-a-token)

```
const url = 'http://localhost:8000/login';

// Login credentials
let data = {
    email: 'boyega@gmail.com',
    password: 'areacode234'
}

// Create our request constructor with all the parameters we need
var request = new Request(url, {
    method: 'POST',
    body: data
});

fetch(request)
.then(reponse) {
  if(response.ok) {
    return response.json();
  }
  throw new Error('Network response was not ok.');
}
.then(function(json) {
    localStorage.setItem('token', json.jwt);
});
```

2. Make subsequent requests using our JWT token:
================================================

[](#2-make-subsequent-requests-using-our-jwt-token)

```
const url = 'http://localhost:8000/test';

// Add our token in the Authorization header
var token = localStorage.getItem('token');
var myHeaders = new Headers();
myHeaders.append("Authorization", "Bearer "+token);

/* !! important: make sure there is [:space:] between "Bearer" and token !! */

// Create our request constructor with all the parameters we need
var request = new Request(url, {
    method: 'POST',
    body: data,
    headers: myHeaders
});

fetch(request)
.then(reponse) {
  if(response.ok) {
    return response.text();
  }
  throw new Error('Network response was not ok.');
}
.then(function(data) {
    console.log(data);
})
```

###  Health Score

39

—

LowBetter than 85% of packages

Maintenance19

Infrequent updates — may be unmaintained

Popularity31

Limited adoption so far

Community15

Small or concentrated contributor base

Maturity74

Established project with proven stability

 Bus Factor1

Top contributor holds 57.9% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~8 days

Recently: every ~37 days

Total

29

Last Release

3171d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/52779667?v=4)[gboyega](/maintainers/gboyega)[@gboyega](https://github.com/gboyega)

---

Top Contributors

[![gboyegadada](https://avatars.githubusercontent.com/u/6040727?v=4)](https://github.com/gboyegadada "gboyegadada (11 commits)")[![mikeu](https://avatars.githubusercontent.com/u/605493?v=4)](https://github.com/mikeu "mikeu (6 commits)")[![kiproping](https://avatars.githubusercontent.com/u/16591663?v=4)](https://github.com/kiproping "kiproping (2 commits)")

### Embed Badge

![Health badge](/badges/gboyegadada-lumen-jwt/health.svg)

```
[![Health](https://phpackages.com/badges/gboyegadada-lumen-jwt/health.svg)](https://phpackages.com/packages/gboyegadada-lumen-jwt)
```

###  Alternatives

[google/auth

Google Auth Library for PHP

1.4k286.7M205](/packages/google-auth)[stevenmaguire/oauth2-keycloak

Keycloak OAuth 2.0 Client Provider for The PHP League OAuth2-Client

2276.2M36](/packages/stevenmaguire-oauth2-keycloak)[robsontenorio/laravel-keycloak-guard

🔑 Simple Keycloak Guard for Laravel

5181.1M3](/packages/robsontenorio-laravel-keycloak-guard)[ellaisys/aws-cognito

AWS Cognito package that allows Auth and other related features using the AWS SDK for PHP

121242.9k1](/packages/ellaisys-aws-cognito)[microsoft/kiota-authentication-phpleague

Authentication provider for Kiota using the PHP League OAuth 2.0 client to authenticate against the Microsoft Identity platform

153.8M9](/packages/microsoft-kiota-authentication-phpleague)[rainlab/user-plugin

User plugin for October CMS

11854.7k15](/packages/rainlab-user-plugin)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
