PHPackages                             halloverden/symfony-jwt-authenticator-bundle - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. halloverden/symfony-jwt-authenticator-bundle

ActiveSymfony-bundle[Authentication &amp; Authorization](/categories/authentication)

halloverden/symfony-jwt-authenticator-bundle
============================================

JWT authenticator for Symfony

2.2.1(1y ago)12.0k[1 issues](https://github.com/halloverden/symfony-jwt-authenticator-bundle/issues)2MITPHPPHP &gt;=8.2

Since Jul 8Pushed 1y ago3 watchersCompare

[ Source](https://github.com/halloverden/symfony-jwt-authenticator-bundle)[ Packagist](https://packagist.org/packages/halloverden/symfony-jwt-authenticator-bundle)[ RSS](/packages/halloverden-symfony-jwt-authenticator-bundle/feed)WikiDiscussions main Synced today

READMEChangelogDependencies (5)Versions (15)Used By (2)

HalloVerdenJwtAuthenticatorBundle
=================================

[](#halloverdenjwtauthenticatorbundle)

This bundle provides a JWT authenticator for Symfony applications. It's using [PHP JWT Framework](https://github.com/web-token/jwt-framework) for parsing and validating the JWT.

Installation
------------

[](#installation)

Make sure Composer is installed globally, as explained in the [installation chapter](https://getcomposer.org/doc/00-intro.md)of the Composer documentation.

### Applications that use Symfony Flex

[](#applications-that-use-symfony-flex)

Open a command console, enter your project directory and execute:

```
$ composer require halloverden/symfony-jwt-authenticator-bundle
```

### Applications that don't use Symfony Flex

[](#applications-that-dont-use-symfony-flex)

#### Step 1: Download the Bundle

[](#step-1-download-the-bundle)

Open a command console, enter your project directory and execute the following command to download the latest stable version of this bundle:

```
$ composer require halloverden/symfony-jwt-authenticator-bundle
```

#### Step 2: Enable the Bundle

[](#step-2-enable-the-bundle)

Then, enable the bundle by adding it to the list of registered bundles in the `config/bundles.php` file of your project:

```
// config/bundles.php

return [
    // ...
    HalloVerden\JwtAuthenticatorBundle\HalloVerdenJwtAuthenticatorBundle::class => ['all' => true],
];
```

Configuration
-------------

[](#configuration)

### Security config

[](#security-config)

The authenticator is enabled and configured in the security config.

example config:

```
# config/packages/security.yaml
security:

  # ...
  firewalls:
    main:
      hallo_verden_jwt:
        provider: 'user_provider'
        failure_handler: ~
        token:
          key_set: 'my_key_set'
          jws_loader: 'hallo_verden_default'
          claim_checker: 'hallo_verden_default'
          mandatory_claims: []
          user_identifier_claim: 'sub'
          token_extractor: 'hallo_verden.token_extractor.bearer'
```

#### Key set (`key_set`)

[](#key-set-key_set)

You need to provide a key set.

See [PHP JWT Framework](https://web-token.spomky-labs.com/the-symfony-bundle/key-and-key-set-management/key-set-management-jwkset#key-sets-as-services) for how to provide a key set.

#### JWS Loader (`jws_loader`)

[](#jws-loader-jws_loader)

There is a default JWS loader provided (`hallo_verden_default`), this loader is using the `jws_compact` serializer and supports `RS256` and `HS256` signature algorithms.

See [PHP JWT Framework](https://web-token.spomky-labs.com/the-symfony-bundle/signed-tokens/jws-verification#jws-loader-service) for how to create your own loader.

#### Claim checker (`claim_cheker`)

[](#claim-checker-claim_cheker)

There is a default claim checker provided (`hallo_verden_default`), this checker checks the `exp`, `iat` and `nbf` claims.

See [PHP JWT Framework](https://web-token.spomky-labs.com/the-symfony-bundle/header-and-claim-checker-management#checker-manager-services) for how to create your own checker.

#### Mandatory claims (`mandatory_claims`)

[](#mandatory-claims-mandatory_claims)

Here you specify the claims that need to be mandatory in your JWT. The `user_identifier_claim` is automatically added as a mandatory claim.

#### User identifier claim (`user_identifier_claim`)

[](#user-identifier-claim-user_identifier_claim)

This claim is sent to the user provider for retrieving the user.

#### Token extractor (`token_extractor`)

[](#token-extractor-token_extractor)

The default extractor `hallo_verden.token_extractor.bearer` get the bearer token from the authorization header. You can create your own extractor by implementing the [TokenExtractorInterface](/src/TokenExtractor/TokenExtractorInterface.php)and set the service id to this option.

#### Failure handler (`failure_handler`)

[](#failure-handler-failure_handler)

By default, the following response is sent on failure:

```
{
  "error": "INVALID_TOKEN"
}
```

You can modify this by creating a service implementing the [AuthenticationFailureHandlerInterface](https://github.com/symfony/symfony/blob/6.2/src/Symfony/Component/Security/Http/Authentication/AuthenticationFailureHandlerInterface.php)and set the service id to this option.

###  Health Score

34

—

LowBetter than 75% of packages

Maintenance22

Infrequent updates — may be unmaintained

Popularity20

Limited adoption so far

Community14

Small or concentrated contributor base

Maturity68

Established project with proven stability

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~99 days

Recently: every ~175 days

Total

11

Last Release

465d ago

Major Versions

0.1.0 → 1.0.02022-08-10

1.3.0 → 2.0.02024-04-18

PHP version history (2 changes)0.1.0PHP &gt;=8.1

2.0.0PHP &gt;=8.2

### Community

Maintainers

![](https://www.gravatar.com/avatar/be037a51f809599999041698e48a3516363d070b3f4af00e1c90f067ac112b3c?d=identicon)[halloverden](/maintainers/halloverden)

![](https://www.gravatar.com/avatar/944da5ba62000d8d54fdeabb71bb8554596caabae0cadcc2433028105c5d80c8?d=identicon)[erichjsonfosse](/maintainers/erichjsonfosse)

![](https://www.gravatar.com/avatar/849015b0be5ad1a1c8aaecb560dd316192468d401d22562fdf685eb75e4106ad?d=identicon)[tomme87](/maintainers/tomme87)

---

Top Contributors

[![tomme87](https://avatars.githubusercontent.com/u/9094256?v=4)](https://github.com/tomme87 "tomme87 (90 commits)")

### Embed Badge

![Health badge](/badges/halloverden-symfony-jwt-authenticator-bundle/health.svg)

```
[![Health](https://phpackages.com/badges/halloverden-symfony-jwt-authenticator-bundle/health.svg)](https://phpackages.com/packages/halloverden-symfony-jwt-authenticator-bundle)
```

###  Alternatives

[rcsofttech/audit-trail-bundle

Enterprise-grade, high-performance Symfony audit trail bundle. Automatically track Doctrine entity changes with split-phase architecture, multiple transports (HTTP, Queue, Doctrine), and sensitive data masking.

1189.8k](/packages/rcsofttech-audit-trail-bundle)[pimcore/pimcore

Content &amp; Product Management Framework (CMS/PIM/E-Commerce)

3.8k3.8M508](/packages/pimcore-pimcore)[kimai/kimai

Kimai - Time Tracking

4.8k9.0k1](/packages/kimai-kimai)[2lenet/crudit-bundle

The easy like Crud'it Bundle.

1616.4k14](/packages/2lenet-crudit-bundle)[open-dxp/opendxp

Content &amp; Product Management Framework (CMS/PIM)

9421.6k61](/packages/open-dxp-opendxp)[chameleon-system/chameleon-base

The Chameleon System core.

1028.6k5](/packages/chameleon-system-chameleon-base)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
