PHPackages                             iachilles/pjwt - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. iachilles/pjwt

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

iachilles/pjwt
==============

PHP implementation of JSON Web Token (JWT). It provides a simple way to create, sign and verify JWT.

1.0.0(11y ago)4441AGPL License 3.0PHPPHP &gt;=5.4.0

Since Nov 23Pushed 11y ago1 watchersCompare

[ Source](https://github.com/iAchilles/pjwt)[ Packagist](https://packagist.org/packages/iachilles/pjwt)[ Docs](https://github.com/iAchilles/pjwt)[ RSS](/packages/iachilles-pjwt/feed)WikiDiscussions master Synced today

READMEChangelog (1)DependenciesVersions (2)Used By (0)

[![Build Status](https://camo.githubusercontent.com/7a7f44fdff239dc1cf4c6c1424bf5477464bb06189af1fdc2e922f26d4924988/68747470733a2f2f7472617669732d63692e6f72672f69416368696c6c65732f706a77742e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/iAchilles/pjwt)[![AGPL v3](https://camo.githubusercontent.com/70639eedfd9175e1d1b81ad0e1c89ae2bc4cefcd82f46aec6b9b67d67d33e5d2/687474703a2f2f7777772e676e752e6f72672f67726170686963732f6167706c76332d38387833312e706e67)](http://www.gnu.org/licenses/agpl-3.0.html)

pJWT
====

[](#pjwt)

PHP implementation of [JSON Web Token](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-31) (JWT). It provides a simple way to create, sign and verify JWT.

The following features are supported:

- Built-in validation for the JWT claims (iat, nbf, exp, jti).
- Symmetric and asymmetric algorithms for protecting integrity:

SymmetricAsymmetricHS256RS256HS384RS384HS512RS512Requirements
------------

[](#requirements)

PHP 5.4.0 or above.

Installation
------------

[](#installation)

Use [composer](https://getcomposer.org/) to install pJWT:

```
composer require iachilles/pjwt

```

Code examples
-------------

[](#code-examples)

1. Creating JWT

- by using symmetric algorithm HS256:

```
$claims = ['iat' => time(), 'nbf' => time(), 'exp' => strtotime('+1 day'), 'iss' => 'domain.com', 'uid' => 1];
$headers = ['alg' => 'HS256', 'typ' => 'JWT'];
$jws = new Jws($headers, $claims);
$jws->privateKey = 'YoUr_SeCrEt';
$jws->sign(); //Returns URL-safe string representation of the digitally signed JWT. This encoded JWT can be sent to a user.
```

- by using asymmetric algorithm RS256:

```
$claims = ['iat' => time(), 'nbf' => time(), 'exp' => strtotime('+1 day'), 'iss' => 'domain.com', 'uid' => 1];
$headers = ['alg' => 'RS256', 'typ' => 'JWT'];
$jws = new Jws($headers, $claims);
$jws->privateKey = 'file:///path/to/private/key.pem'; //Path to the PEM encoded private key.
$jws->sign(); //Returns URL-safe string representation of the digitally signed JWT. This encoded JWT can be sent to a user.
```

If the private key is encrypted with a password, you can use the following format:

```
$jws->privateKey = ['file:///path/to/private/key.pem', 'pAsSwOrd'];
```

- with protection from replay attacks. In order to protect from replay attacks, you can set 'jti' claim to TRUE during creation JWT.

```
$claims = ['jti' => true, 'iat' => time(), 'nbf' => time(), 'exp' => strtotime('+1 day')];
$headers = ['alg' => 'RS256', 'typ' => 'JWT'];
$jws = new Jws($headers, $claims);
```

1. Decoding and verifying JWT

    ```
    ```

$encodedJwt = 'abcdef.ghijklm.nopqrstuvw'; $jws = Jws::parse($encodedJwt); $jws-&gt;getPayload()-&gt;issuedAt; //Access to the registered JWT claims $jws-&gt;getPayload()-&gt;getCustomClaim('user\_id'); //Access to the custom claims. $jws-&gt;getHeader()-&gt;getAlgorithm(); //Access to the JOSE header parameters.

```
   Verifying signature

   ```php
   $encodedJwt = 'abcdef.ghijklm.nopqrstuvw';
   $jws = Jws::parse($encodedJwt);
   //For symmetric algorithm:
   $jws->privateKey = 'YoUr_SeCrEt';
   //For asymmetric algorithm:
   $jws->certificate = 'file:///path/to/certificate.pem'; //Path to the PEM encoded X.509 certificate.
   $jws->verify(); //TRUE if the signature is valid.

```

If the signature is valid, you have to validate the JWT claims.

```
$jws->getPayload()->verify(); //Returns TRUE if the JWT is valid, otherwise it returns a string that contains an error message.
```

To validate "jti" value you need to create two anonymous functions, and pass them as arguments to the verify method.

```
$setJti = function($jti)
{
     //Writes "jti" value into storage. (E.g. Redis Db)
};
//This function must return TRUE if the given value exists in storage, false otherwise.
$getJti = function($jti)
{
    //...
};
$jws->getPayload()->verify($setJti, $getJti);
```

###  Health Score

28

—

LowBetter than 52% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity13

Limited adoption so far

Community8

Small or concentrated contributor base

Maturity58

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

4240d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/0d0a961fba403ba6057b2428d01dcdefb6dc106809331673629d60155b5d50b7?d=identicon)[iAchilles](/maintainers/iAchilles)

---

Top Contributors

[![iAchilles](https://avatars.githubusercontent.com/u/3855716?v=4)](https://github.com/iAchilles "iAchilles (5 commits)")

---

Tags

jwtJWStokenJSON Web Token

### Embed Badge

![Health badge](/badges/iachilles-pjwt/health.svg)

```
[![Health](https://phpackages.com/badges/iachilles-pjwt/health.svg)](https://phpackages.com/packages/iachilles-pjwt)
```

###  Alternatives

[namshi/jose

JSON Object Signing and Encryption library for PHP.

1.8k103.2M104](/packages/namshi-jose)[lcobucci/jwt

A simple library to work with JSON Web Token and JSON Web Signature

7.6k338.7M1.1k](/packages/lcobucci-jwt)[adhocore/jwt

Ultra lightweight JSON web token (JWT) library for PHP5.5+.

3031.8M29](/packages/adhocore-jwt)[sop/jwx

A PHP library for JSON web tokens (JWT) with signature (JWS) and encryption (JWE) support.

26287.3k1](/packages/sop-jwx)[bizley/jwt

JWT integration for Yii 2

69478.8k2](/packages/bizley-jwt)[miladrahimi/php-jwt

A PHP implementation of JWT (JSON Web Token) generator, parser, verifier, and validator

70277.3k2](/packages/miladrahimi-php-jwt)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
