PHPackages                             jabarihunt/json-web-token - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication & Authorization](/categories/authentication)
4. /
5. jabarihunt/json-web-token

ActiveLibrary[Authentication & Authorization](/categories/authentication)

jabarihunt/json-web-token
=========================

Simple JSON Web Token implementation.

v1.0.0(7y ago)071MITPHPPHP >=5.6.0

Since Nov 24Pushed 7y ago1 watchersCompare

[ Source](https://github.com/jabarihunt/json-web-token)[ Packagist](https://packagist.org/packages/jabarihunt/json-web-token)[ Docs](https://github.com/jabarihunt/JSON-Web-Token)[ RSS](/packages/jabarihunt-json-web-token/feed)WikiDiscussions master Synced 2d ago

READMEChangelog (1)DependenciesVersions (2)Used By (0)

JSON Web Token Class
====================

[](#json-web-token-class)

A simple and lightweight class to create, sign, and verify JSON Web Tokens (JWT). The class also has a method that creates secrets with over double the length needed to ensure the creation of secure signatures. The [JWT standard](https://tools.ietf.org/html/rfc7519 "RFC 7519") requires that implementations must support HS256 and "none" as valid algorithms (*all others are optional*). This implementation currently supports HS256, HS384, HS512, and "none". Support for both RS and ES equivalent algorithms will be added in future versions.

Getting Started
---------------

[](#getting-started)

### Prerequisites

[](#prerequisites)

Before using this class, you may want to [brush up on JWT](https://jwt.io/ "jwt.io") if you are not already familiar with it. In short, JSON Web Tokens are used as a self-contained method of providing stateless authentication and/or to exchange verifiable information with a trusted party.

### Installing

[](#installing)

##### Via Composer

[](#via-composer)

Run the following command in the same directory as your composer.json file:

`php composer.phar require jabarihunt/json-web-token`

##### Via Github

[](#via-github)

1. Clone this repository into a working directory: `git clone git@github.com:jabarihunt/JSON-Web-Token.git .`
2. Include the JWT class in your project...

```
require('/path/to/JWT.php')
```

...or if using an auto-loader...

```
 use jabarihunt/JWT;
```

Usage
-----

[](#usage)

##### Choosing An Algorithm

[](#choosing-an-algorithm)

This class will default to the HS256 algorithm. If you want to use one of the other algorithms, pass it optionally in the `JWT::sign()` and `JWT::generateSecret()` methods. Supported algorithms are class constants. For example sake, we'll set an algorithm variable to use HS384...

```
$algorithm = JWT::ALGORITHM_HS384;
```

##### Creating A Secret

[](#creating-a-secret)

You are free to pass any secret you like when using the `JWT::sign()` and `JWT::verify()` methods. However, to create a very secure signature you ***MUST*** use a secret that is at least as long as the number of bits of encryption. For example, if using HS256, you should use a secret that is at least 256 bits (32 bytes) long.

> ***NOTE:*** Secrets should be stored in a secure location (*secure configuration include, .env, etc.*) and NOT within your script. Additionally, the generated secret is not URL safe, though, it should ***NEVER*** be passed around via HTTP requests anyway!

In our example, we will generate a secret and pass along the optional `$algorithm` parameter using the variable of the same name we created above...

```
$secret = JWT::generateSecret($algorithm);
var_dump($secret);
```

```
/* OUTPUT */
/var/www/html/controllers/HomeController.php:5:string 'e69KMtdewPimnO8zMwgwuVJUSgdbtMMFdib+Eo8TL/Jk2+NkONvZ9QYUm0U2sH93/qliaqMOGZz8vv0Y8Dh/SYWoTNRwniYg4M289GigKIQbDyBk3uNWGIGRtO7H1QkZ' (length=128)
```

##### Creating A JSON Web Token

[](#creating-a-json-web-token)

JSON Web Tokens are created with the `JWT::sign()` method which takes *two* required parameters and *one* optional parameter:

`(array) $payload` - An array containing the data to be transmitted.

`(string) $secretOrPrivateKey` - For the HS256, HS384, and HS512 algorithms, it expects this to be a secret (as generated above). For the "none" algorithm, simply pass `NULL` (it will ignore any value passed since no signature will be appended). For all other algorithms, it expects a string path to the ***private*** key file used to encrypt the signature.

`(string) $algorithm` (*optional*) - The name of the algorithm to be used for signing (*it defaults to "HS256"*). All supported algorithms may be accessed as class constants.

Putting it together with the secret (*which is being pulled from `$_ENV`*) and algorithm examples from above...

```

```

```
/* OUTPUT: */
/var/www/html/controllers/HomeController.php:8:string 'eyJhbGciOiJIUzM4NCIsInR5cGUiOiJKV1QifQ.eyJpYXQiOjE1NDMwNDE0MjcsInVpZCI6MzU3fQ.ZjUzYzA5N2FhZGRlOGQ0Yzg2OWY0OWJiMmNmZGI3NjY3MTc4YWNhMTcyNzc3Y2ZlOGJkNzdlOWZhMTQxM2Y4NTE1ZjM4ZTBjY2RmOWY3MmQ2M2JhYjgxM2U3NmExOTM0' (length=206)
```

##### Verifying A JSON Web Token

[](#verifying-a-json-web-token)

Tokens are verified using the `JWT::verify()` method which expects *two* parameters:

`(string) $token` - A standard JSON Web Token.

`(string) $secretOrPrivateKey` - For the HS256, HS384, and HS512 algorithms, it expects this to be a secret (*as generated above*). For the "none" algorithm, simply pass `NULL` (*it will ignore any value passed since no signature will be appended*). For all other algorithms, it expects a string path to the ***public*** key file that matches the private key used to encrypt the signature.

Using the token generated above:

```

```

The `JWT::verify()` method will return an array containing the following keys:

`(boolean) isVerified` - **TRUE** if the token's signature was valid, **FALSE** otherwise. ***ALWAYS CHECK THIS!!!***

`(array) header` - The decoded header of the token.

`(array) payload` - The decoded payload of the token.

```
/* OUTPUT: */
/var/www/html/controllers/HomeController.php:6:
array (size=3)
  'isVerified' => boolean true
  'header' =>
    array (size=2)
      'alg' => string 'HS384' (length=5)
      'type' => string 'JWT' (length=3)
  'payload' =>
    array (size=2)
      'iat' => int 1543041427
      'uid' => int 357
```

Contributing
------------

[](#contributing)

1. Fork Repository
2. Create a descriptive branch name
3. Make edits to your branch
4. Squash (rebase) your commits
5. Create a pull request

License
-------

[](#license)

This project is licensed under the MIT License - see the [LICENSE.md](LICENSE.md) file for details

###  Health Score

25

—

LowBetter than 37% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity8

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity56

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

2727d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/2807764?v=4)[Jabari J. Hunt](/maintainers/jabarihunt)[@jabarihunt](https://github.com/jabarihunt)

---

Top Contributors

[![jabarihunt](https://avatars.githubusercontent.com/u/2807764?v=4)](https://github.com/jabarihunt "jabarihunt (11 commits)")

---

Tags

jwtjsontoken

### Embed Badge

![Health badge](/badges/jabarihunt-json-web-token/health.svg)

```
[![Health](https://phpackages.com/badges/jabarihunt-json-web-token/health.svg)](https://phpackages.com/packages/jabarihunt-json-web-token)
```

###  Alternatives

[namshi/jose

JSON Object Signing and Encryption library for PHP.

1.8k99.6M101](/packages/namshi-jose)[psecio/jwt

A JWT (JSON Web Token) Encoding & Decoding library

109352.2k2](/packages/psecio-jwt)[rbdwllr/reallysimplejwt

A really simple library to generate user authentication JSON Web Tokens.

2902.4M22](/packages/rbdwllr-reallysimplejwt)[adhocore/jwt

Ultra lightweight JSON web token (JWT) library for PHP5.5+.

3031.6M15](/packages/adhocore-jwt)[nowakowskir/php-jwt

JSON Web Token implementation for PHP.

41257.4k8](/packages/nowakowskir-php-jwt)[sop/jwx

A PHP library for JSON web tokens (JWT) with signature (JWS) and encryption (JWE) support.

26257.5k1](/packages/sop-jwx)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)