PHPackages                             jixiaolu88/jwt-auth - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. jixiaolu88/jwt-auth

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

jixiaolu88/jwt-auth
===================

thinkphp jwt auth composer

v1.2.0(4y ago)03MITPHPPHP ^7.0 || ^8.0

Since Jul 28Pushed 4y ago1 watchersCompare

[ Source](https://github.com/jixiaolu88/jwt-auth)[ Packagist](https://packagist.org/packages/jixiaolu88/jwt-auth)[ RSS](/packages/jixiaolu88-jwt-auth/feed)WikiDiscussions master Synced 1mo ago

READMEChangelogDependencies (2)Versions (13)Used By (0)

JWT-AUTH

[](#jwt-auth)

 thinkphp的jwt（JSON Web Token）身份验证包。支持Header、Cookie、Param等多种传参方式。包含：验证、验证并且自动刷新等多种中间件。

[thinkphp6.0的demo下载](https://gitee.com/thans/jwt-auth/attach_files/306748/download)

支持Swoole
--------

[](#支持swoole)

环境要求
----

[](#环境要求)

1. php ^7.0 || ^8.0
2. thinkphp ^5.1.10 || ^6.0.0

说明
--

[](#说明)

> 目前支持如下三大类型加密方式：RSA,HASH,DSA。再各分256、384、512位。 默认是HS256，即hash 256位加密。

> 需要修改加密方式，请修改参数：ALGO，参数选项：

- HS256 > 备注：hash 256位
- HS384 > 备注：hash 384位
- HS512 > 备注：hash 512位
- RS256 > 备注：rsa 256位
- RS384 > 备注：rsa 384位
- RS512 > 备注：rsa 512位
- ES256 > 备注：dsa 256位
- ES384 > 备注：dsa 384位
- ES512 > 备注：dsa 512位

> 重要：RSA和DSA 都是非对称加密方式，除了修改参数ALGO外，需要配置：PUBLIC\_KEY、PRIVATE\_KEY两个参数， 这两个参数支持文本（不要开头、结尾和换行）或密钥文件路径。如果密钥设置了密码，请配置好参数：PASSWORD

> env文件不支持内容有等于号，遇到这种情况： 1、使用路径 2、生成没有等于号的密钥。

安装
--

[](#安装)

第一步:

```
$ composer require thans/tp-jwt-auth
```

第二步:

```
$ php think jwt:create
```

此举将生成jwt.php和.env配置文件。不推荐直接修改jwt.php 同时，env中会随机生成secret。请不要随意更新secret，也请保障secret安全。

使用方式
----

[](#使用方式)

对于需要验证的路由或者模块添加中间件：

```
 thans\jwt\middleware\JWTAuth::class,
```

示例：

```
use thans\jwt\facade\JWTAuth;

$token = JWTAuth::builder(['uid' => 1]);//参数为用户认证的信息，请自行添加

JWTAuth::auth();//token验证

JWTAuth::refresh();//刷新token，会将旧token加入黑名单

$tokenStr = JWTAuth::token()->get(); //可以获取请求中的完整token字符串

$payload = JWTAuth::auth(); //可验证token, 并获取token中的payload部分
$uid = $payload['uid']->getValue(); //可以继而获取payload里自定义的字段，比如uid
```

token刷新说明：

> token默认有效期为60秒，如果需要修改请修改env文件。 refresh\_ttl为刷新token有效期参数，单位为分钟。默认有效期14天。 token过期后，旧token将会被加入黑名单。 如果需要自动刷新，请使用中间件 thans\\jwt\\middleware\\JWTAuthAndRefresh::class, 自动刷新后会通过header返回，请保存好。（注意，此中间件过期后第一次访问正常，第二次进入黑名单。）

token传参方式如下：

> 可通过jwt.php配置文件内token\_mode参数来调整参数接收方式及优先级 token\_mode默认值为\['header', 'cookie', 'param'\];

> 在某些前后端分离的情况下可选择取消cookie接收方式来避免token冲突

- 将token加入到url中作为参数。键名为token
- 将token加入到cookie。键名为token
- 将token加入header，如下：Authorization:bearer token值
- 以上三种方式，任选其一即可。推荐加入header中。

#### 其他操作

[](#其他操作)

1. 拉黑Token JWTAuth::invalidate($token);
2. 查询Token是否黑名单 JWTAuth::validate($token);

#### 常见问题

[](#常见问题)

- 使用RSA256方式的时候，请使用文本形式。如下：

[![image](https://camo.githubusercontent.com/6331cd036a551a208afc886b7319df6e60afe3d43c18e7ef966228aa4e767bb0/68747470733a2f2f7468616e732e636e2f536e6970617374655f323032302d30312d31385f31372d32352d35322e706e67)](https://camo.githubusercontent.com/6331cd036a551a208afc886b7319df6e60afe3d43c18e7ef966228aa4e767bb0/68747470733a2f2f7468616e732e636e2f536e6970617374655f323032302d30312d31385f31372d32352d35322e706e67)

联系&amp;打赏
---------

[](#联系打赏)

[打赏名单](SUPPORT.md)

[![image](https://camo.githubusercontent.com/378050e392d72653e75a9aa4b3fc03281d61df17306e8d1e2b62bf6170757bce/68747470733a2f2f7468616e732e636e2f6f74686572732f7468616e732e6a706567)](https://camo.githubusercontent.com/378050e392d72653e75a9aa4b3fc03281d61df17306e8d1e2b62bf6170757bce/68747470733a2f2f7468616e732e636e2f6f74686572732f7468616e732e6a706567)

参考与借鉴
-----

[](#参考与借鉴)

感谢
--

[](#感谢)

- jwt-auth
- php
- lcobucci/jwt
- thinkphp

下一步
---

[](#下一步)

- 支持动态配置

License
-------

[](#license)

MIT

###  Health Score

29

—

LowBetter than 60% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity3

Limited adoption so far

Community13

Small or concentrated contributor base

Maturity71

Established project with proven stability

 Bus Factor1

Top contributor holds 76.2% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~76 days

Recently: every ~140 days

Total

12

Last Release

1643d ago

PHP version history (2 changes)v1.0PHP ^7.0

v1.2.0PHP ^7.0 || ^8.0

### Community

Maintainers

![](https://www.gravatar.com/avatar/e96b2107f1ab83ba7814fc6f62267dd2b942649d92a394e02a916242c083a8f2?d=identicon)[jixiaolu88](/maintainers/jixiaolu88)

---

Top Contributors

[![QThans](https://avatars.githubusercontent.com/u/18275400?v=4)](https://github.com/QThans "QThans (48 commits)")[![qeq66](https://avatars.githubusercontent.com/u/19647183?v=4)](https://github.com/qeq66 "qeq66 (11 commits)")[![Hao-Wu](https://avatars.githubusercontent.com/u/860738?v=4)](https://github.com/Hao-Wu "Hao-Wu (1 commits)")[![jixiaolu88](https://avatars.githubusercontent.com/u/54837631?v=4)](https://github.com/jixiaolu88 "jixiaolu88 (1 commits)")[![mark0325](https://avatars.githubusercontent.com/u/11986659?v=4)](https://github.com/mark0325 "mark0325 (1 commits)")[![zhigge](https://avatars.githubusercontent.com/u/17754665?v=4)](https://github.com/zhigge "zhigge (1 commits)")

### Embed Badge

![Health badge](/badges/jixiaolu88-jwt-auth/health.svg)

```
[![Health](https://phpackages.com/badges/jixiaolu88-jwt-auth/health.svg)](https://phpackages.com/packages/jixiaolu88-jwt-auth)
```

###  Alternatives

[tymon/jwt-auth

JSON Web Token Authentication for Laravel and Lumen

11.5k49.1M350](/packages/tymon-jwt-auth)[php-open-source-saver/jwt-auth

JSON Web Token Authentication for Laravel and Lumen

8359.8M53](/packages/php-open-source-saver-jwt-auth)[scheb/2fa

Two-factor authentication for Symfony applications (please use scheb/2fa-bundle to install)

578630.7k1](/packages/scheb-2fa)[patrickbussmann/oauth2-apple

Sign in with Apple OAuth 2.0 Client Provider for The PHP League OAuth2-Client

1132.5M6](/packages/patrickbussmann-oauth2-apple)[vonage/jwt

A standalone package for creating JWTs for Vonage APIs

424.1M4](/packages/vonage-jwt)[scheb/2fa-trusted-device

Extends scheb/2fa-bundle with trusted devices support

355.1M16](/packages/scheb-2fa-trusted-device)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)