PHPackages johannessteu/jwt-auth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. johannessteu/jwt-auth ActiveNeos-package[Authentication & Authorization](/categories/authentication) johannessteu/jwt-auth ===================== An example implementation for a jwt auth in flow v0.1.0(8y ago)171PHP Since Oct 3Pushed 8y ago1 watchersCompare [ Source](https://github.com/johannessteu/JohannesSteu.JwtAuth)[ Packagist](https://packagist.org/packages/johannessteu/jwt-auth)[ RSS](/packages/johannessteu-jwt-auth/feed)WikiDiscussions master Synced today READMEChangelog (1)Dependencies (2)Versions (2)Used By (0) JohannesSteu.JwtAuth ==================== [](#johannessteujwtauth) This package is a simple demo how to implement a jwt authentication in Neos Flow. For more details about the JSON Web token itself check . This mechanism is a great choice to sign for api requests in flow. ### This package contains [](#this-package-contains) #### JwtToken [](#jwttoken) This class represents a JWT token. This token contains the JWT string wich is sent in your request. The JWT string must be provided in a `X-JWT` Header. The payload itself must contain a property `accountIdentifier`. ##### JwtTokenProvider [](#jwttokenprovider) The JwtTokenProvider validates a JwtToken. It will first check if the token contains a jwt string at all and then try to decode it with a configured shared secret. If the payload can be decoded it will create a transient account with the data from the payload and set this account as authenticated. #### Access data from the payload in flow [](#access-data-from-the-payload-in-flow) This demo implementation will set the full payload into the authenticated token. To access the data in your flow application: ``` $authenticationToken = $this->securityContext->getAuthenticationTokensOfType(JwtToken::class)[0]; $jwtPayload = $authenticationToken->getPayload(); ``` ##### Example Request [](#example-request) This is a valid request and will be authenticated with the role `JohannesSteu.JwtAuth:User` in flow: ``` curl -H "X-JWT=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY2NvdW50SWRlbnRpZmllciI6InNvbWUtYWNjb3VudCIsIm5hbWUiOiJKb2huIERvZSJ9.8slTfTqCRozgcby-As6KxeCb5Zq9zX3TmVUcJAgW328" http://your-app.com ``` To debug the jwt string [click here.](https://jwt.io/#debugger?&id_token=https://jwt.io/#debugger?&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhY2NvdW50SWRlbnRpZmllciI6InNvbWUtYWNjb3VudCIsIm5hbWUiOiJKb2huIERvZSJ9.8slTfTqCRozgcby-As6KxeCb5Zq9zX3TmVUcJAgW328)Enter the shared secret `aSharedSecret` to verify the signature. ### Health Score 24 — LowBetter than 32% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity7 Limited adoption so far Community8 Small or concentrated contributor base Maturity53 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 3143d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/769789?v=4)[Johannes Steu](/maintainers/johannessteu)[@johannessteu](https://github.com/johannessteu) --- Top Contributors [![johannessteu](https://avatars.githubusercontent.com/u/769789?v=4)](https://github.com/johannessteu "johannessteu (1 commits)") --- Tags flowframeworkjwtneoscms ### Embed Badge ![Health badge](/badges/johannessteu-jwt-auth/health.svg) ``` [![Health](https://phpackages.com/badges/johannessteu-jwt-auth/health.svg)](https://phpackages.com/packages/johannessteu-jwt-auth) ``` ### Alternatives [google/auth Google Auth Library for PHP 1.4k272.7M162](/packages/google-auth)[thenetworg/oauth2-azure Azure Active Directory OAuth 2.0 Client Provider for The PHP League OAuth2-Client 2509.6M48](/packages/thenetworg-oauth2-azure)[stevenmaguire/oauth2-keycloak Keycloak OAuth 2.0 Client Provider for The PHP League OAuth2-Client 2275.9M27](/packages/stevenmaguire-oauth2-keycloak)[robsontenorio/laravel-keycloak-guard 🔑 Simple Keycloak Guard for Laravel 5161.1M3](/packages/robsontenorio-laravel-keycloak-guard)[patrickbussmann/oauth2-apple Sign in with Apple OAuth 2.0 Client Provider for The PHP League OAuth2-Client 1132.5M6](/packages/patrickbussmann-oauth2-apple)[wp-graphql/wp-graphql-jwt-authentication JWT Authentication for WPGraphQL 361118.4k1](/packages/wp-graphql-wp-graphql-jwt-authentication) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)