PHPackages josepostiga/jwt-bouncer - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. josepostiga/jwt-bouncer AbandonedArchivedLibrary[Authentication & Authorization](/categories/authentication) josepostiga/jwt-bouncer ======================= A JWT authorization guard for your Laravel/Lumen apps. v1.0.5(5y ago)1251[1 PRs](https://github.com/josepostiga/jwt-bouncer/pulls)MITPHPPHP ^7.4 Since Sep 6Pushed 4y ago1 watchersCompare [ Source](https://github.com/josepostiga/jwt-bouncer)[ Packagist](https://packagist.org/packages/josepostiga/jwt-bouncer)[ Docs](https://github.com/josepostiga/jwt-bouncer)[ GitHub Sponsors](https://github.com/josepostiga)[ RSS](/packages/josepostiga-jwt-bouncer/feed)WikiDiscussions master Synced 2d ago READMEChangelog (6)Dependencies (4)Versions (7)Used By (0) A JWT authorization guard for your Laravel/Lumen apps. ====================================================== [](#a-jwt-authorization-guard-for-your-laravellumen-apps) [![Latest Version on Packagist](https://camo.githubusercontent.com/c2c21b0c2755e2b09ca6dc7423da73a0f77ea3175c2f9a6cf046ed4946f4edf2/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6a6f7365706f73746967612f6a77742d626f756e6365722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/josepostiga/jwt-bouncer)[![Run tests](https://github.com/josepostiga/jwt-bouncer/workflows/Run%20tests/badge.svg)](https://github.com/josepostiga/jwt-bouncer/workflows/Run%20tests/badge.svg)[![Coverage Status](https://camo.githubusercontent.com/36f192e40761f0f9672e286a1da54c0a9a5db47fb0f83d7eb7106ce794bb659c/68747470733a2f2f636f766572616c6c732e696f2f7265706f732f6769746875622f6a6f7365706f73746967612f6a77742d626f756e6365722f62616467652e7376673f6272616e63683d6d6173746572)](https://coveralls.io/github/josepostiga/jwt-bouncer?branch=master)[![Total Downloads](https://camo.githubusercontent.com/77ec64ec9acbcbd34d33f8a3e4b34b19ac49a88be3a5b666c87d09e2162bf299/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6a6f7365706f73746967612f6a77742d626f756e6365722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/josepostiga/jwt-bouncer) Installation ------------ [](#installation) You can install the package via composer: ``` composer require josepostiga/jwt-bouncer ``` If you're using a recent Laravel installation, this package is automatically discovered and wired by the framework. On Lumen application, we need to manually add the `JosePostiga\JwtBouncer\JwtServiceProvider`. Usage ----- [](#usage) ### The JWT auth guard [](#the-jwt-auth-guard) This package adds a `jwt` api guard to the framework's configuration. You can either explicitly select this guard on a per-route basis or change the default api guard driver to `jwt`, on you `config/auth.php` config file. ### JWT Scopes [](#jwt-scopes) This package will validate the `scopes` claim on an incoming request's JWT, and check if the configured scopes are contained in that claim. If not, or if the claim isn't present, the request will be immediately rejected with a `401 Unauthorized` error status code. The same rejection will also happen if the JWT can't be correctly decoded. ### Configuration [](#configuration) If we're using Laravel, we can publish the configuration file for the package by running `php artisan vendor:publish --tag=config`. A new `jwt-bouncer.php` config file will be available on the framework's `config` folder. Inside that file, we'll find two main configuration options: `guards` and `scopes`. - The `guards` option contains the necessary structure to be merged to the default `guards` keys on `config/auth.php`, which contains the authentication guards that the framework can use. If we need to rename the driver's key the package should reference to, this is where we'd do it. - The `scopes` key contains an array of pre-defined scopes the guard will be validating on every request's decoded JWT. We can add as many as necessary. **Tip:** If we want to accept all scopes, we'd add the `*` scope, here, which means that all scopes are accepted. If we're using Lumen, then things get a little more tricky. We need to add a `JWT_SCOPES` key on the `.env` file, where we defined all the scopes we accept separated by a comma. We also need to add the auth configuration file load call in the `bootstrap/app.php` file, by adding `$app->configure('auth')` on the configuration files load section, there. ### Protecting routes [](#protecting-routes) After executing the configuration steps, we can call the `auth:jwt` middleware on any route, or route group, to use this package's guard. ### The `Authenticatable` user instance [](#the-authenticatable-user-instance) On a general Laravel application, we have access to the authenticated user instance via the `Auth::user()` or `request->user()`. This instance is, generally speaking, an instance of an Eloquent model or, in some cases, a resource from a users-like database table. When using this package's JWT guard, we'll also have access to the authenticated user, but it won't be any of the types described before. Instead, it'll be an instance of the `AuthenticatedUser` value object. This class implements the `Authenticatable` interface, but its source of data is the JWT itself. This means that calling `Auth::user()->id()` will return the value of the JWT's `sub` claim. If we want to access any other claim in the JWT, we only need to reference it by its key name, so if we have a `name` claim, we can access it with `Auth::user()->name`. All calls to property access will be routed to the JWT's claims. ### Testing [](#testing) This project is fully tested. We have an [automatic pipeline](https://github.com/josepostiga/jwt-bouncer/actions) and an [automatic code quality analysis](https://coveralls.io/github/josepostiga/jwt-bouncer) tool set up to continuously test and assert the quality of all code published in this repository, but you can execute the test suite yourself by running the following command: ``` vendor/bin/phpunit ``` **We aim to keep the master branch always deployable.** Exceptions may happen, but they should be extremely rare. Changelog --------- [](#changelog) Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently. Contributing ------------ [](#contributing) Please see [CONTRIBUTING](CONTRIBUTING.md) for details. Security -------- [](#security) Please see [SECURITY](SECURITY.md) for details. Credits ------- [](#credits) - [José Postiga](https://github.com/josepostiga) - [All Contributors](../../contributors) License ------- [](#license) Please see [LICENSE](LICENSE.md) for details. ### Health Score 26 — LowBetter than 43% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity9 Limited adoption so far Community5 Small or concentrated contributor base Maturity59 Maturing project, gaining track record How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 6 Last Release 2073d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/124d5fadefbdf146e2cf3524fd1ba02ca45c825bf404e7f5555bc8bc07b69975?d=identicon)[josepostiga](/maintainers/josepostiga) --- Tags authorizationjwtlaravellumenmicroservicesphpphpjwtlaravelpackagelumenauthorizationjwt-bouncer ### Embed Badge ![Health badge](/badges/josepostiga-jwt-bouncer/health.svg) ``` [![Health](https://phpackages.com/badges/josepostiga-jwt-bouncer/health.svg)](https://phpackages.com/packages/josepostiga-jwt-bouncer) ``` ### Alternatives [tymon/jwt-auth JSON Web Token Authentication for Laravel and Lumen 11.5k49.1M350](/packages/tymon-jwt-auth)[auth0/login Auth0 Laravel SDK. Straight-forward and tested methods for implementing authentication, and accessing Auth0's Management API endpoints. 2745.0M3](/packages/auth0-login)[shanmuga/laravel-entrust This package provides a flexible solution to add ACL to Laravel 68312.9k2](/packages/shanmuga-laravel-entrust) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)