PHPackages julesr2/jwt-verifier - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. julesr2/jwt-verifier ActiveLibrary julesr2/jwt-verifier ==================== A verifier library for working with Okta JWT's 1.1.1(5y ago)04Apache-2.0PHPPHP ^7.2 Since Aug 8Pushed 5y agoCompare [ Source](https://github.com/JulesR2/okta-jwt-verifier-php)[ Packagist](https://packagist.org/packages/julesr2/jwt-verifier)[ RSS](/packages/julesr2-jwt-verifier/feed)WikiDiscussions develop Synced today READMEChangelogDependencies (14)Versions (13)Used By (0) [![](https://camo.githubusercontent.com/c2249a7f31e91c68f24eed4b51a4e517c085eb434cbae702afb598d50314176b/68747470733a2f2f617773312e646973636f757273652d63646e2e636f6d2f7374616e6461726431342f75706c6f6164732f6f6b74616465762f6f726967696e616c2f31582f306336343032363533646662373065646336363164343937366134336134366633336535653931392e706e67)](https://devforum.okta.com/)[![Packagist](https://camo.githubusercontent.com/479471d06434d9bce03835abd5849d25fb3203351131310c8d60098741168707/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6f6b74612f6a77742d76657269666965722e737667)](https://packagist.org/packages/okta/jwt-verifier)[![License](https://camo.githubusercontent.com/a549a7a30bacba7bfceebdc207a8e86c3f2c02995a2527640dca30048fd2b64e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c6963656e73652d417061636865253230322e302d626c75652e737667)](https://opensource.org/licenses/Apache-2.0)[![Support](https://camo.githubusercontent.com/ee2a88800105c9fe413810b3dfd66d47236909b19bac3ca06d6311a2a026fff9/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f737570706f72742d446576656c6f706572253230466f72756d2d626c75652e737667)](https://devforum.okta.com/) Okta JWT Verifier for PHP ========================= [](#okta-jwt-verifier-for-php) As a result of a successful authentication by [obtaining an authorization grant from a user](https://developer.okta.com/docs/api/resources/oauth2.html#obtain-an-authorization-grant-from-a-user) or using the Okta API, you will be provided with a signed JWT (`id_token` and/or `access_token`). A common use case for these access tokens is to use it inside of the Bearer authentication header to let your application know who the user is that is making the request. In order for you to know this use is valid, you will need to know how to validate the token against Okta. This guide gives you an example of how to do this using Okta's JWT Validation library for PHP. Release status -------------- [](#release-status) This library uses semantic versioning and follows Okta's [library version policy](https://developer.okta.com/code/library-versions/). VersionStatus0.x⚠️ Beta Release (Retired)1.x✔️ ReleaseThe latest release can always be found on the \[releases page\]\[github-releases\]. Installation ------------ [](#installation) The Okta JWT Verifier can be installed through composer. ``` composer require okta/jwt-verifier ``` This library requires a JWT library. We currently support [firebase/php-jwt](https://packagist.org/packages/firebase/php-jwt). You will have to install this or create your own adaptor. ``` composer require firebase/php-jwt ``` To create your own adaptor, just implement the `Okta/JwtVerifier/Adaptors/Adaptor` in your own class. You will also need to install a PSR-7 compliant library. We suggest that you use `guzzlehttp/psr7` in your project. ``` composer require guzzlehttp/psr7 ``` Setting up the Library ---------------------- [](#setting-up-the-library) To validate a JWT, you will need a few different items: 1. Your issuer URL 2. The JWT string you want to verify 3. Access to your vendor autoload file in your script. ``` require_once("/vendor/autoload.php"); // This should be replaced with your path to your vendor/autoload.php file $jwtVerifier = (new \Okta\JwtVerifier\JwtVerifierBuilder()) ->setDiscovery(new \Okta\JwtVerifier\Discovery\Oauth) // This is not needed if using oauth. The other option is `new \Okta\JwtVerifier\Discovery\OIDC` ->setAdaptor(new \Okta\JwtVerifier\Adaptors\FirebasePhpJwt) ->setAudience('api://default') ->setClientId('{clientId}') ->setIssuer('https://{yourOktaDomain}.com/oauth2/default') ->build(); ``` Validating an Access Token -------------------------- [](#validating-an-access-token) After you have a `$jwtVerifier` from the above section and an `access_token` from a successful sign in, or from a `Bearer token` in the authorization header, you will need to make sure that it is still valid. All you need to do is call the `verifyAccessToken` method (where `$jwtString` is your access token in string format). ``` $jwt = $jwtVerifier->verifyAccessToken($jwtString); ``` This will validate your JWT for the following: - token expiration time - the time it was issue at - that the token issuer matches the expected value passed into the above helper - that the token audience matches the expected value passed into the above helper The result from the verify method is a `Jwt` object which has a few helper methods for you: ``` dump($jwt); //Returns instance of \Okta\JwtVerifier\JWT dump($jwt->toJson()); // Returns Claims as JSON Object dump($jwt->getClaims()); // Returns Claims as they come from the JWT Package used dump($jwt->getIssuedAt()); // returns Carbon instance of issued at time dump($jwt->getIssuedAt(false)); // returns timestamp of issued at time dump($jwt->getExpirationTime()); //returns Carbon instance of Expiration Time dump($jwt->getExpirationTime(false)); //returns timestamp of Expiration Time ``` Validating an Id Token ---------------------- [](#validating-an-id-token) ``` $jwt = $jwtVerifier->verifyIdToken($jwtString); ``` This will validate your JWT for the following: - token expiration time - the time it was issue at - that the token issuer matches the expected value passed into the above helper - that the token audience matches the expected value passed into the above helper The result from the verify method is a `Jwt` object which has a few helper methods for you: ``` dump($jwt); //Returns instance of \Okta\JwtVerifier\JWT dump($jwt->toJson()); // Returns Claims as JSON Object dump($jwt->getClaims()); // Returns Claims as they come from the JWT Package used dump($jwt->getIssuedAt()); // returns Carbon instance of issued at time dump($jwt->getIssuedAt(false)); // returns timestamp of issued at time dump($jwt->getExpirationTime()); //returns Carbon instance of Expiration Time dump($jwt->getExpirationTime(false)); //returns timestamp of Expiration Time ## Need help? If you run into problems using the SDK, you can * Ask questions on the [Okta Developer Forums][devforum] * Post [issues][github-issues] here on GitHub * [Working With OAuth 2.0 Tokens](https://developer.okta.com/authentication-guide/tokens/) ## Conclusion The above are the basic steps for verifying an access token locally. The steps are not tied directly to a framework so you could plug in the `okta/okta-jwt` into the framework of your choice. [devforum]: https://devforum.okta.com/ [lang-landing]: https://developer.okta.com/code/php/ [github-issues]: /okta/okta-jwt-verifier-php/issues [github-releases]: /okta/okta-jwt-verifier-php/releases ``` ### Health Score 27 — LowBetter than 49% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity3 Limited adoption so far Community13 Small or concentrated contributor base Maturity65 Established project with proven stability Bus Factor1 Top contributor holds 80.5% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~186 days Recently: every ~101 days Total 8 Last Release 1893d ago Major Versions 0.4.0 → 1.0.02020-08-21 PHP version history (2 changes)0.1.0PHP ^7.0 1.0.0PHP ^7.2 ### Community Maintainers ![](https://www.gravatar.com/avatar/8fb3d6326230080430d56f100332af3ccaaf4aac66d293e07d45e4e8d078214d?d=identicon)[JulesR2](/maintainers/JulesR2) --- Top Contributors [![bretterer](https://avatars.githubusercontent.com/u/1906920?v=4)](https://github.com/bretterer "bretterer (66 commits)")[![robertjd](https://avatars.githubusercontent.com/u/132343?v=4)](https://github.com/robertjd "robertjd (3 commits)")[![heyjones](https://avatars.githubusercontent.com/u/600859?v=4)](https://github.com/heyjones "heyjones (2 commits)")[![aaronpk](https://avatars.githubusercontent.com/u/113001?v=4)](https://github.com/aaronpk "aaronpk (2 commits)")[![JulesR2](https://avatars.githubusercontent.com/u/11628900?v=4)](https://github.com/JulesR2 "JulesR2 (2 commits)")[![rlbaxter](https://avatars.githubusercontent.com/u/2219637?v=4)](https://github.com/rlbaxter "rlbaxter (2 commits)")[![jameswatts](https://avatars.githubusercontent.com/u/403296?v=4)](https://github.com/jameswatts "jameswatts (2 commits)")[![alexwilson](https://avatars.githubusercontent.com/u/440052?v=4)](https://github.com/alexwilson "alexwilson (2 commits)")[![jmaldonado-okta](https://avatars.githubusercontent.com/u/5066840?v=4)](https://github.com/jmaldonado-okta "jmaldonado-okta (1 commits)") ### Code Quality TestsPHPUnit Code StylePHP\_CodeSniffer ### Embed Badge ![Health badge](/badges/julesr2-jwt-verifier/health.svg) ``` [![Health](https://phpackages.com/badges/julesr2-jwt-verifier/health.svg)](https://phpackages.com/packages/julesr2-jwt-verifier) ``` ### Alternatives [phpro/http-tools HTTP tools for developing more consistent HTTP implementations. 28137.8k](/packages/phpro-http-tools)[sylius/sylius E-Commerce platform for PHP, based on Symfony framework. 8.4k5.6M650](/packages/sylius-sylius)[j0k3r/graby Graby helps you extract article content from web pages 384349.6k1](/packages/j0k3r-graby)[php-heroku-client/php-heroku-client A PHP client for the Heroku Platform API 24404.8k4](/packages/php-heroku-client-php-heroku-client)[wallabag/wallabag open source self hostable read-it-later web application 12.6k2.2k](/packages/wallabag-wallabag)[laudis/neo4j-php-client Neo4j-PHP-Client is the most advanced PHP Client for Neo4j 184616.9k31](/packages/laudis-neo4j-php-client) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)