PHPackages                             juniorfontenele/laravel-secure-jwt - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. juniorfontenele/laravel-secure-jwt

AbandonedArchivedLibrary[Authentication &amp; Authorization](/categories/authentication)

juniorfontenele/laravel-secure-jwt
==================================

A laravel wrapper for firebase/php-jwt package

1.0.0(1y ago)088[4 PRs](https://github.com/juniorfontenele/laravel-secure-jwt/pulls)2MITPHPPHP ^8.3CI passing

Since Jun 2Pushed 5mo ago1 watchersCompare

[ Source](https://github.com/juniorfontenele/laravel-secure-jwt)[ Packagist](https://packagist.org/packages/juniorfontenele/laravel-secure-jwt)[ Docs](https://github.com/juniorfontenele/laravel-secure-jwt)[ GitHub Sponsors](https://github.com/JuniorFontenele)[ RSS](/packages/juniorfontenele-laravel-secure-jwt/feed)WikiDiscussions master Synced today

READMEChangelogDependencies (18)Versions (7)Used By (2)

Laravel Secure JWT
==================

[](#laravel-secure-jwt)

[![Latest Version on Packagist](https://camo.githubusercontent.com/5f0b40a2773679b3954b39d1ad5716c96d8c0ff8fd3392592682d28ffded3626/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6a756e696f72666f6e74656e656c652f6c61726176656c2d7365637572652d6a77742e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/juniorfontenele/laravel-secure-jwt)[![Tests](https://camo.githubusercontent.com/be52a6fb46b84a557ef17eefd07189f6cc7f510ac5bb177124c872d6a6487377/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f6a756e696f72666f6e74656e656c652f6c61726176656c2d7365637572652d6a77742f74657374732e796d6c3f6272616e63683d6d61696e266c6162656c3d7465737473267374796c653d666c61742d737175617265)](https://github.com/juniorfontenele/laravel-secure-jwt/actions/workflows/tests.yml)[![Total Downloads](https://camo.githubusercontent.com/0c92e3e9d187ada2b498a141ec484bbf21b3e4a8853fe0bde4b241fa5ffcd9f0/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6a756e696f72666f6e74656e656c652f6c61726176656c2d7365637572652d6a77742e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/juniorfontenele/laravel-secure-jwt)

A secure and flexible JWT (JSON Web Token) implementation for Laravel applications. This package provides a robust wrapper around firebase/php-jwt with additional security features like nonce validation, blacklisting, and comprehensive claim validation.

Features
--------

[](#features)

- Secure JWT generation and validation
- Token blacklisting to revoke tokens
- Nonce validation to prevent token replay attacks
- Comprehensive claim validation (expiration, issuance time, not before)
- Custom claims support
- Laravel Cache integration for token storage

Installation
------------

[](#installation)

You can install the package via composer:

```
composer require juniorfontenele/laravel-secure-jwt
```

The package will automatically register its service provider if you're using Laravel.

Configuration
-------------

[](#configuration)

Publish the configuration file:

```
php artisan vendor:publish --tag="secure-jwt-config"
```

This will create a `config/secure-jwt.php` file with the following options:

```
return [
    'issuer' => env('JWT_ISSUER', env('APP_URL')),
    'ttl' => env('JWT_TTL', 300), // 5 minutes
    'nonce_ttl' => env('JWT_NONCE_TTL', 86400), // 24 hours
    'blacklist_ttl' => env('JWT_BLACKLIST_TTL', 2592000), // 30 days
];
```

Usage
-----

[](#usage)

### Creating a JWT

[](#creating-a-jwt)

```
use JuniorFontenele\LaravelSecureJwt\Facades\SecureJwt;
use JuniorFontenele\LaravelSecureJwt\CustomClaims;
use JuniorFontenele\LaravelSecureJwt\JwtKey;

// Create a signing key
$signingKey = new JwtKey(
    id: 'key-1',
    key: 'your-secret-key', // or load from secure storage
    algorithm: 'HS256'
);

// Create custom claims
$customClaims = new CustomClaims([
    'user_id' => 123,
    'email' => 'user@example.com',
    'roles' => ['admin', 'editor']
]);

// Generate JWT token
$token = SecureJwt::generateToken($customClaims, $signingKey);
```

### Validating a JWT

[](#validating-a-jwt)

```
use JuniorFontenele\LaravelSecureJwt\Facades\SecureJwt;
use JuniorFontenele\LaravelSecureJwt\JwtKey;

// Create a verification key (same as signing key for symmetric algorithms)
$verificationKey = new JwtKey(
    id: 'key-1',
    key: 'your-secret-key',
    algorithm: 'HS256'
);

try {
    // Verify and decode the token
    $decodedJwt = SecureJwt::decode($token, $verificationKey);

    // Access custom claims
    $userId = $decodedJwt->claim('user_id');
    $email = $decodedJwt->claim('email');

    // Access all claims
    $allClaims = $decodedJwt->claims();
} catch (JwtExpiredException $e) {
    // Token has expired
} catch (JwtNotValidYetException $e) {
    // Token not valid yet (nbf claim)
} catch (TokenBlacklistedException $e) {
    // Token has been blacklisted
} catch (NonceUsedException $e) {
    // Token nonce has been used before (replay attack)
} catch (JwtValidationException $e) {
    // Other validation errors
} catch (JwtException $e) {
    // Generic JWT errors
}
```

### Blacklisting a Token

[](#blacklisting-a-token)

```
use JuniorFontenele\LaravelSecureJwt\Facades\SecureJwt;

// Blacklist a token using the decoded JWT
SecureJwt::blacklist($decodedJwt->jti());

// Check if a token is blacklisted
$isBlacklisted = SecureJwt::isBlacklisted($decodedJwt->jti());

// Remove a token from the blacklist
SecureJwt::removeFromBlacklist($decodedJwt->jti());
```

Advanced Usage
--------------

[](#advanced-usage)

### Using Asymmetric Keys (RS256, ES256, etc.)

[](#using-asymmetric-keys-rs256-es256-etc)

```
use JuniorFontenele\LaravelSecureJwt\Facades\SecureJwt;
use JuniorFontenele\LaravelSecureJwt\JwtKey;

// Signing with private key
$signingKey = new JwtKey(
    id: 'key-1',
    key: file_get_contents('/path/to/private.key'),
    algorithm: 'RS256'
);

// Create a token
$token = SecureJwt::generateToken($customClaims, $signingKey);

// Verifying with public key
$verificationKey = new JwtKey(
    id: 'key-1',
    key: file_get_contents('/path/to/public.key'),
    algorithm: 'RS256'
);

$decodedJwt = SecureJwt::decode($token, $verificationKey);
```

Testing
-------

[](#testing)

```
composer test
```

Changelog
---------

[](#changelog)

Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently.

Contributing
------------

[](#contributing)

Please see [CONTRIBUTING](CONTRIBUTING.md) for details.

Security Vulnerabilities
------------------------

[](#security-vulnerabilities)

Please review [our security policy](../../security/policy) on how to report security vulnerabilities.

Credits
-------

[](#credits)

- [Junior Fontenele](https://github.com/juniorfontenele)
- [All Contributors](../../contributors)

License
-------

[](#license)

The MIT License (MIT). Please see [License File](LICENSE.md) for more information.

###  Health Score

37

—

LowBetter than 81% of packages

Maintenance60

Regular maintenance activity

Popularity10

Limited adoption so far

Community13

Small or concentrated contributor base

Maturity56

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 50% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

397d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/3694405?v=4)[Junior Fontenele](/maintainers/juniorfontenele)[@juniorfontenele](https://github.com/juniorfontenele)

---

Top Contributors

[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (2 commits)")[![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)](https://github.com/github-actions[bot] "github-actions[bot] (2 commits)")

---

Tags

juniorfontenelesecure-jwt

###  Code Quality

TestsPest

Static AnalysisPHPStan, Rector

Code StyleLaravel Pint

### Embed Badge

![Health badge](/badges/juniorfontenele-laravel-secure-jwt/health.svg)

```
[![Health](https://phpackages.com/badges/juniorfontenele-laravel-secure-jwt/health.svg)](https://phpackages.com/packages/juniorfontenele-laravel-secure-jwt)
```

###  Alternatives

[laravel/horizon

Dashboard and code-driven configuration for Laravel queues.

4.2k95.4M306](/packages/laravel-horizon)[directorytree/ldaprecord-laravel

LDAP Authentication &amp; Management for Laravel.

5752.3M18](/packages/directorytree-ldaprecord-laravel)[illuminate/queue

The Illuminate Queue package.

21332.6M1.6k](/packages/illuminate-queue)[microsoft/kiota-authentication-phpleague

Authentication provider for Kiota using the PHP League OAuth 2.0 client to authenticate against the Microsoft Identity platform

154.1M9](/packages/microsoft-kiota-authentication-phpleague)[kovah/laravel-socialite-oidc

OpenID Connect OAuth2 Provider for Laravel Socialite

24133.5k](/packages/kovah-laravel-socialite-oidc)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
