PHPackages kino/laravel-jwt - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. kino/laravel-jwt ActiveLibrary[Authentication & Authorization](/categories/authentication) kino/laravel-jwt ================ Dead simple JWT Auth Provider for Laravel 5.4+ 09PHP Since May 15Pushed 9y ago2 watchersCompare [ Source](https://github.com/sejakino/laravel-jwt)[ Packagist](https://packagist.org/packages/kino/laravel-jwt)[ RSS](/packages/kino-laravel-jwt/feed)WikiDiscussions master Synced yesterday READMEChangelogDependenciesVersions (1)Used By (0) Laravel JWT =========== [](#laravel-jwt) [![Readme Art](https://camo.githubusercontent.com/eea77c4011e76edf4c30f25fd1dfd6f2bc3aa8d65162e6311632c27c4382b17a/687474703a2f2f696d616765736861636b2e636f6d2f612f696d673932332f393632392f3053336651752e706e67)](https://camo.githubusercontent.com/eea77c4011e76edf4c30f25fd1dfd6f2bc3aa8d65162e6311632c27c4382b17a/687474703a2f2f696d616765736861636b2e636f6d2f612f696d673932332f393632392f3053336651752e706e67) This package provides out-of-the-box API authentication using JWT for Laravel. Installation. ------------- [](#installation) You can install this package by running: ``` composer require kino/laravel-jwt ``` Setup. ------ [](#setup) In order to setup this package into your application, minimal configuration is actually needed. #### 1) Service Provider. [](#1-service-provider) Register this package's Service Provider by adding it to the `providers`section of your `config/app.php` file: ``` 'providers' => [ // ... other providers omitted Kino\Auth\JWT\ServiceProvider::class, ], ``` #### 2) Configuration file. [](#2-configuration-file) Publish the configuration file (`config/jwt.php`) by running the following command after registering the Service Provider. ``` php artisan vendor:publish --provider="Kino\Auth\JWT\ServiceProvider" ``` #### 3) Generate a Secret. [](#3-generate-a-secret) In order for this package to works, you will need a separate secret (do not use the application key). This package provides a command that can be used for generating a strong key. Get a new key by running: ``` php artisan jwt:generate ``` Then, copy the generated key contents into your `.env` file. **NOTICE**: The key generation process will not automatically set it inside your `.env` file, do it manually. #### 4) Setup Guard [](#4-setup-guard) In order to automatically authenticate your routes using `JWT` tokens, you need to change the guard driver to `jwt` Inside `config/auth.php` set the corresponding guard group you want to protect: If you have the default guard group named `api`, your `auth.php`should be like this: ``` 'guards' => [ // ... other guards omitted. 'api' => [ 'driver' => 'jwt', // this is the line you need to change. 'provider' => 'users', ], ], ``` That's it, we are all ready to use it. Usage. ------ [](#usage) This package aims to be dead simple to use. The following templates can be used to setup your existing authentication controllers and resources. **NOTICE**: Full working examples of use for this package will be added on this package when it reaches it's 1.0 version. ### Protecting Routes. [](#protecting-routes) This package is fully integrated with Laravel Authentication. The default configuration (`config/jwt.php`) brings a sensitive value that is very useful when your application is not completely an API: **`'middleware_match`** By not completely an API, I mean, the JWT guard is not the default one. In those cases, in order to use the `auth` middleware, the config key **`middleware_match`** **MUST** be set to true. This configuration key allows non protected routes to work properly. Notice that this option will match middleware group names with guard names. > In this case, the 'api' middleware group will always use the `api` guard. Also, the 'web' middleware group will always use the `web` guard. If you do not use this value, you will need to use suffixes when referencing the `auth` middleware, like `auth:api`. ### Issuing and Renewing Tokens. [](#issuing-and-renewing-tokens) For issuing tokens, no special class is actually needed, you can just expect create a Guard current implementation from the IoC and work from there. Check out the examples. \*\* On the following examples, all Guard instances are injected from `Illuminate\Contracts\Auth\Guard` \*\* \*\* On the following examples, all Request instances are injected from `Illuminate\Http\Request` \*\* #### Token from User Instance. [](#token-from-user-instance) This method should be used when you just registered a user and any other special cases. ``` public function tokenFromUser(Guard $auth) { // generating a token from a given user. $user = SomeUserModel::find(12); // logs in the user $auth->login($user); // get and return a new token $token = $auth->issue(); return $token; } ``` #### Token from User Credentials. [](#token-from-user-credentials) This method should be used when you just registered a user and any other special cases. ``` public function tokenFromCredentials(Guard $auth, Request $request) { // get some credentials $credentials = $request->only(['email', 'password']); if ($auth->attempt($credentials)) { return $token = $auth->issue(); } return ['Invalid Credentials']; } ``` #### Refreshing Tokens. [](#refreshing-tokens) Tokens can be refreshed in 2 different ways: Auto detect or manual. If you do not pass any argument into the refresh method, the Guard will look for either a **`Authorization`** header or a **`token`** field on the request's body. ``` public function refreshToken(Guard $auth) { // auto detecting token from request. $token = $auth->refresh(); // manually passing the token to be refreshed. $token = $auth->refresh($oldToken); return $token; } ``` ### Custom Claims. [](#custom-claims) Of course, there are support for custom claims. You can set them in two ways. #### By explicitly passing them. [](#by-explicitly-passing-them) ``` $customClaims = [ 'custom1' => 'value1', 'custom2' => 'value2', ]; // when issuing $auth->issue($customClaims); // when refreshing // custom claims are the second parameter as the first one is the // old token $auth->refresh(null, $customClaims); ``` #### By Authenticatable method. [](#by-authenticatable-method) If all your users will have the same custom claims, you can setup a default custom claims method on your User's model (or any other Authenticatable you're using): If the method `customJWTClaims()` is present on the model being issue the token against, this claims will be automatically included. ``` class User extends Model implements Authenticatable { public function customJWTClaims() { return [ 'email' => $this->email, 'name' => $this->name, ]; } } ``` ### Health Score 19 — LowBetter than 10% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity4 Limited adoption so far Community4 Small or concentrated contributor base Maturity41 Maturing project, gaining track record How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/799b2351104c65a512e9d428cce029e2e51cfa1ba10342ba50aba3bd5b71bf71?d=identicon)[hernandev](/maintainers/hernandev) ### Embed Badge ![Health badge](/badges/kino-laravel-jwt/health.svg) ``` [![Health](https://phpackages.com/badges/kino-laravel-jwt/health.svg)](https://phpackages.com/packages/kino-laravel-jwt) ``` ### Alternatives [namshi/jose JSON Object Signing and Encryption library for PHP. 1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client OAuth 1.0 Client Library 99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 41721.2M118](/packages/league-oauth2-google)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)