PHPackages klimesf/nette-jwt-user-storage - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. klimesf/nette-jwt-user-storage ActiveLibrary[Authentication & Authorization](/categories/authentication) klimesf/nette-jwt-user-storage ============================== Nette IUserStorage implementation using JWT instead of sessions. v1.0.0(10y ago)8473[8 issues](https://github.com/klimesf/nette-jwt-user-storage/issues)MITPHPPHP >= 5.4.0 Since Aug 20Pushed 6y ago2 watchersCompare [ Source](https://github.com/klimesf/nette-jwt-user-storage)[ Packagist](https://packagist.org/packages/klimesf/nette-jwt-user-storage)[ RSS](/packages/klimesf-nette-jwt-user-storage/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (4)Dependencies (5)Versions (5)Used By (0) nette-jwt-user-storage ====================== [](#nette-jwt-user-storage) [![Latest Stable Version](https://camo.githubusercontent.com/abbce24050f2b30d27a9716f6d864290b54b8ff68a8da26974bc76238b31c285/68747470733a2f2f706f7365722e707567782e6f72672f6b6c696d6573662f6e657474652d6a77742d757365722d73746f726167652f76657273696f6e)](https://packagist.org/packages/klimesf/nette-jwt-user-storage)[![License](https://camo.githubusercontent.com/78f30f51b2dad95cf5b784eea795d79420dd393e67a30eda27c08bc632bb324d/68747470733a2f2f706f7365722e707567782e6f72672f6b6c696d6573662f6e657474652d6a77742d757365722d73746f726167652f6c6963656e7365)](https://packagist.org/packages/klimesf/nette-jwt-user-storage)[![Build Status](https://camo.githubusercontent.com/311f825eb32e1e4cfbaa2f4ec505e1ca581b3ebfd965463e3fa0d6fb54743568/68747470733a2f2f7472617669732d63692e6f72672f6b6c696d6573662f6e657474652d6a77742d757365722d73746f726167652e737667)](https://travis-ci.org/klimesf/nette-jwt-user-storage) **DISCONTINUED** This repository is abandoned. You can use slepic's fork . --- Nette IUserStorage implementation using JWT access token instead of PHP sessions. > Disclaimer: If you don't know what JWT is, please refer to [JWT draft](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32) or to [JWT homepage](http://jwt.io/). On user login, the application stores `jwt_access_token` cookie instead of bad old `PHPSESSID` one. The cookie contains an encoded JWT signed by the application. The user authentication is then based on verifying the JWT rather than the session. > Warning: CSRF protection rules still apply! This means you no longer need to solve PHP session implementation, scaling and testing problems. All the things that you would normally store in the `SessionStorage` can be stored in a key-value storage, where the JWT is a key. This also means your application is ready to become SPA in the future. :) Configuration ------------- [](#configuration) Register the extension in your `config.neon`. ``` extensions: jwtUserStorage: Klimesf\Security\DI\JWTUserStorageExtension ``` Then configure its required properties. ``` JWTUserStorage: privateKey: 'secret-cat' # this secret is used to sign the JWT algorithm: 'HS256' # this is the signing algorithm ``` Both the JWT and the cookie in which it's stored is by default set to expire in 20 days. If you want to fiddle with expiration time, use `expiration` option: ``` JWTUserStorage: expiration: 20 days # sets JWT and cookie expiration time to 20 days (this is the default option) expiration: 20 minutes # sets JWT and cookie expiration time to 20 minutes expiration: false # sets JWT and cookie to never expire ``` By default, `jti` and `iat` (see [JWT draft](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32)) are added to your JWTs. If you don't want to use them, set `generateJti` and `generateIat` options to false. ``` JWTUserStorage: generateJti: false # disables jti generation for your JWT access tokens generateIat: false # disables iat generation for your JWT access tokens ``` If you want to define your own `Nette\Security\IIdentity` serializer, which serializes your identity implementation into the JWT body, you can implement `Klimesf\Security\IIdentitySerializer` ``` namespace Your\Own; class IdentitySerializer implements \Klimesf\Security\IIdentitySerializer { // ... } ``` and register it in configuration. ``` JWTUserStorage: identitySerializer: Your\Own\IdentitySerializer ``` And that's it, you're ready to go! Known issues ------------ [](#known-issues) - If you are developing an app with JWT User Storage and you still see `PHPSESSID` in your cookies, it's probably because [Tracy\\Tracy](https://github.com/tracy/tracy) uses it. Discussion threads ------------------ [](#discussion-threads) - Czech discussion thread on [Nette Forum](https://forum.nette.org/cs/24081-nette-jwt-user-storage-dejte-sbohem-php-session#p161518) Literature ---------- [](#literature) - [Stormpath: Where to store JWTs](https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage/) - [Reddit: JWT vs session cookies](https://www.reddit.com/r/webdev/comments/3afcs9/jwt_vs_session_cookies_authentication/) - [Dev Kimchi](http://devkimchi.com/1622/can-json-web-token-jwt-be-an-alternative-for-session/) - [JTI Generation](https://github.com/bshaffer/oauth2-server-php/issues/265) ### Health Score 25 — LowBetter than 37% of packages Maintenance0 Infrequent updates — may be unmaintained Popularity15 Limited adoption so far Community12 Small or concentrated contributor base Maturity61 Established project with proven stability Bus Factor1 Top contributor holds 96.7% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 4 Last Release 3923d ago Major Versions v0.2.0 → v1.0.02015-08-21 ### Community Maintainers ![](https://www.gravatar.com/avatar/7cfcf6ef13d348cc2c0a10093b0a028f53ea65f3502c1f09ce9e380a825196d2?d=identicon)[klimesf](/maintainers/klimesf) --- Top Contributors [![klimesf](https://avatars.githubusercontent.com/u/5357636?v=4)](https://github.com/klimesf "klimesf (29 commits)")[![gitter-badger](https://avatars.githubusercontent.com/u/8518239?v=4)](https://github.com/gitter-badger "gitter-badger (1 commits)") ### Embed Badge ![Health badge](/badges/klimesf-nette-jwt-user-storage/health.svg) ``` [![Health](https://phpackages.com/badges/klimesf-nette-jwt-user-storage/health.svg)](https://phpackages.com/packages/klimesf-nette-jwt-user-storage) ``` ### Alternatives [google/auth Google Auth Library for PHP 1.4k272.7M162](/packages/google-auth)[thenetworg/oauth2-azure Azure Active Directory OAuth 2.0 Client Provider for The PHP League OAuth2-Client 2509.6M48](/packages/thenetworg-oauth2-azure)[stevenmaguire/oauth2-keycloak Keycloak OAuth 2.0 Client Provider for The PHP League OAuth2-Client 2275.9M27](/packages/stevenmaguire-oauth2-keycloak)[robsontenorio/laravel-keycloak-guard 🔑 Simple Keycloak Guard for Laravel 5161.1M3](/packages/robsontenorio-laravel-keycloak-guard)[patrickbussmann/oauth2-apple Sign in with Apple OAuth 2.0 Client Provider for The PHP League OAuth2-Client 1132.5M6](/packages/patrickbussmann-oauth2-apple)[socialiteproviders/microsoft Microsoft OAuth2 Provider for Laravel Socialite 326.1M13](/packages/socialiteproviders-microsoft) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)