PHPackages                             kongka/cakephp-3-jwt-auth - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. kongka/cakephp-3-jwt-auth

ActiveCakephp-plugin[Authentication &amp; Authorization](/categories/authentication)

kongka/cakephp-3-jwt-auth
=========================

CakePHP plugin for authenticating using JSON Web Tokens fork from admad/cakephp-jwt-auth

2.3.6(5y ago)027MITPHP

Since Nov 16Pushed 5y agoCompare

[ Source](https://github.com/kongka/cakephp-3-jwt-auth)[ Packagist](https://packagist.org/packages/kongka/cakephp-3-jwt-auth)[ Docs](http://github.com/kongka/cakephp-3-jwt-auth)[ RSS](/packages/kongka-cakephp-3-jwt-auth/feed)WikiDiscussions master Synced today

READMEChangelog (4)Dependencies (4)Versions (15)Used By (0)

CakePHP JWT Authenticate plugin
===============================

[](#cakephp-jwt-authenticate-plugin)

[![Build Status](https://camo.githubusercontent.com/a3fad70bbc23807044908fa210bb8e6069ab050fc4162f468ec1e7bd7fcfa301/68747470733a2f2f696d672e736869656c64732e696f2f7472617669732f41446d61642f63616b657068702d6a77742d617574682f6d61737465722e7376673f7374796c653d666c61742d737175617265)](https://travis-ci.org/ADmad/cakephp-jwt-auth)[![Coverage](https://camo.githubusercontent.com/ad6af5d14a42c616f51c283162d15cf12a0acccb16c0ff72ee9cc8c496bf753c/68747470733a2f2f696d672e736869656c64732e696f2f636f6465636f762f632f6769746875622f41446d61642f63616b657068702d6a77742d617574682e7376673f7374796c653d666c61742d737175617265)](https://codecov.io/github/ADmad/cakephp-jwt-auth)[![Total Downloads](https://camo.githubusercontent.com/feb51b6aae4942aaa257ed78f5d32b6559975df048a1f7f3d5788ec90c40bf1d/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f41446d61642f63616b657068702d6a77742d617574682e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/ADmad/cakephp-jwt-auth)[![License](https://camo.githubusercontent.com/942e017bf0672002dd32a857c95d66f28c5900ab541838c6c664442516309c8a/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d626c75652e7376673f7374796c653d666c61742d737175617265)](LICENSE.txt)

Plugin containing AuthComponent's authenticate class for authenticating using [JSON Web Tokens](http://jwt.io/). You can read about JSON Web Token specification in detail [here](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-27).

Installation
------------

[](#installation)

```
composer require kongka/cakephp-3-jwt-auth
```

Usage
-----

[](#usage)

In your app's `config/bootstrap.php` add:

```
// In config/bootstrap.php
Plugin::load('kongka/JwtAuth');
```

or using cake's console:

```
./bin/cake plugin load kongka/JwtAuth
```

Configuration:
--------------

[](#configuration)

Setup `AuthComponent`:

```
    // In your controller, for e.g. src/Api/AppController.php
    public function initialize()
    {
        parent::initialize();

        $this->loadComponent('Auth', [
            'storage' => 'Memory',
            'authenticate' => [
                'kongka/JwtAuth.Jwt' => [
                    'userModel' => 'Users',
                    'fields' => [
                        'username' => 'id'
                    ],

                    'parameter' => 'token',

                    // Boolean indicating whether the "sub" claim of JWT payload
                    // should be used to query the Users model and get user info.
                    // If set to `false` JWT's payload is directly returned.
                    'queryDatasource' => true,
                ]
            ],

            'unauthorizedRedirect' => false,
            'checkAuthIn' => 'Controller.initialize',

            // If you don't have a login action in your application set
            // 'loginAction' to false to prevent getting a MissingRouteException.
            'loginAction' => false
        ]);
    }
```

Working
-------

[](#working)

The authentication class checks for the token in two locations:

- `HTTP_AUTHORIZATION` environment variable:

    It first checks if token is passed using `Authorization` request header. The value should be of form `Bearer `. The `Authorization` header name and token prefix `Bearer` can be customized using options `header` and `prefix`respectively.
- The query string variable specified using `parameter` config:

    Next it checks if the token is present in query string. The default variable name is `token` and can be customzied by using the `parameter` config shown above.

### Known Issue

[](#known-issue)

Some servers don't populate `$_SERVER['HTTP_AUTHORIZATION']` when `Authorization` header is set. So it's up to you to ensure that either `$_SERVER['HTTP_AUTHORIZATION']` or `$_ENV['HTTP_AUTHORIZATION']` is set.

For e.g. for apache you could use the following:

```
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

```

or

```
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

```

Token Generation
----------------

[](#token-generation)

You can use `\Firebase\JWT\JWT::encode()` of the [firebase/php-jwt](https://github.com/firebase/php-jwt)lib, which this plugin depends on, to generate tokens.

**The payload should have the "sub" (subject) claim whose value is used to query the Users model and find record matching the "id" field.**

You can set the `queryDatasource` option to `false` to directly return the token's payload as user info without querying datasource for matching user record.

Further reading
---------------

[](#further-reading)

For an end to end usage example check out [this](http://www.bravo-kernel.com/2015/04/how-to-add-jwt-authentication-to-a-cakephp-3-rest-api/) blog post by Bravo Kernel.

###  Health Score

31

—

LowBetter than 68% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity7

Limited adoption so far

Community14

Small or concentrated contributor base

Maturity71

Established project with proven stability

 Bus Factor1

Top contributor holds 83.6% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~135 days

Recently: every ~218 days

Total

14

Last Release

2071d ago

Major Versions

1.0.0 → 2.0.02016-02-18

### Community

Maintainers

![](https://www.gravatar.com/avatar/0e5ac8b2dcb292a173c9e56c800e09f880a4ee6240e0ee3af4e96aa76521f1cf?d=identicon)[kongkannika](/maintainers/kongkannika)

---

Top Contributors

[![ADmad](https://avatars.githubusercontent.com/u/142658?v=4)](https://github.com/ADmad "ADmad (122 commits)")[![JulioRamos0](https://avatars.githubusercontent.com/u/3371601?v=4)](https://github.com/JulioRamos0 "JulioRamos0 (8 commits)")[![kongka](https://avatars.githubusercontent.com/u/22835948?v=4)](https://github.com/kongka "kongka (5 commits)")[![curtisgibby](https://avatars.githubusercontent.com/u/1086964?v=4)](https://github.com/curtisgibby "curtisgibby (3 commits)")[![hmic](https://avatars.githubusercontent.com/u/876917?v=4)](https://github.com/hmic "hmic (2 commits)")[![bravo-kernel](https://avatars.githubusercontent.com/u/230500?v=4)](https://github.com/bravo-kernel "bravo-kernel (1 commits)")[![ceeram](https://avatars.githubusercontent.com/u/111448?v=4)](https://github.com/ceeram "ceeram (1 commits)")[![AdrienCS](https://avatars.githubusercontent.com/u/212516300?v=4)](https://github.com/AdrienCS "AdrienCS (1 commits)")[![stickler-ci](https://avatars.githubusercontent.com/u/16011037?v=4)](https://github.com/stickler-ci "stickler-ci (1 commits)")[![voycey](https://avatars.githubusercontent.com/u/1065098?v=4)](https://github.com/voycey "voycey (1 commits)")[![alysson-azevedo](https://avatars.githubusercontent.com/u/2701975?v=4)](https://github.com/alysson-azevedo "alysson-azevedo (1 commits)")

---

Tags

jwtAuthenticationcakephpauthenticate

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/kongka-cakephp-3-jwt-auth/health.svg)

```
[![Health](https://phpackages.com/badges/kongka-cakephp-3-jwt-auth/health.svg)](https://phpackages.com/packages/kongka-cakephp-3-jwt-auth)
```

###  Alternatives

[admad/cakephp-jwt-auth

CakePHP plugin for authenticating using JSON Web Tokens

160680.3k8](/packages/admad-cakephp-jwt-auth)[cakedc/users

Users Plugin for CakePHP

524897.0k16](/packages/cakedc-users)[dereuromark/cakephp-tinyauth

A CakePHP plugin to handle user authentication and authorization the easy way.

129228.6k10](/packages/dereuromark-cakephp-tinyauth)[cakedc/auth

Auth objects for CakePHP

31630.0k2](/packages/cakedc-auth)[dmkit/phalcon-jwt-auth

A simple JWT middleware for Phalcon Micro to handle stateless authentication

3541.5k](/packages/dmkit-phalcon-jwt-auth)[xety/cake3-cookieauth

A simple Cake3 plugin to authenticate users with Cookies.

1954.7k2](/packages/xety-cake3-cookieauth)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)