PHPackages lcobucci/jwt-rsassa-pss - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. lcobucci/jwt-rsassa-pss ActiveLibrary[Authentication & Authorization](/categories/authentication) lcobucci/jwt-rsassa-pss ======================= An extension to lcobucci/jwt to handle RSASSA-PSS algorithms 1.1.0(6mo ago)024.1k—0.6%[1 issues](https://github.com/lcobucci/jwt-rsassa-pss/issues)MITPHPPHP ~8.3.0 || ~8.4.0 || ~8.5.0CI passing Since Jan 13Pushed 1mo ago3 watchersCompare [ Source](https://github.com/lcobucci/jwt-rsassa-pss)[ Packagist](https://packagist.org/packages/lcobucci/jwt-rsassa-pss)[ GitHub Sponsors](https://github.com/lcobucci)[ Patreon](https://www.patreon.com/lcobucci)[ RSS](/packages/lcobucci-jwt-rsassa-pss/feed)WikiDiscussions 1.2.x Synced 1mo ago READMEChangelog (2)Dependencies (10)Versions (8)Used By (0) lcobucci/jwt-rsassa-pss ======================= [](#lcobuccijwt-rsassa-pss) Implements JWT PS256/384/512 algorithm for lcobucci/jwt Motivation ---------- [](#motivation) The JWT algorithms PS256, PS384 and PS512 are using a modified padding mechanism that uses randomness and creates different tokens each time. The RSASSA-PSS ([probabilistic signature scheme](https://en.wikipedia.org/wiki/Probabilistic_signature_scheme)) padding algorithm suggests it's security is mathematically proven to relate to the [RSA problem](https://en.wikipedia.org/wiki/RSA_problem). However, this statement alone should not influence your judgement when asked to choose a signature algorithm for a JWT that you create. Consider using an [elliptic curve signature](https://www.scottbrady91.com/jose/jwts-which-signing-algorithm-should-i-use) instead. If however you are required to consume a token signed with a PS algorithm, you have no choice. Implementation details ---------------------- [](#implementation-details) This library offloads the entire handling of cryptographic operations onto phpseclib/phpseclib V3, which is added as a dependency. This dependency utilizes some PHP extensions that will speed up execution times, and fall back to native PHP implementations otherwise: - ext-gmp should be favoured as it greatly speeds up everything. - ext-openssl would be the alternative extension that does the heavy crypto lifting with decent performance. - ext-bcmath can improve performance in some situations, but not all. PhpSecLib offers some [benchmark figures](https://phpseclib.com/docs/speed) - please verify your own performance numbers in case speed is a concern. This library component is intentionally not part of lcobucci/jwt because it would force every user to install this dependency, with marginal benefit, as the PS signatures are rare. Usage ----- [](#usage) In order to install this package, all you'd need is `composer require lcobucci/jwt-rsassa-pss` For a complete dependency tree, it is recommended to also include `composer require lcobucci/jwt` as the code here makes use of the main library, and you will also utilize it's code directly, i.e. using validators, builders, interfaces. ### Health Score 48 — FairBetter than 95% of packages Maintenance79 Regular maintenance activity Popularity27 Limited adoption so far Community13 Small or concentrated contributor base Maturity60 Established project with proven stability Bus Factor1 Top contributor holds 86.6% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~109 days Total 5 Last Release 53d ago PHP version history (2 changes)1.0.0PHP ~8.2.0 || ~8.3.0 || ~8.4.0 1.1.0PHP ~8.3.0 || ~8.4.0 || ~8.5.0 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/201963?v=4)[Luís Cobucci](/maintainers/lcobucci)[@lcobucci](https://github.com/lcobucci) --- Top Contributors [![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4)](https://github.com/renovate[bot] "renovate[bot] (181 commits)")[![Slamdunk](https://avatars.githubusercontent.com/u/152236?v=4)](https://github.com/Slamdunk "Slamdunk (18 commits)")[![SvenRtbg](https://avatars.githubusercontent.com/u/416600?v=4)](https://github.com/SvenRtbg "SvenRtbg (7 commits)")[![lcobucci](https://avatars.githubusercontent.com/u/201963?v=4)](https://github.com/lcobucci "lcobucci (3 commits)") --- Tags jwt ### Code Quality TestsPHPUnit Static AnalysisPHPStan Type Coverage Yes ### Embed Badge ![Health badge](/badges/lcobucci-jwt-rsassa-pss/health.svg) ``` [![Health](https://phpackages.com/badges/lcobucci-jwt-rsassa-pss/health.svg)](https://phpackages.com/packages/lcobucci-jwt-rsassa-pss) ``` ### Alternatives [tymon/jwt-auth JSON Web Token Authentication for Laravel and Lumen 11.5k49.1M350](/packages/tymon-jwt-auth)[php-open-source-saver/jwt-auth JSON Web Token Authentication for Laravel and Lumen 8359.8M53](/packages/php-open-source-saver-jwt-auth)[sizeg/yii2-jwt JWT based on Icobucci 2001.0M7](/packages/sizeg-yii2-jwt)[bizley/jwt JWT integration for Yii 2 67425.3k2](/packages/bizley-jwt)[hyperf-ext/jwt The Hyperf JWT package. 53134.9k2](/packages/hyperf-ext-jwt)[jakub-onderka/openid-connect-php Bare-bones OpenID Connect client 1151.4k](/packages/jakub-onderka-openid-connect-php) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)