PHPackages lgrevelink/php-simple-jwt - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. lgrevelink/php-simple-jwt ActiveLibrary[Authentication & Authorization](/categories/authentication) lgrevelink/php-simple-jwt ========================= Simple package for creating JSON Web Tokens and using them in a PHP application. 1.0.0(3y ago)237.9k↓40.2%11MITPHPPHP >=7.3 Since Jun 3Pushed 4mo agoCompare [ Source](https://github.com/LarsGrevelink/php-simple-jwt)[ Packagist](https://packagist.org/packages/lgrevelink/php-simple-jwt)[ RSS](/packages/lgrevelink-php-simple-jwt/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (5)Dependencies (1)Versions (10)Used By (1) PHP Simple JWT ============== [](#php-simple-jwt) [![Test Suite Status](https://github.com/larsgrevelink/php-simple-jwt/workflows/Test%20Suite/badge.svg)](https://github.com/larsgrevelink/php-simple-jwt)[![Total Downloads](https://camo.githubusercontent.com/dd9d7f9584c4550cc745cff41923e38a69876778ec81e26933b5a5520051e139/68747470733a2f2f706f7365722e707567782e6f72672f6c67726576656c696e6b2f7068702d73696d706c652d6a77742f642f746f74616c2e737667)](https://packagist.org/packages/lgrevelink/php-simple-jwt)[![Latest Stable Version](https://camo.githubusercontent.com/adb706012c0abb99c6bb39e152664e719ca31c7d69058486e1250b24784ce3a4/68747470733a2f2f706f7365722e707567782e6f72672f6c67726576656c696e6b2f7068702d73696d706c652d6a77742f762f737461626c652e737667)](https://packagist.org/packages/lgrevelink/php-simple-jwt)[![License](https://camo.githubusercontent.com/75a9df3c2c464e168f5c6d94281bdda2dcb599e928d95705df0a44073c1ac684/68747470733a2f2f706f7365722e707567782e6f72672f6c67726576656c696e6b2f7068702d73696d706c652d6a77742f6c6963656e73652e737667)](https://github.com/larsgrevelink/php-simple-jwt) Simple package for encoding and decoding JSON Web Tokens (JWT) and using them in a PHP application. More information can be found in [RFC 7519](https://tools.ietf.org/html/rfc7519). Supported encryption methods; HMACRSAECDSARSASSA-PSS✅ HS256✅ RS256✕ ES256✕ PS256✅ HS384✅ RS384✕ ES384✕ PS384✅ HS512✅ RS512✕ ES512✕ PS512Installation ------------ [](#installation) ``` composer require lgrevelink/php-simple-jwt ``` Example ------- [](#example) Basic unsigned JWT but please, **always sign your tokens**. ``` use LGrevelink\SimpleJWT\Token; $token = new Token([ 'custom' => 'payload', ]); $token->toString(); // > eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJjdXN0b20iOiJwYXlsb2FkIn0. ``` Example with blueprints ----------------------- [](#example-with-blueprints) Blueprints make generating and validating the already created tokens easier. They act as an abstract version of your actual token and will set up all the general claims when defined. ``` use LGrevelink\SimpleJWT\TokenBlueprint; class MyToken extends TokenBlueprint { protected static $audience = 'GitHub users'; protected static $expirationTime = 3600; protected static $issuedAt = 0; protected static $issuer = 'Developer'; protected static $subject = 'Blueprint example'; } $token = MyToken::generate([ /* Custom claims */ ]); $token->toString(); // > eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiJHaXRIdWIgdXNlcnMiLCJleHAiOjE1NTk1NzkwNzgsImlhdCI6MTU1OTU3NTQ3OCwiaXNzIjoiRGV2ZWxvcGVyIiwic3ViIjoiQmx1ZXByaW50IGV4YW1wbGUifQ. MyToken::validate($token); // > true ``` All date-related parameters in the blueprints are treated relative to the current time on the system. Signing & verifying ----------------------- [](#signing--verifying) ### HMAC [](#hmac) ``` use LGrevelink\SimpleJWT\Token; use LGrevelink\SimpleJWT\Signing\Hmac\HmacSha256; $token = new Token(); $token->sign(new HmacSha256(), 'signing secret'); $token->toString(); // > eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.W10.o5-rpJi4_bEYcIWisa6qD7rFX6fk4Jh0FfNyOTmDbsI $token->verify(new HmacSha256(), 'signing secret'); // true ``` ### RSA [](#rsa) ``` use LGrevelink\SimpleJWT\Signing\Rsa\Keys\PrivateKey; use LGrevelink\SimpleJWT\Signing\Rsa\Keys\PublicKey; use LGrevelink\SimpleJWT\Signing\Rsa\RsaSha256; use LGrevelink\SimpleJWT\Token; $privateKey = new PrivateKey('private_rsa.pem'); $token = new Token(); $token->sign(new RsaSha256($privateKey), 'possible passphrase'); $token->toString(); // > eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.W10.Tsm8x3WxQUa12n2FedJIHlObnLZBbPF_IczvcTAt25ZIaJlYOuka8S5GzdmJ6ZfD5UiHLTgbJG0pdpSwdnsKg44TyWj5Yl19qx6ddDKcfQxk7zaPTy6kDaCi5Hl6yC0WiXjgnvolD9Hp8fBYoYmcer-V0cFr50Ee9SfBuIejQPddlGvx7EfjZ0yIVNuxBD7Uzimio3VacomolpFAmJHPqLLSfrHKI9ITncyg9U_IpnwHcBUe3BBeHEUzeL8k9nvUKZof5vIAGsZ7o3xi0NbOMfYw5DhP8jCTgjKlqMfxlQVRI8cNPj852qfrf8CzYHvYuR_7uN1s8a_ooBfHjOxeYg $publicKey = new PublicKey('public_rsa.pem'); $token->verify(new RsaSha256(null, $publicKey)); // true ``` ### Through blueprints [](#through-blueprints) The signature can also be attached to a `TokenBlueprint` to keep everything contained in the blueprint instead of somewhere in application code. ``` use LGrevelink\SimpleJWT\TokenBlueprint; use LGrevelink\SimpleJWT\TokenSignature; use LGrevelink\SimpleJWT\Signing\Hmac\HmacSha256; class MyToken extends TokenBlueprint { // ... public function signature($key) { return new TokenSignature(new HmacSha256(), $key); } } $token = MyToken::generate([ 'custom-claim' => 'data' ])->signature(MyToken::signature('some-key')); // or $token = MyToken::generateAndSign([ 'custom-claim' => 'data' ], 'some-key'); // or $token = MyToken::sign( SignatureBlueprintMock::generate([ 'custom-claim' => 'data' ]), 'some-key' ); ``` All arguments after the first for `TokenBlueprint::generateAndSign` and `TokenBlueprint::sign` will be proxied to the `TokenBlueprint::signature` method so they can be used there. All of the methods can be used seperately or combined to fit the implementation to your needs. Parsing tokens -------------- [](#parsing-tokens) This part should be easy as 🍰. Just throw in your stringified token and it should be ready to use after parsing. If the given token or a part of the token cannot be properly parsed or decoded, an `InvalidFormatException` is thrown. ``` use LGrevelink\SimpleJWT\Token; $token = Token::parse('eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.W10.o5-rpJi4_bEYcIWisa6qD7rFX6fk4Jh0FfNyOTmDbsI'); ``` Tests ----- [](#tests) Tests are written with PHPUnit and can be run via the following composer command; ``` composer run test ``` ### Health Score 42 — FairBetter than 90% of packages Maintenance52 Moderate activity, may be stable Popularity32 Limited adoption so far Community9 Small or concentrated contributor base Maturity60 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~173 days Recently: every ~288 days Total 8 Last Release 1330d ago Major Versions 0.4.0 → 1.0.02022-09-26 PHP version history (2 changes)0.1.0PHP >=7.1 1.0.0PHP >=7.3 ### Community Maintainers ![](https://www.gravatar.com/avatar/8b94a0369dd7815f25856019b12c61d519816d84af15a34186bb3cb8c6bb65f5?d=identicon)[lgrevelink](/maintainers/lgrevelink) --- Top Contributors [![LarsGrevelink](https://avatars.githubusercontent.com/u/1597445?v=4)](https://github.com/LarsGrevelink "LarsGrevelink (35 commits)") --- Tags composer-packagejwtjwt-tokensphp ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/lgrevelink-php-simple-jwt/health.svg) ``` [![Health](https://phpackages.com/badges/lgrevelink-php-simple-jwt/health.svg)](https://phpackages.com/packages/lgrevelink-php-simple-jwt) ``` ### Alternatives [bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth)[beatswitch/lock A flexible, driver based Acl package for PHP 5.4+ 870304.7k2](/packages/beatswitch-lock)[amocrm/amocrm-api-library amoCRM API Client 182728.5k6](/packages/amocrm-amocrm-api-library)[vonage/jwt A standalone package for creating JWTs for Vonage APIs 424.1M4](/packages/vonage-jwt) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)