PHPackages lithemod/jwt - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. lithemod/jwt ActiveLibrary[Authentication & Authorization](/categories/authentication) lithemod/jwt ============ A lightweight JWT authentication library for Lithe framework, providing secure token generation, validation, and middleware integration. v1.0.0(1y ago)06MITPHP Since Nov 2Pushed 1y agoCompare [ Source](https://github.com/lithemod/jwt)[ Packagist](https://packagist.org/packages/lithemod/jwt)[ RSS](/packages/lithemod-jwt/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (4)Versions (2)Used By (0) Lithe Auth JWT ============== [](#lithe-auth-jwt) The JWT middleware for Lithe is responsible for user authentication, providing secure token generation, validation, and revocation. 1. Installing the JWT Middleware -------------------------------- [](#1-installing-the-jwt-middleware) To use the JWT middleware in Lithe, install via Composer: ``` composer require lithemod/jwt ``` 2. Configuring the JWT Middleware --------------------------------- [](#2-configuring-the-jwt-middleware) You can use the middleware directly in your routes. Here's how: ### Configuration Example: [](#configuration-example) ``` use Lithe\Auth\JWT; // Route configuration with JWT $app->get('/protected', new JWT('your-secret-key', 'HS256', 3600), function ($req, $res) { return $res->send('Access granted!'); }); ``` 3. Using JWT Tokens ------------------- [](#3-using-jwt-tokens) ### 3.1 Generating a JWT Token [](#31-generating-a-jwt-token) Generate a JWT token for an authenticated user. The token will contain relevant information such as user ID and role. ``` $app->post('/login', function ($req, $res) { $user = ['id' => 1, 'role' => 'admin', 'email' => 'user@example.com']; // Example user $token = (new JWT())->generateToken($user); return $res->send(['token' => $token]); }); ``` ### 3.2 Validating a JWT Token [](#32-validating-a-jwt-token) Use the JWT middleware to protect routes. The middleware will check the token validity on each request. ``` $app->get('/protected-route', new JWT(), function ($req, $res) { return $res->send('Access to protected route.'); }); ``` ### 3.3 Revoking a Token [](#33-revoking-a-token) Revoke a token when a user logs out. This ensures the token can no longer be used. ``` $app->post('/logout', function ($req, $res) { $token = $req->header('Authorization'); (new JWT())->revokeToken($token); return $res->send('Token revoked.'); }); ``` ### 3.4 Refreshing a Token [](#34-refreshing-a-token) Implement an endpoint for token refresh, allowing users to obtain a new token without needing to log in again. ``` $app->post('/refresh', function ($req, $res) { $token = $req->header('Authorization'); $newToken = (new JWT())->refreshToken($token); return $res->send(['token' => $newToken]); }); ``` ### 3.5 Retrieving User Data from the Token [](#35-retrieving-user-data-from-the-token) Extract user information from the JWT for use in protected routes. ``` $app->get('/user', new JWT(), function ($req, $res) { return $res->send($req->user); }); ``` ### 3.6 Validating a Token without Decoding [](#36-validating-a-token-without-decoding) Validate a token without fully decoding it. This can be useful for quickly checking the authenticity of a token. ``` $app->post('/validate', function ($req, $res) { $token = $req->header('Authorization'); $isValid = (new JWT())->validateToken($token); return $res->send(['valid' => $isValid]); }); ``` 4. Methods of the JWT Class --------------------------- [](#4-methods-of-the-jwt-class) ### 4.1 `__construct()` [](#41-__construct) **Description**: Initializes the JWT class with a secret key, algorithm, and expiration time. **Parameters**: - `$secretKey`: Secret key for encoding/decoding. - `$algorithm`: Algorithm for signing the token. - `$expirationTime`: Token expiration time in seconds. ### 4.2 `__invoke()` [](#42-__invoke) **Description**: Middleware to check the JWT in a request. **Parameters**: - `$req`: The HTTP request. - `$res`: The HTTP response. - `$next`: Next middleware function to call. ### 4.3 `generateToken()` [](#43-generatetoken) **Description**: Generates a new JWT token for a user. **Parameters**: - `$user`: User data to encode in the token. ### 4.4 `revokeToken()` [](#44-revoketoken) **Description**: Revokes a JWT token by adding it to the revoked list. **Parameters**: - `$token`: The token to revoke. ### 4.5 `isTokenRevoked()` [](#45-istokenrevoked) **Description**: Checks if a token has been revoked. **Parameters**: - `$token`: The token to check. ### 4.6 `refreshToken()` [](#46-refreshtoken) **Description**: Updates an expired JWT token by generating a new one. **Parameters**: - `$token`: The token to refresh. ### 4.7 `getUserFromToken()` [](#47-getuserfromtoken) **Description**: Retrieves user data from a JWT token. **Parameters**: - `$token`: The token from which to get user data. ### 4.8 `validateToken()` [](#48-validatetoken) **Description**: Validates a JWT token without decoding it. **Parameters**: - `$token`: The token to validate. Final Considerations -------------------- [](#final-considerations) - **Token Revocation**: The middleware supports token revocation. - **Error Handling**: Validation errors and token expiration are automatically handled, returning appropriate messages to the client. ### Health Score 23 — LowBetter than 27% of packages Maintenance38 Infrequent updates — may be unmaintained Popularity4 Limited adoption so far Community6 Small or concentrated contributor base Maturity38 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 562d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/56173de3a7bf7099dd8168efd730d3c2fb5df5174a123fdc37cee8c3589e2345?d=identicon)[williamhumbwavali](/maintainers/williamhumbwavali) --- Top Contributors [![williamhumbwavali](https://avatars.githubusercontent.com/u/127023095?v=4)](https://github.com/williamhumbwavali "williamhumbwavali (1 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/lithemod-jwt/health.svg) ``` [![Health](https://phpackages.com/badges/lithemod-jwt/health.svg)](https://phpackages.com/packages/lithemod-jwt) ``` ### Alternatives [google/auth Google Auth Library for PHP 1.4k272.7M162](/packages/google-auth)[thenetworg/oauth2-azure Azure Active Directory OAuth 2.0 Client Provider for The PHP League OAuth2-Client 2509.6M48](/packages/thenetworg-oauth2-azure)[stevenmaguire/oauth2-keycloak Keycloak OAuth 2.0 Client Provider for The PHP League OAuth2-Client 2275.9M27](/packages/stevenmaguire-oauth2-keycloak)[robsontenorio/laravel-keycloak-guard 🔑 Simple Keycloak Guard for Laravel 5161.1M3](/packages/robsontenorio-laravel-keycloak-guard)[patrickbussmann/oauth2-apple Sign in with Apple OAuth 2.0 Client Provider for The PHP League OAuth2-Client 1132.5M6](/packages/patrickbussmann-oauth2-apple)[wp-graphql/wp-graphql-jwt-authentication JWT Authentication for WPGraphQL 361118.4k1](/packages/wp-graphql-wp-graphql-jwt-authentication) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)