PHPackages marten-cz/nette-jwt-user-storage - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. marten-cz/nette-jwt-user-storage ActiveLibrary[Authentication & Authorization](/categories/authentication) marten-cz/nette-jwt-user-storage ================================ Nette IUserStorage implementation using JWT instead of sessions. v2.1.0(6y ago)08MITPHPPHP >=7.2 Since Aug 20Pushed 4y ago1 watchersCompare [ Source](https://github.com/marten-cz/nette-jwt-user-storage)[ Packagist](https://packagist.org/packages/marten-cz/nette-jwt-user-storage)[ RSS](/packages/marten-cz-nette-jwt-user-storage/feed)WikiDiscussions master Synced 3d ago READMEChangelogDependencies (6)Versions (9)Used By (0) nette-jwt-user-storage ====================== [](#nette-jwt-user-storage) [![Latest Stable Version](https://camo.githubusercontent.com/abbce24050f2b30d27a9716f6d864290b54b8ff68a8da26974bc76238b31c285/68747470733a2f2f706f7365722e707567782e6f72672f6b6c696d6573662f6e657474652d6a77742d757365722d73746f726167652f76657273696f6e)](https://packagist.org/packages/marten-cz/nette-jwt-user-storage) [![JWT](https://camo.githubusercontent.com/794a7e938f720a3dfb2865db867b4bf087abbafd2d93f54766def6c075534c4e/687474703a2f2f6a77742e696f2f6173736574732f62616467652d636f6d70617469626c652e737667)](http://jwt.io/) Nette IUserStorage implementation using JWT access token instead of PHP sessions. > Disclaimer: If you don't know what JWT is, please refer to [JWT draft](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32) or to [JWT homepage](http://jwt.io/). On user login, the application stores `jwt_access_token` cookie instead of bad old `PHPSESSID` one. The cookie contains an encoded JWT signed by the application. The user authentication is then based on verifying the JWT rather than the session. > Warning: CSRF protection rules still apply! This means you no longer need to solve PHP session implementation, scaling and testing problems. All the things that you would normally store in the `SessionStorage` can be stored in a key-value storage, where the JWT is a key. This also means your application is ready to become SPA in the future. :) Configuration ------------- [](#configuration) Register the extension in your `config.neon`. ``` extensions: jwtUserStorage: Marten\Nette\JwtStorage\DI\JWTUserStorageExtension ``` Then configure its required properties. ``` JWTUserStorage: privateKey: 'secret-cat' # this secret is used to sign the JWT algorithm: 'HS256' # this is the signing algorithm ``` Both the JWT and the cookie in which it's stored is by default set to expire in 20 days. If you want to fiddle with expiration time, use `expiration` option: ``` JWTUserStorage: expiration: 20 days # sets JWT and cookie expiration time to 20 days (this is the default option) expiration: 20 minutes # sets JWT and cookie expiration time to 20 minutes expiration: false # sets JWT and cookie to never expire ``` By default, `jti` and `iat` (see [JWT draft](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32)) are added to your JWTs. If you don't want to use them, set `generateJti` and `generateIat` options to false. ``` JWTUserStorage: generateJti: false # disables jti generation for your JWT access tokens generateIat: false # disables iat generation for your JWT access tokens ``` If you want to define your own `Nette\Security\IIdentity` serializer, which serializes your identity implementation into the JWT body, you can implement `Marten\Nette\JwtStorage\\IIdentitySerializer` ``` namespace Your\Own; class IdentitySerializer implements \Marten\Nette\JwtStorage\Security\IIdentitySerializer { // ... } ``` and register it in configuration. ``` JWTUserStorage: identitySerializer: Your\Own\IdentitySerializer ``` And that's it, you're ready to go! Known issues ------------ [](#known-issues) - If you are developing an app with JWT User Storage and you still see `PHPSESSID` in your cookies, it's probably because [Tracy\\Tracy](https://github.com/tracy/tracy) uses it. Discussion threads ------------------ [](#discussion-threads) - Czech discussion thread on [Nette Forum](https://forum.nette.org/cs/24081-nette-jwt-user-storage-dejte-sbohem-php-session#p161518) Literature ---------- [](#literature) - [Stormpath: Where to store JWTs](https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage/) - [Reddit: JWT vs session cookies](https://www.reddit.com/r/webdev/comments/3afcs9/jwt_vs_session_cookies_authentication/) - [Dev Kimchi](http://devkimchi.com/1622/can-json-web-token-jwt-be-an-alternative-for-session/) - [JTI Generation](https://github.com/bshaffer/oauth2-server-php/issues/265) ### Health Score 27 — LowBetter than 49% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity4 Limited adoption so far Community11 Small or concentrated contributor base Maturity63 Established project with proven stability Bus Factor1 Top contributor holds 68.3% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~285 days Recently: every ~427 days Total 7 Last Release 2209d ago Major Versions v0.2.0 → v1.0.02015-08-21 v1.1.0 → v2.0.02020-03-30 PHP version history (2 changes)v1.0.0PHP >= 5.4.0 v2.0.0PHP >=7.2 ### Community Maintainers ![](https://www.gravatar.com/avatar/557fe3fb5c3fb03ff35111f8b8ca28f55293c4779a7c60c0f5135dd331370a02?d=identicon)[marten](/maintainers/marten) --- Top Contributors [![klimesf](https://avatars.githubusercontent.com/u/5357636?v=4)](https://github.com/klimesf "klimesf (28 commits)")[![slepic](https://avatars.githubusercontent.com/u/8199404?v=4)](https://github.com/slepic "slepic (8 commits)")[![marten-cz](https://avatars.githubusercontent.com/u/582397?v=4)](https://github.com/marten-cz "marten-cz (4 commits)")[![gitter-badger](https://avatars.githubusercontent.com/u/8518239?v=4)](https://github.com/gitter-badger "gitter-badger (1 commits)") ### Code Quality Static AnalysisPsalm Type Coverage Yes ### Embed Badge ![Health badge](/badges/marten-cz-nette-jwt-user-storage/health.svg) ``` [![Health](https://phpackages.com/badges/marten-cz-nette-jwt-user-storage/health.svg)](https://phpackages.com/packages/marten-cz-nette-jwt-user-storage) ``` ### Alternatives [google/auth Google Auth Library for PHP 1.4k272.7M162](/packages/google-auth)[thenetworg/oauth2-azure Azure Active Directory OAuth 2.0 Client Provider for The PHP League OAuth2-Client 2509.6M48](/packages/thenetworg-oauth2-azure)[stevenmaguire/oauth2-keycloak Keycloak OAuth 2.0 Client Provider for The PHP League OAuth2-Client 2275.9M27](/packages/stevenmaguire-oauth2-keycloak)[robsontenorio/laravel-keycloak-guard 🔑 Simple Keycloak Guard for Laravel 5161.1M3](/packages/robsontenorio-laravel-keycloak-guard)[patrickbussmann/oauth2-apple Sign in with Apple OAuth 2.0 Client Provider for The PHP League OAuth2-Client 1132.5M6](/packages/patrickbussmann-oauth2-apple)[wp-graphql/wp-graphql-jwt-authentication JWT Authentication for WPGraphQL 361118.4k1](/packages/wp-graphql-wp-graphql-jwt-authentication) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)