PHPackages marvin255/jwt - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. marvin255/jwt ActiveLibrary[Authentication & Authorization](/categories/authentication) marvin255/jwt ============= Yet another jwt for PHP. v3.0.2(1mo ago)11601MITPHPPHP >=8.3CI passing Since May 4Pushed 1mo ago1 watchersCompare [ Source](https://github.com/marvin255/jwt)[ Packagist](https://packagist.org/packages/marvin255/jwt)[ RSS](/packages/marvin255-jwt/feed)WikiDiscussions master Synced 6d ago READMEChangelog (10)Dependencies (10)Versions (17)Used By (1) JWT === [](#jwt) [![Build Status](https://github.com/marvin255/jwt/workflows/marvin255_jwt/badge.svg)](https://github.com/marvin255/jwt/actions?query=workflow%3A%22marvin255_jwt%22) Simple [JWT](https://tools.ietf.org/html/rfc7519) implementation for PHP. Installation ------------ [](#installation) Install the package via Composer ``` composer req marvin255/jwt ``` Parse token from header ----------------------- [](#parse-token-from-header) ``` use Marvin255\Jwt\JwtFactory; $token = JwtFactory::decoder()->decodeHeader($_SERVER['HTTP_AUTHORIZE']); ``` Validate token -------------- [](#validate-token) ``` use Marvin255\Jwt\JwtFactory; use Marvin255\Jwt\JwtSecretFactory; use Marvin255\Jwt\JwtSignerFactory; use Marvin255\Jwt\Signer\Algorithm; use Marvin255\Jwt\Validator\ExpirationConstraint; use Marvin255\Jwt\Validator\NotBeforeConstraint; use Marvin255\Jwt\Validator\AudienceConstraint; use Marvin255\Jwt\Validator\SignatureConstraint; $publicKey = JwtSecretFactory::create('file:///path/to/public.key'); $signer = JwtSignerFactory::createRsa(Algorithm::RSA_SHA_512, $publicKey); $constraints = [ new ExpirationConstraint(3), // checks that token is not expired with 3s leeway new NotBeforeConstraint(3), // checks nbf header with 3s leeway new AudienceConstraint('my_service'), // checks that token was issued for this service new SignatureConstraint($signer), // checks signature ]; $res = JwtFactory::validator()->validate($token, $constraints); if ($res->isValid()) { echo "token is valid"; } else { var_dump($res->getErrors()); } ``` Retrieve data from token ------------------------ [](#retrieve-data-from-token) ``` // jose params $alg = $token->jose()->alg()->get(); // registered JOSE params have own getters $customParam = $token->jose()->param('custom_jose')->get(); // any custom JOSE param from the payload // claims $iss = $token->claims()->iss()->get(); // registered claims have own getters $customClaim = $token->claims()->param('custom_claim')->get(); // any custom claim from the payload ``` Create new token ---------------- [](#create-new-token) ``` use Marvin255\Jwt\JwtFactory; use Marvin255\Jwt\JwtSecretFactory; use Marvin255\Jwt\JwtSignerFactory; use Marvin255\Jwt\Signer\Algorithm; $privateKey = JwtSecretFactory::create('file:///path/to/private.key'); $signer = JwtSignerFactory::createRsa(Algorithm::RSA_SHA_512, null, $privateKey); $token = JwtFactory::builder() ->setJoseParam('test', 'test') // any custom JOSE param ->setIss('test') // registered claims have own setters ->setClaim('test', 'test') // any custom claim ->signWith($signer) // signer ->build() ; ``` Encode token to string ---------------------- [](#encode-token-to-string) ``` use Marvin255\Jwt\JwtFactory; $tokenString = JwtFactory::encoder()->encode($token); ``` ### Health Score 51 — FairBetter than 96% of packages Maintenance91 Actively maintained with recent releases Popularity13 Limited adoption so far Community13 Small or concentrated contributor base Maturity75 Established project with proven stability Bus Factor1 Top contributor holds 91.3% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~138 days Recently: every ~240 days Total 14 Last Release 44d ago Major Versions v1.1.0 → v2.0.02023-01-09 v2.1.1 → v3.0.02025-05-10 PHP version history (3 changes)v1.0.0-alphaPHP >=8.0 v2.0.0PHP >=8.1 v3.0.0PHP >=8.3 ### Community Maintainers ![](https://www.gravatar.com/avatar/7c29b776ac327dcfcdfc20619a65826ad94a0cb554503386fb080299edfbe3e8?d=identicon)[marvin255](/maintainers/marvin255) --- Top Contributors [![marvin255](https://avatars.githubusercontent.com/u/2802915?v=4)](https://github.com/marvin255 "marvin255 (21 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (2 commits)") --- Tags jwtphpphpjwt ### Code Quality TestsPHPUnit Static AnalysisPsalm Code StylePHP CS Fixer Type Coverage Yes ### Embed Badge ![Health badge](/badges/marvin255-jwt/health.svg) ``` [![Health](https://phpackages.com/badges/marvin255-jwt/health.svg)](https://phpackages.com/packages/marvin255-jwt) ``` ### Alternatives [griffinledingham/php-apple-signin A simple library to decode and parse Apple Sign In client tokens. 2011.9M1](/packages/griffinledingham-php-apple-signin)[hyperf-ext/jwt The Hyperf JWT package. 53134.9k2](/packages/hyperf-ext-jwt)[maicol07/flarum-ext-sso SSO for Flarum 468.3k](/packages/maicol07-flarum-ext-sso) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)