PHPackages mathieu-bour/guardian - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. mathieu-bour/guardian AbandonedArchivedLibrary[Authentication & Authorization](/categories/authentication) mathieu-bour/guardian ===================== Highly configurable JSON Web Token implementation for Laravel and Lumen. 0.1.0(6y ago)71.6k1[17 PRs](https://github.com/mathieu-bour/guardian/pulls)MITPHPPHP ^7.2 Since Apr 22Pushed 3y ago1 watchersCompare [ Source](https://github.com/mathieu-bour/guardian)[ Packagist](https://packagist.org/packages/mathieu-bour/guardian)[ Docs](https://github.com/mathieu-bour/guardian)[ RSS](/packages/mathieu-bour-guardian/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (18)Versions (26)Used By (0) Guardian ======== [](#guardian) [![GitHub license](https://camo.githubusercontent.com/e1f645b5065cdd19c66c93083afa78d6bcc6a376eadc69137f69c0b2402b5229/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f6d6174686965752d626f75722f677561726469616e3f7374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/e1f645b5065cdd19c66c93083afa78d6bcc6a376eadc69137f69c0b2402b5229/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f6d6174686965752d626f75722f677561726469616e3f7374796c653d666c61742d737175617265)[![Packagist Version](https://camo.githubusercontent.com/137096c5ad7a00d70b51aead45df51bd3bc012e8b2ddaaf20662d4d09ae79061/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6d6174686965752d626f75722f677561726469616e3f7374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/137096c5ad7a00d70b51aead45df51bd3bc012e8b2ddaaf20662d4d09ae79061/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6d6174686965752d626f75722f677561726469616e3f7374796c653d666c61742d737175617265)[![Packagist](https://camo.githubusercontent.com/ead02514a45d03cad4050af3e711a87f75d804ab1781084fb6ef6ba6397b3003/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6d6174686965752d626f75722f677561726469616e3f7374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/ead02514a45d03cad4050af3e711a87f75d804ab1781084fb6ef6ba6397b3003/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6d6174686965752d626f75722f677561726469616e3f7374796c653d666c61742d737175617265)[![GitHub issues](https://camo.githubusercontent.com/116c100ace7e84c026f49ee707bd14c44bcbef9bb2dd99e245e8f08d66830d46/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6973737565732f6d6174686965752d626f75722f677561726469616e3f7374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/116c100ace7e84c026f49ee707bd14c44bcbef9bb2dd99e245e8f08d66830d46/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6973737565732f6d6174686965752d626f75722f677561726469616e3f7374796c653d666c61742d737175617265)[![GitHub pull requests](https://camo.githubusercontent.com/e4d10fc210d4ffd9aad9cd0c154be5272a4eb5c86839c4e3c27ea08363a184fc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6973737565732d70722f6d6174686965752d626f75722f677561726469616e3f7374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/e4d10fc210d4ffd9aad9cd0c154be5272a4eb5c86839c4e3c27ea08363a184fc/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6973737565732d70722f6d6174686965752d626f75722f677561726469616e3f7374796c653d666c61742d737175617265)[![Codecov](https://camo.githubusercontent.com/1aa909f633ddd5c65cbe7fb2bbec5f35730eb4bda6ab0f225c0372e0b683f328/68747470733a2f2f696d672e736869656c64732e696f2f636f6465636f762f632f67682f6d6174686965752d626f75722f677561726469616e3f7374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/1aa909f633ddd5c65cbe7fb2bbec5f35730eb4bda6ab0f225c0372e0b683f328/68747470733a2f2f696d672e736869656c64732e696f2f636f6465636f762f632f67682f6d6174686965752d626f75722f677561726469616e3f7374796c653d666c61742d737175617265)[![Scrutinizer code quality](https://camo.githubusercontent.com/59c3b60843b8d25846c463f4ea02488e8ac26078a16ef27df25b8ee0d1271241/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f7175616c6974792f672f6d6174686965752d626f75722f677561726469616e3f7374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/59c3b60843b8d25846c463f4ea02488e8ac26078a16ef27df25b8ee0d1271241/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f7175616c6974792f672f6d6174686965752d626f75722f677561726469616e3f7374796c653d666c61742d737175617265) Highly configurable JSON Web Token implementation for Laravel and Lumen. Guardian exposes an additional authentication `guardian` driver, which can be used like the standard `session` or `token` drivers. Guardian follows the [Semantic Versioning specification](https://semver.org). ❗ **The `master` branch should not be considered stable prior to the 1.0.0 release.** ❗ Motivations ----------- [](#motivations) Our company based its back-end on the Lumen Framework and we needed a stateless identification and authentication method. We chose to use the JSON Web Tokens which combines security and ease. While some libraries exist like [tymondesigns/jwt-auth](https://github.com/tymondesigns/jwt-auth) or [laravel/passport](https://github.com/laravel/passport), they did not meet our requirements. Indeed, we wanted to have control over the cryptographic algorithms of the keys as well as to be able to use several of them. After careful consideration, we decided to develop our own JWT library for Lumen which was later ported to Laravel and shared open-source. Acknowledgements ---------------- [](#acknowledgements) - Rafhael Cedeno and [Laura Bannier](https://www.linkedin.com/in/laura-bannier/) for their English reviews - JWT cryptography implementation by [`web-token`](https://github.com/web-token/jwt-framework) - Benchmarks ran using [PHPBench](https://github.com/phpbench/phpbench) - Documentation generated by [VuePress](https://vuepress.vuejs.org/) - Tests ran using [PHPUnit](https://phpunit.de/) and [Mockery](https://github.com/mockery/mockery) Prerequisites ------------- [](#prerequisites) - PHP >= 7.2 - Laravel/Lumen 6 or 7 Installation ------------ [](#installation) Simply add Guardian to your project dependencies. ``` composer require mathieu-bour/guardian ``` Depending on the [algorithm](https://mathieu-bour.github.io/guardian/reference/configuration.html#key) you want to use, install the corresponding cryptographic library: AlgorithmLibraryRequired PHP extensionsECDSA`web-token/jwt-signature-algorithm-ecdsa`opensslEdDSA`web-token/jwt-signature-algorithm-eddsa`sodiumHMAC`web-token/jwt-signature-algorithm-hmac`n/aRSA`web-token/jwt-signature-algorithm-rsa`openssl, gmpIf you do not know which algorithm to choose, we recommend `ECDSA` with the `ES512` algorithm and the `P-521` curve. ### Laravel [](#laravel) Publish the default Guardian configuration: ``` php artisan vendor:publish --provider="Windy\Guardian\GuardianServiceProvider" ``` ### Lumen [](#lumen) Copy the default Guardian configuration from `vendor/mathieu-bour/guardian/config/guardian.php` to `config/guardian.php`. Then, add the provider to your `bootstrap/app.php` and load the configuration with: ``` $app->configure('guardian'); $app->register(Windy\Guardian\GuardianServiceProvider::class); ``` If you want to use the `Guardian` Facade, ensure that the application is loaded with Facades in your `bootstrap/app.php`. ``` $app->withFacades(); ``` Next steps ---------- [](#next-steps) - Learn more about [JWT](https://mathieu-bour.github.io/guardian/reference/jwt) - Read the [configuration](https://mathieu-bour.github.io/guardian/reference/configuration) reference - Read our [tutorial on users authentication](https://mathieu-bour.github.io/guardian/case-studies/authentication) Alternatives ------------ [](#alternatives) Here, we humbly refer to the alternatives to Guardian that we found interesting. ### [laravel/passport](https://github.com/laravel/passport) [](#laravelpassport) Passport is the official Laravel library which supports JWT authentication. > Laravel makes API authentication a breeze using Laravel Passport, which provides a full OAuth2 server implementation for your Laravel application in a matter of minutes. ### [tymondesigns/jwt-auth](https://github.com/tymondesigns/jwt-auth) [](#tymondesignsjwt-auth) jwt-auth is a worthwhile alternative to Guardian which provides a higher-level API, such as authenticating users directly from the request credentials via a Facade. jwt-auth also provides a way to blacklist the generated tokens whereas Guardian leaves the implementation to the developer. If you are looking for a simpler way to use JWT, we highly recommend that you take a look to this library! ### Health Score 28 — LowBetter than 54% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity21 Limited adoption so far Community10 Small or concentrated contributor base Maturity51 Maturing project, gaining track record Bus Factor1 Top contributor holds 97.2% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~3 days Total 8 Last Release 2192d ago PHP version history (2 changes)0.1.0-beta.1PHP ^7.2.5 0.1.0-rc.1PHP ^7.2 ### Community Maintainers ![](https://www.gravatar.com/avatar/73c2dfce49dda5261f96316534da32fe654b5318a85049d85b651bdda2aeb167?d=identicon)[Mathieu Bour](/maintainers/Mathieu%20Bour) --- Top Contributors [![matbour](https://avatars.githubusercontent.com/u/21281702?v=4)](https://github.com/matbour "matbour (35 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (1 commits)") --- Tags authenticationjwsjwtlaravellumenphpjwtlaravelJWSAuthenticationlumen ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/mathieu-bour-guardian/health.svg) ``` [![Health](https://phpackages.com/badges/mathieu-bour-guardian/health.svg)](https://phpackages.com/packages/mathieu-bour-guardian) ``` ### Alternatives [tymon/jwt-auth JSON Web Token Authentication for Laravel and Lumen 11.5k49.1M350](/packages/tymon-jwt-auth)[php-open-source-saver/jwt-auth JSON Web Token Authentication for Laravel and Lumen 8359.8M53](/packages/php-open-source-saver-jwt-auth)[laragear/two-factor On-premises 2FA Authentication for out-of-the-box. 339785.3k8](/packages/laragear-two-factor)[alajusticia/laravel-logins Session management in Laravel apps, user notifications on new access, support for multiple separate remember tokens, IP geolocation, User-Agent parser 2011.0k](/packages/alajusticia-laravel-logins) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)