PHPackages morozovsk/simplejwt - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. morozovsk/simplejwt ActiveLibrary[Authentication & Authorization](/categories/authentication) morozovsk/simplejwt =================== An simple JSON Web Token library for PHP. v0.5.0(5y ago)04BSD-3-ClausePHPPHP ^5.4 || ^7.1 Since Sep 10Pushed 5y agoCompare [ Source](https://github.com/morozovsk/simplejwt)[ Packagist](https://packagist.org/packages/morozovsk/simplejwt)[ Docs](https://github.com/kelvinmo/simplejwt)[ RSS](/packages/morozovsk-simplejwt/feed)WikiDiscussions master Synced today READMEChangelog (1)Dependencies (3)Versions (18)Used By (0) SimpleJWT ========= [](#simplejwt) SimpleJWT is a simple JSON web token library written in PHP. [![Latest Stable Version](https://camo.githubusercontent.com/e0561aaf32baa8aa3d5afb5f958ff78c2634eaab33943456c02772bfd44e66fc/68747470733a2f2f706f7365722e707567782e6f72672f6b656c76696e6d6f2f73696d706c656a77742f762f737461626c65)](https://packagist.org/packages/kelvinmo/simplejwt)[![Build Status](https://camo.githubusercontent.com/717fb53c83759247a9cd2c1309ccf4f2c4c0b85bccd45040ec69928aa64f2e6e/68747470733a2f2f7472617669732d63692e6f72672f6b656c76696e6d6f2f73696d706c656a77742e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/kelvinmo/simplejwt) Features -------- [](#features) - JSON web token [RFC7519](http://tools.ietf.org/html/rfc7519), JSON web signatures [RFC7515](http://tools.ietf.org/html/rfc7515)and JSON web encryption [RFC7516](http://tools.ietf.org/html/rfc7516) - JSON web keys [RFC7517](http://tools.ietf.org/html/rfc7517) - Signature algorithms - HMAC family (HS256, HS384, HS512) - RSA family (RS256, RS384, RS512) - ECDSA family (ES256, ES384, ES512) - Key management algorithms - Key agreement or direct encryption - RSAES-PKCS1-v1\_5 (RSA1\_5) - RSAES with OAEP (RSA-OAEP, RSA-OAEP-256) - AES key wrap (A128KW, A192KW, A256KW) - PBES2 (PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW) - Content encryption algorithms - AES\_CBC\_HMAC\_SHA2 family (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) Requirements ------------ [](#requirements) - PHP: - PHP 7.1.0 or later; or - PHP 5.4.0 or later - `hash` extension - `openssl` extension Installation ------------ [](#installation) You can install via [Composer](http://getcomposer.org/). ``` { "require": { "kelvinmo/simplejwt": "0.3.*" } } ``` Usage ----- [](#usage) ### Key set [](#key-set) Keys used to sign or verify a JWT must firstly be added to a KeySet. You can add keys in the following ways: 1. By loading a JSON object formatted as a JWK Set object as per [RFC7517](http://tools.ietf.org/html/rfc7517): ``` $set = new SimpleJWT\Keys\KeySet(); $set->load(file_get_contents('private.json')); ``` 2. By adding a key manually: ``` $set = new SimpleJWT\Keys\KeySet(); // JWK format $key = new SimpleJWT\Keys\RSAKey(file_get_contents('jwk.json'), 'json'); // PEM format - note raw key only, no X.509 certificates $key = new SimpleJWT\Keys\RSAKey(file_get_contents('rsa.pem'), 'pem'); $set->add($key); ``` 3. For a secret used in HMAC signatures, directly: ``` $set = SimpleJWT\Keys\KeySet::createFromSecret('secret123'); // The above is a shortcut for the following: $set = new SimpleJWT\Keys\KeySet(); $key = new SimpleJWT\Keys\SymmetricKey('secret123', 'bin'); $set->add($key); ``` ### Creating a JWT [](#creating-a-jwt) To create a JWT, set up the desired headers and claims as separate arrays, then create a `JWT` object: ``` // Note $headers['alg'] is required $headers = ['alg' => 'HS256', 'typ' => 'JWT']; $claims = ['iss' => 'me', 'exp' => 1234567]; $jwt = new SimpleJWT\JWT($headers, $claims); ``` The JWT can then be signed and encoded: ``` try { print $jwt->encode($set); } catch (\RuntimeException $e) { } ``` By default, SimpleJWT will automatically include a `kid` (Key ID) header and a `iat` (Issued At) claim in all JWTs. If the key used to sign the JWT does not have a `kid` assigned (e.g. if it is imported from a PEM file), a `kid`is generated. You can disable this behaviour by specifying `$auto_complete`to false when calling `SimpleJWT\JWT::encode()`. ### Verifying a JWT [](#verifying-a-jwt) To consume and verify a JWT, use the decode function. Note that you will need to supply the expected `alg` parameter that has been previously agreed out-of-band. ``` try { $jwt = SimpleJWT\JWT::decode('abc.def.ghigjghr', $set, 'HS256'); } catch (SimpleJWT\InvalidTokenException $e) { } print $jwt->getHeader('alg'); print $jwt->getClaim('sub'); ``` ### Deserialising a JWT [](#deserialising-a-jwt) You can also deserialise a JWT without verifying it using the deserialise function. **Note that you should not trust the contents of the data contained in a JWT without verifying them.** ``` try { list($headers, $claims, $signing_input, $signature) = SimpleJWT\JWT::deserialise('abc.def.ghigjghr'); } catch (SimpleJWT\InvalidTokenException $e) { } print $header['alg']; print $header['sub']; print $signing_input; // abc.def print $signature; // ghigjghr ``` ### Creating a JWE [](#creating-a-jwe) To create a JWE, set up the desired header array and plaintext, then create a `JWE` object: ``` // Note $headers['alg'] and $headers['enc'] are required $headers = ['alg' => 'PBES2-HS256+A128KW', 'enc' => 'A128CBC-HS256']; $plaintext = 'This is the plaintext I want to encrypt.'; $jwt = new SimpleJWT\JWE($headers, $plaintext); ``` The JWE can then be encrypted: ``` try { print $jwt->encrypt($set); } catch (\RuntimeException $e) { } ``` ### Decrypting a JWE [](#decrypting-a-jwe) To decrypt a JWE, use the decrypt function: ``` try { $jwt = SimpleJWT\JWE::decrypt('abc.def.ghi.klm.nop', $set, 'PBES2-HS256+A128KW'); } catch (SimpleJWT\InvalidTokenException $e) { } print $jwt->getHeader('alg'); print $jwt->getPlaintext(); ``` Licence ------- [](#licence) BSD 3 clause ### Health Score 24 — LowBetter than 32% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity3 Limited adoption so far Community9 Small or concentrated contributor base Maturity57 Maturing project, gaining track record Bus Factor1 Top contributor holds 98.2% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~121 days Recently: every ~112 days Total 16 Last Release 2075d ago PHP version history (2 changes)v0.1.0PHP >=5.4.0 v0.3.1PHP ^5.4 || ^7.1 ### Community Maintainers ![](https://www.gravatar.com/avatar/5ea6433027f1bd3fd09910b81856e14edcb36493f8f6b176349be1578bc81447?d=identicon)[morozovsk](/maintainers/morozovsk) --- Top Contributors [![kelvinmo](https://avatars.githubusercontent.com/u/1594601?v=4)](https://github.com/kelvinmo "kelvinmo (166 commits)")[![morozovsk](https://avatars.githubusercontent.com/u/1822063?v=4)](https://github.com/morozovsk "morozovsk (2 commits)")[![rockaili](https://avatars.githubusercontent.com/u/17047469?v=4)](https://github.com/rockaili "rockaili (1 commits)") --- Tags jwtJWEJOSE ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/morozovsk-simplejwt/health.svg) ``` [![Health](https://phpackages.com/badges/morozovsk-simplejwt/health.svg)](https://phpackages.com/packages/morozovsk-simplejwt) ``` ### Alternatives [web-token/jwt-framework JSON Object Signing and Encryption library for PHP and Symfony Bundle. 94518.9M76](/packages/web-token-jwt-framework)[kelvinmo/simplejwt A simple JSON Web Token library for PHP. 701.1M14](/packages/kelvinmo-simplejwt)[web-token/jwt-library JWT library 2011.2M83](/packages/web-token-jwt-library)[web-token/jwt-bundle JWT Bundle of the JWT Framework. 132.5M7](/packages/web-token-jwt-bundle)[sop/jwx A PHP library for JSON web tokens (JWT) with signature (JWS) and encryption (JWE) support. 26257.5k1](/packages/sop-jwx) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)