PHPackages musa11971/php-jwt-decoder - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. musa11971/php-jwt-decoder AbandonedArchivedLibrary[Authentication & Authorization](/categories/authentication) musa11971/php-jwt-decoder ========================= A lightweight and flexible library to decode JWTs. 1.0(6y ago)2912[1 PRs](https://github.com/musa11971/php-jwt-decoder/pulls)MITPHPPHP ^7.3CI failing Since Feb 27Pushed 5y ago1 watchersCompare [ Source](https://github.com/musa11971/php-jwt-decoder)[ Packagist](https://packagist.org/packages/musa11971/php-jwt-decoder)[ Docs](https://github.com/musa11971/php-jwt-decoder)[ RSS](/packages/musa11971-php-jwt-decoder/feed)WikiDiscussions master Synced 5d ago READMEChangelog (1)Dependencies (2)Versions (2)Used By (0) [![](.github/logo.png)](.github/logo.png) [![Latest version on packagist](https://camo.githubusercontent.com/3c0879dcece74318ce12b603c7a640321feb11515558f26cd67696b333aee0a2/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6d75736131313937312f7068702d6a77742d6465636f6465722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/musa11971/php-jwt-decoder)[![GitHub Tests Action Status](https://camo.githubusercontent.com/cb3263f428abc4605486b429abff4b699ab3f402208c92f77570ea5b164792e1/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f776f726b666c6f772f7374617475732f6d75736131313937312f7068702d6a77742d6465636f6465722f72756e2d74657374733f6c6162656c3d7465737473)](https://github.com/musa11971/php-jwt-decoder/actions?query=workflow%3Arun-tests+branch%3Amaster)[![Total downloads](https://camo.githubusercontent.com/2e6af68a57f6457ad46a5ffb763ddb2e9a08eab552e40ee43c9353742c941992/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6d75736131313937312f7068702d6a77742d6465636f6465722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/musa11971/php-jwt-decoder) *lightweight and easy to use. what more could you want* Easily decode JWT ================= [](#easily-decode-jwt) This lightweight PHP library helps you decode and verify JSON Web Tokens easily. ``` $payload = JWTDecoder::token($jwt) ->withKey($publicKey) ->decode(); ``` Installation ------------ [](#installation) You can install the library via composer: ``` composer require musa11971/php-jwt-decoder ``` Usage ----- [](#usage) ### Basic decoding [](#basic-decoding) Pass on your JWT and (public) key (e.g. PEM) as strings. ``` $payload = JWTDecoder::token($jwt) ->withKey($key) ->decode(); ``` ### Decoding with multiple keys [](#decoding-with-multiple-keys) You may have multiple potential keys, one of which is the correct one for the JWT. This library allows you to simply pass on all the keys, and it will try every key until the signature is verified. Do note that if none of the keys are correct, you will be met with an exception. ``` $keys = [...]; // Array of keys $payload = JWTDecoder::token($jwt) ->withKeys($keys) ->decode(); ``` ### Ignoring the token expiry time [](#ignoring-the-token-expiry-time) By default, the library will check the token's expiry time ([exp](https://tools.ietf.org/html/rfc7519#section-4.1.4)) if it is present. However, if (for whatever reason) you wish to ignore the expiry time, you can use the following option. ``` $payload = JWTDecoder::token($jwt) ->withKey($key) ->ignoreExpiry() ->decode(); ``` ### Ignoring the token 'not valid before' time [](#ignoring-the-token-not-valid-before-time) Similarly to the `ignoreExpiry` option, you can also ignore the 'not valid before' time of the token ([nbf](https://tools.ietf.org/html/rfc7519#section-4.1.5)). ``` $payload = JWTDecoder::token($jwt) ->withKey($key) ->ignoreNotValidBefore() ->decode(); ``` ### Working with the payload [](#working-with-the-payload) The decoder always returns a `JWTPayload` instance. Use this object to access the data in the payload. **Check if payload has a value** ``` $payload->has('username'); // true $payload->has('date_of_birth'); // false ``` **Get a value from the payload** ``` $payload->get('username'); // 'John' ``` **Convert a payload to an array** ``` $payload->toArray(); /* * [ * 'username' => 'John', * 'email' => 'john@example.com', * 'sub' => '1234567890', * 'iat' => 1516239022, * 'exp' => 1516243210 * ] */ ``` ### Testing [](#testing) ``` composer test ``` Contributing ------------ [](#contributing) Please see [CONTRIBUTING](CONTRIBUTING.md) for details. ### Security [](#security) If you discover any security related issues, please email instead of using the issue tracker. Credits ------- [](#credits) Credits go to [musa11971](https://github.com/musa11971) for creating and maintaining the library. Special thanks - .. to [all contributors](../../contributors) for contributing to the project. Support me ---------- [](#support-me) I am a full-time software engineering student and work on this library in my free time. If you find the library useful, please consider making a [donation](https://www.paypal.me/musa11971)! Every little bit helps. 💜 License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 26 — LowBetter than 43% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity14 Limited adoption so far Community9 Small or concentrated contributor base Maturity51 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 2269d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/3c3104e44e9879242659fa0c6717fa6d01be9fcbb90a33d0c49c1ea1c6348332?d=identicon)[musa11971](/maintainers/musa11971) --- Top Contributors [![musa11971](https://avatars.githubusercontent.com/u/21341801?v=4)](https://github.com/musa11971 "musa11971 (4 commits)") --- Tags jwtphpphp-libraryphp-jwt-decoder ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/musa11971-php-jwt-decoder/health.svg) ``` [![Health](https://phpackages.com/badges/musa11971-php-jwt-decoder/health.svg)](https://phpackages.com/packages/musa11971-php-jwt-decoder) ``` ### Alternatives [namshi/jose JSON Object Signing and Encryption library for PHP. 1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client OAuth 1.0 Client Library 99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 41721.2M118](/packages/league-oauth2-google)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)