PHPackages norbertjurga/php-jwt - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. norbertjurga/php-jwt ActiveLibrary[Authentication & Authorization](/categories/authentication) norbertjurga/php-jwt ==================== Forked firebase/php-jwt library to encode and decode JSON Web Tokens (JWT) in PHP with empty payload support. 6.0(4y ago)0869BSD-3-ClausePHPPHP >=5.3.0 Since Aug 28Pushed 4y agoCompare [ Source](https://github.com/norbertjurga/php-jwt)[ Packagist](https://packagist.org/packages/norbertjurga/php-jwt)[ Docs](https://github.com/norbertjurga/php-jwt)[ RSS](/packages/norbertjurga-php-jwt/feed)WikiDiscussions master Synced 1w ago READMEChangelog (1)Dependencies (1)Versions (15)Used By (0) [![Build Status](https://camo.githubusercontent.com/b9995e9b991a4634391e27753459a955b0809bc274a9734c98e1fbb1ce673296/68747470733a2f2f7472617669732d63692e6f72672f66697265626173652f7068702d6a77742e706e673f6272616e63683d6d6173746572)](https://travis-ci.org/firebase/php-jwt)[![Latest Stable Version](https://camo.githubusercontent.com/bebc7cfe76c18d3d232ea4163cac4402a05152f133d87d30592fc8cf4247e44a/68747470733a2f2f706f7365722e707567782e6f72672f66697265626173652f7068702d6a77742f762f737461626c65)](https://packagist.org/packages/firebase/php-jwt)[![Total Downloads](https://camo.githubusercontent.com/067ce010f6f401b143ead4b6d7d09d3bf778445a701d10339f75de812285d798/68747470733a2f2f706f7365722e707567782e6f72672f66697265626173652f7068702d6a77742f646f776e6c6f616473)](https://packagist.org/packages/firebase/php-jwt)[![License](https://camo.githubusercontent.com/c4297c941ea39c4f981b2490a343a9a99a721aec347fedf367cd13e30a1fdce4/68747470733a2f2f706f7365722e707567782e6f72672f66697265626173652f7068702d6a77742f6c6963656e7365)](https://packagist.org/packages/firebase/php-jwt) PHP-JWT ======= [](#php-jwt) A simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming to [RFC 7519](https://tools.ietf.org/html/rfc7519). Installation ------------ [](#installation) Use composer to manage your dependencies and download PHP-JWT: ``` composer require firebase/php-jwt ``` Example ------- [](#example) ``` use Firebase\JWT\JWT; $key = "example_key"; $payload = array( "iss" => "http://example.org", "aud" => "http://example.com", "iat" => 1356999524, "nbf" => 1357000000 ); /** * IMPORTANT: * You must specify supported algorithms for your application. See * https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40 * for a list of spec-compliant algorithms. */ $jwt = JWT::encode($payload, $key); $decoded = JWT::decode($jwt, $key, array('HS256')); print_r($decoded); /* NOTE: This will now be an object instead of an associative array. To get an associative array, you will need to cast it as such: */ $decoded_array = (array) $decoded; /** * You can add a leeway to account for when there is a clock skew times between * the signing and verifying servers. It is recommended that this leeway should * not be bigger than a few minutes. * * Source: http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html#nbfDef */ JWT::$leeway = 60; // $leeway in seconds $decoded = JWT::decode($jwt, $key, array('HS256')); ``` Example with RS256 (openssl) ---------------------------- [](#example-with-rs256-openssl) ``` use Firebase\JWT\JWT; $privateKey = "example.com", "iat" => 1356999524, "nbf" => 1357000000 ); $jwt = JWT::encode($payload, $privateKey, 'RS256'); echo "Encode:\n" . print_r($jwt, true) . "\n"; $decoded = JWT::decode($jwt, $publicKey, array('RS256')); /* NOTE: This will now be an object instead of an associative array. To get an associative array, you will need to cast it as such: */ $decoded_array = (array) $decoded; echo "Decode:\n" . print_r($decoded_array, true) . "\n"; ``` Example with a passphrase ------------------------- [](#example-with-a-passphrase) ``` // Your passphrase $passphrase = '[YOUR_PASSPHRASE]'; // Your private key file with passphrase // Can be generated with "ssh-keygen -t rsa -m pem" $privateKeyFile = '/path/to/key-with-passphrase.pem'; // Create a private key of type "resource" $privateKey = openssl_pkey_get_private( file_get_contents($privateKeyFile), $passphrase ); $payload = array( "iss" => "example.org", "aud" => "example.com", "iat" => 1356999524, "nbf" => 1357000000 ); $jwt = JWT::encode($payload, $privateKey, 'RS256'); echo "Encode:\n" . print_r($jwt, true) . "\n"; // Get public key from the private key, or pull from from a file. $publicKey = openssl_pkey_get_details($privateKey)['key']; $decoded = JWT::decode($jwt, $publicKey, array('RS256')); echo "Decode:\n" . print_r((array) $decoded, true) . "\n"; ``` Using JWKs ---------- [](#using-jwks) ``` use Firebase\JWT\JWK; use Firebase\JWT\JWT; // Set of keys. The "keys" key is required. For example, the JSON response to // this endpoint: https://www.gstatic.com/iap/verify/public_key-jwk $jwks = ['keys' => []]; // JWK::parseKeySet($jwks) returns an associative array of **kid** to private // key. Pass this as the second parameter to JWT::decode. JWT::decode($payload, JWK::parseKeySet($jwks), $supportedAlgorithm); ``` Changelog --------- [](#changelog) #### 5.0.0 / 2017-06-26 [](#500--2017-06-26) - Support RS384 and RS512. See [\#117](https://github.com/firebase/php-jwt/pull/117). Thanks [@joostfaassen](https://github.com/joostfaassen)! - Add an example for RS256 openssl. See [\#125](https://github.com/firebase/php-jwt/pull/125). Thanks [@akeeman](https://github.com/akeeman)! - Detect invalid Base64 encoding in signature. See [\#162](https://github.com/firebase/php-jwt/pull/162). Thanks [@psignoret](https://github.com/psignoret)! - Update `JWT::verify` to handle OpenSSL errors. See [\#159](https://github.com/firebase/php-jwt/pull/159). Thanks [@bshaffer](https://github.com/bshaffer)! - Add `array` type hinting to `decode` method See [\#101](https://github.com/firebase/php-jwt/pull/101). Thanks [@hywak](https://github.com/hywak)! - Add all JSON error types. See [\#110](https://github.com/firebase/php-jwt/pull/110). Thanks [@gbalduzzi](https://github.com/gbalduzzi)! - Bugfix 'kid' not in given key list. See [\#129](https://github.com/firebase/php-jwt/pull/129). Thanks [@stampycode](https://github.com/stampycode)! - Miscellaneous cleanup, documentation and test fixes. See [\#107](https://github.com/firebase/php-jwt/pull/107), [\#115](https://github.com/firebase/php-jwt/pull/115), [\#160](https://github.com/firebase/php-jwt/pull/160), [\#161](https://github.com/firebase/php-jwt/pull/161), and [\#165](https://github.com/firebase/php-jwt/pull/165). Thanks [@akeeman](https://github.com/akeeman), [@chinedufn](https://github.com/chinedufn), and [@bshaffer](https://github.com/bshaffer)! #### 4.0.0 / 2016-07-17 [](#400--2016-07-17) - Add support for late static binding. See [\#88](https://github.com/firebase/php-jwt/pull/88) for details. Thanks to [@chappy84](https://github.com/chappy84)! - Use static `$timestamp` instead of `time()` to improve unit testing. See [\#93](https://github.com/firebase/php-jwt/pull/93) for details. Thanks to [@josephmcdermott](https://github.com/josephmcdermott)! - Fixes to exceptions classes. See [\#81](https://github.com/firebase/php-jwt/pull/81) for details. Thanks to [@Maks3w](https://github.com/Maks3w)! - Fixes to PHPDoc. See [\#76](https://github.com/firebase/php-jwt/pull/76) for details. Thanks to [@akeeman](https://github.com/akeeman)! #### 3.0.0 / 2015-07-22 [](#300--2015-07-22) - Minimum PHP version updated from `5.2.0` to `5.3.0`. - Add `\Firebase\JWT` namespace. See [\#59](https://github.com/firebase/php-jwt/pull/59) for details. Thanks to [@Dashron](https://github.com/Dashron)! - Require a non-empty key to decode and verify a JWT. See [\#60](https://github.com/firebase/php-jwt/pull/60) for details. Thanks to [@sjones608](https://github.com/sjones608)! - Cleaner documentation blocks in the code. See [\#62](https://github.com/firebase/php-jwt/pull/62) for details. Thanks to [@johanderuijter](https://github.com/johanderuijter)! #### 2.2.0 / 2015-06-22 [](#220--2015-06-22) - Add support for adding custom, optional JWT headers to `JWT::encode()`. See [\#53](https://github.com/firebase/php-jwt/pull/53/files) for details. Thanks to [@mcocaro](https://github.com/mcocaro)! #### 2.1.0 / 2015-05-20 [](#210--2015-05-20) - Add support for adding a leeway to `JWT:decode()` that accounts for clock skew between signing and verifying entities. Thanks to [@lcabral](https://github.com/lcabral)! - Add support for passing an object implementing the `ArrayAccess` interface for `$keys` argument in `JWT::decode()`. Thanks to [@aztech-dev](https://github.com/aztech-dev)! #### 2.0.0 / 2015-04-01 [](#200--2015-04-01) - **Note**: It is strongly recommended that you update to > v2.0.0 to address known security vulnerabilities in prior versions when both symmetric and asymmetric keys are used together. - Update signature for `JWT::decode(...)` to require an array of supported algorithms to use when verifying token signatures. Tests ----- [](#tests) Run the tests using phpunit: ``` $ pear install PHPUnit $ phpunit --configuration phpunit.xml.dist PHPUnit 3.7.10 by Sebastian Bergmann. ..... Time: 0 seconds, Memory: 2.50Mb OK (5 tests, 5 assertions) ``` New Lines in private keys ------------------------- [](#new-lines-in-private-keys) If your private key contains `\n` characters, be sure to wrap it in double quotes `""`and not single quotes `''` in order to properly interpret the escaped characters. License ------- [](#license) [3-Clause BSD](http://opensource.org/licenses/BSD-3-Clause). ### Health Score 32 — LowBetter than 72% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity15 Limited adoption so far Community19 Small or concentrated contributor base Maturity66 Established project with proven stability Bus Factor3 3 contributors hold 50%+ of commits How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~226 days Recently: every ~120 days Total 12 Last Release 1792d ago Major Versions 1.0.0 → 2.0.02015-04-01 v2.2.0 → v3.0.02015-07-22 v3.0.0 → v4.0.02016-07-18 v4.0.0 → v5.0.02017-06-27 v5.3.0 → 6.02021-06-21 PHP version history (2 changes)1.0.0PHP >=5.2.0 v3.0.0PHP >=5.3.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/eff0bb0b0632813aaeeebf1e161a5a9a6df38d826f62efd3571a5a2e5c54b046?d=identicon)[njurga](/maintainers/njurga) --- Top Contributors [![robertdimarco](https://avatars.githubusercontent.com/u/136118?v=4)](https://github.com/robertdimarco "robertdimarco (35 commits)")[![bshaffer](https://avatars.githubusercontent.com/u/103941?v=4)](https://github.com/bshaffer "bshaffer (22 commits)")[![anantn](https://avatars.githubusercontent.com/u/37190?v=4)](https://github.com/anantn "anantn (13 commits)")[![phansys](https://avatars.githubusercontent.com/u/1231441?v=4)](https://github.com/phansys "phansys (6 commits)")[![mcocaro](https://avatars.githubusercontent.com/u/2057974?v=4)](https://github.com/mcocaro "mcocaro (6 commits)")[![jlesueur](https://avatars.githubusercontent.com/u/944916?v=4)](https://github.com/jlesueur "jlesueur (5 commits)")[![sarciszewski](https://avatars.githubusercontent.com/u/3710836?v=4)](https://github.com/sarciszewski "sarciszewski (5 commits)")[![sjones608](https://avatars.githubusercontent.com/u/9216115?v=4)](https://github.com/sjones608 "sjones608 (3 commits)")[![4026](https://avatars.githubusercontent.com/u/7915060?v=4)](https://github.com/4026 "4026 (2 commits)")[![josephmcdermott](https://avatars.githubusercontent.com/u/6955944?v=4)](https://github.com/josephmcdermott "josephmcdermott (2 commits)")[![Krisell](https://avatars.githubusercontent.com/u/25909128?v=4)](https://github.com/Krisell "Krisell (2 commits)")[![phil-davis](https://avatars.githubusercontent.com/u/1535615?v=4)](https://github.com/phil-davis "phil-davis (2 commits)")[![stampycode](https://avatars.githubusercontent.com/u/5627756?v=4)](https://github.com/stampycode "stampycode (2 commits)")[![akeeman](https://avatars.githubusercontent.com/u/12628547?v=4)](https://github.com/akeeman "akeeman (2 commits)")[![redian](https://avatars.githubusercontent.com/u/816941?v=4)](https://github.com/redian "redian (1 commits)")[![sdrsdr](https://avatars.githubusercontent.com/u/62441?v=4)](https://github.com/sdrsdr "sdrsdr (1 commits)")[![win0err](https://avatars.githubusercontent.com/u/11278181?v=4)](https://github.com/win0err "win0err (1 commits)")[![aztech-dev](https://avatars.githubusercontent.com/u/93562568?v=4)](https://github.com/aztech-dev "aztech-dev (1 commits)")[![beamerblvd](https://avatars.githubusercontent.com/u/2373900?v=4)](https://github.com/beamerblvd "beamerblvd (1 commits)")[![chappy84](https://avatars.githubusercontent.com/u/912440?v=4)](https://github.com/chappy84 "chappy84 (1 commits)") --- Tags phpjwt ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/norbertjurga-php-jwt/health.svg) ``` [![Health](https://phpackages.com/badges/norbertjurga-php-jwt/health.svg)](https://phpackages.com/packages/norbertjurga-php-jwt) ``` ### Alternatives [griffinledingham/php-apple-signin A simple library to decode and parse Apple Sign In client tokens. 2011.9M1](/packages/griffinledingham-php-apple-signin)[hyperf-ext/jwt The Hyperf JWT package. 53134.9k2](/packages/hyperf-ext-jwt)[maicol07/flarum-ext-sso SSO for Flarum 468.3k](/packages/maicol07-flarum-ext-sso) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)