PHPackages php-istio/jwt-authentication-bundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. php-istio/jwt-authentication-bundle AbandonedArchivedSymfony-bundle php-istio/jwt-authentication-bundle =================================== Symfony bundle to help authenticate JWT payload from Istio Envoy proxy. v2.0.0(3y ago)430.6k1MITPHPPHP >=8.0 Since Jun 27Pushed 3y agoCompare [ Source](https://github.com/php-istio/jwt-authentication-bundle)[ Packagist](https://packagist.org/packages/php-istio/jwt-authentication-bundle)[ RSS](/packages/php-istio-jwt-authentication-bundle/feed)WikiDiscussions 2.x Synced 1w ago READMEChangelog (5)Dependencies (7)Versions (9)Used By (0) JWT Authentication Bundle ========================= [](#jwt-authentication-bundle) [![unit tests](https://github.com/php-istio/jwt-authentication-bundle/actions/workflows/unit-tests.yml/badge.svg)](https://github.com/php-istio/jwt-authentication-bundle/actions/workflows/unit-tests.yml/badge.svg)[![coding standards](https://github.com/php-istio/jwt-authentication-bundle/actions/workflows/coding-standards.yml/badge.svg)](https://github.com/php-istio/jwt-authentication-bundle/actions/workflows/coding-standards.yml/badge.svg)[![codecov](https://camo.githubusercontent.com/ad410e1c9a34e890011ff130c25b89dfd0498349c1022e4a292888c6765d45af/68747470733a2f2f636f6465636f762e696f2f67682f7068702d697374696f2f6a77742d61757468656e7469636174696f6e2d62756e646c652f6272616e63682f6d61696e2f67726170682f62616467652e7376673f746f6b656e3d5a564439524a42485933)](https://codecov.io/gh/php-istio/jwt-authentication-bundle)[![Latest Stable Version](https://camo.githubusercontent.com/efa6b3743e4bf9d01cdce49e64f54ba7fd593da0e863d819e37e99494fffdef1/687474703a2f2f706f7365722e707567782e6f72672f7068702d697374696f2f6a77742d61757468656e7469636174696f6e2d62756e646c652f76)](https://packagist.org/packages/php-istio/jwt-authentication-bundle) About ----- [](#about) The Symfony bundle provides JWT authentication for request forwarded by Istio sidecar. > To use this bundle, make sure your K8S application pod had injected Istio sidecar and configured [RequestAuthentication](https://istio.io/latest/docs/reference/config/security/request_authentication/) CRD, if not your application **IS NOT SECURE**. The main difference between the awesome [Lexik JWT Authentication](https://github.com/lexik/LexikJWTAuthenticationBundle) bundle and this bundle is it's **NOT** validate JWT token because Istio sidecar had validated before forward request to your application, so that your application don't need to hold public key and double validate JWT token. Requirements ------------ [](#requirements) PHP versions: - PHP 8.0 Symfony versions: - Symfony 5.3 Installation ------------ [](#installation) ``` composer require php-istio/jwt-authentication-bundle ``` Configuration ------------- [](#configuration) Enable [the authenticator manager](https://symfony.com/doc/current/security/authenticator_manager.html) setting: ``` # config/packages/security.yaml security: enable_authenticator_manager: true # ... ``` Then, configure your `config/packages/security.yaml`: ``` security: enable_authenticator_manager: true access_control: - path: ^/ roles: IS_AUTHENTICATED_FULLY firewalls: #... main: stateless: true istio_jwt_authenticator: rules: - issuer: issuer_1 # Required user_identifier_claim: sub #Default is `sub` claim origin_token_headers: [authorization] #Required at least once of `origin_token_headers`, `origin_token_query_params` or `base64_headers`. Use this option when your Istio JWTRule CRD using `forwardOriginalToken`. origin_token_query_params: [token] #Use this option when your Istio JWTRule CRD using `forwardOriginalToken` and your JWT token in query param. base64_headers: [x-istio-jwt-payload] # Use this option when your Istio JWTRule CRD using `outputPayloadToHeader`. prefix: "Bearer " #Token prefix of origin token passthrough by default blank ("") if not set. ``` In case your application have multi issuers: ``` #.... main: stateless: true istio_jwt_authenticator: rules: - issuer: issuer_1 origin_token_headers: [authorization] prefix: "Bearer " - issuer: issuer_2 user_identifier_claim: aud base64_headers: [x-istio-jwt-payload] #.... ``` Usage ----- [](#usage) ``` #!/bin/bash #Generate mock JWT token forwarded by Istio sidecar payload='{"issuer":"issuer_1", "sub": "test"}'; base64_payload=$(echo -n $payload | base64 -); origin_token=$(echo "header.$base64_payload.signature"); #You can test authenticate origin token with curl: curl -H "Authorization: Bearer $origin_token" http://localhost/ #Or authenticate base64 payload header: curl -H "X-Istio-JWT-Payload: $base64_payload" http://localhost/ ``` Further readings ---------------- [](#further-readings) - [Get JWT payload of authenticated user](src/Resources/doc/get-jwt-payload-of-authenticated-user.md) - [Use stateless user provider](src/Resources/doc/stateless-user-provider.md) - [Create custom user provider](src/Resources/doc/create-custom-user-provider.md) Credits ------- [](#credits) - [Minh Vuong](https://github.com/vuongxuongminh) ### Health Score 34 — LowBetter than 77% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity31 Limited adoption so far Community9 Small or concentrated contributor base Maturity62 Established project with proven stability Bus Factor1 Top contributor holds 90.9% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~56 days Recently: every ~99 days Total 8 Last Release 1390d ago Major Versions v1.1.0 → 2.x-dev2022-07-29 ### Community Maintainers ![](https://www.gravatar.com/avatar/8901d64a1059726b851dbdd91463ad1d3169f9dba6a2dcff11d05f97d9bccaea?d=identicon)[vuongxuongminh](/maintainers/vuongxuongminh) --- Top Contributors [![vuongxuongminh](https://avatars.githubusercontent.com/u/38932626?v=4)](https://github.com/vuongxuongminh "vuongxuongminh (20 commits)")[![huyta888](https://avatars.githubusercontent.com/u/25736673?v=4)](https://github.com/huyta888 "huyta888 (2 commits)") --- Tags istiojwt-authenticationphp-istiosymfony-bundle ### Embed Badge ![Health badge](/badges/php-istio-jwt-authentication-bundle/health.svg) ``` [![Health](https://phpackages.com/badges/php-istio-jwt-authentication-bundle/health.svg)](https://phpackages.com/packages/php-istio-jwt-authentication-bundle) ``` ### Alternatives [sylius/sylius E-Commerce platform for PHP, based on Symfony framework. 8.4k5.6M651](/packages/sylius-sylius)[easycorp/easyadmin-bundle Admin generator for Symfony applications 4.3k16.7M310](/packages/easycorp-easyadmin-bundle)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[friendsofsymfony/http-cache-bundle Set path based HTTP cache headers and send invalidation requests to your HTTP cache 43813.2M47](/packages/friendsofsymfony-http-cache-bundle)[sulu/sulu Core framework that implements the functionality of the Sulu content management system 1.3k1.3M152](/packages/sulu-sulu)[damienharper/auditor-bundle Integrate auditor library in your Symfony projects. 4542.8M](/packages/damienharper-auditor-bundle) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)