PHPackages raffie-rest/jwt - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. raffie-rest/jwt ActiveLibrary[Authentication & Authorization](/categories/authentication) raffie-rest/jwt =============== Google oAuth2 JWT Generator 0525PHP Since Apr 5Pushed 11y ago1 watchersCompare [ Source](https://github.com/raffie-rest/jwt)[ Packagist](https://packagist.org/packages/raffie-rest/jwt)[ RSS](/packages/raffie-rest-jwt/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) JWT === [](#jwt) Google® oAuth2 JWT Generator Class - [Using OAuth 2.0 to Access Google APIs](https://developers.google.com/accounts/docs/OAuth2) - [Using OAuth 2.0 for Server to Server Applications](https://developers.google.com/accounts/docs/OAuth2ServiceAccount) Introduction ------------ [](#introduction) This class is already hooked up in another proprietary Remote REST abstraction, but I aim to implement the Google oAuth2 service account auth method by virtue of this class in my [Adapter](https://github.com/raffie-rest/adapter) project also. For the moment, you might be able to incorporate it in your own Remote REST abstraction. It is exactly intended for that purpose; those who find the PHP google client libraries too bloated, but have a hard time figuring out how to generate a JWT / negotiating for a token whilst dodging cryptic `bad_request` / `invalid_grant` responses. Mostly this is due to the system clock being out of sync with NTP, but this class accounts for this. Generating a JWT ---------------- [](#generating-a-jwt) Feed it a config array, like so: ``` $jwtConfig = [ 'key' => [ 'pass' => 'notasecret', // Converted from the .p12 off of the Developer console 'path' => 'file://' . storage_path() . '/certs/google.pem' ], 'header' => [ 'alg' => 'RS256', 'typ' => 'JWT' ], 'claim_set' => [ 'iss' => '', // service account e-mail 'scope' => 'https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/prediction', 'aud' => 'https://www.googleapis.com/oauth2/v3/token', 'exp' => '+30 minutes', 'sub' => '' ] ]; $generator = new Generator($jwtConfig); $returnedJwt = $generator->generate(); ``` Make sure that the relevant API's are enabled, and the user has read/write access. Negotiate for an access token ----------------------------- [](#negotiate-for-an-access-token) The JWT can be used to negotiate an access token via the pseudocode below: ``` POST https://www.googleapis.com/oauth2/v3/token HTTP/1.1 Content-Type: application/x-www-form-urlencoded grant_type=urlencode(JWT::$grant_type)&assertion=urlencode($returnedJwt) ``` In the case of Google oAuth2, the `grant_type` is virtually always `urn:ietf:params:oauth:grant-type:jwt-bearer`. ### If stuff goes wrong [](#if-stuff-goes-wrong) The class is aimed at preventing the cryptic `bad_request` stuff by converting your time to UTC, but always make sure your system time is in sync with NTP and that you use your service account e-mail address (not your ID). ### If all is well... [](#if-all-is-well) If everything goes well, you get something like this you can cache for further usage: ``` { "access_token" : "1/8xbJqaOZXSUZbHLl5EOtu1pxz3fmmetKx9W8CV4t79M", "token_type" : "Bearer", "expires_in" : 3600 } ``` After the access token is expired, you can simply rebuild the JWT and request a new access token. Authenticate with the access token ---------------------------------- [](#authenticate-with-the-access-token) Put this header on each Google API request: ``` GET https://www.googleapis.com/calendar/v3/users/me/calendarlist HTTP/1.1 Authorization: Bearer 1/8xbJqaOZXSUZbHLl5EOtu1pxz3fmmetKx9W8CV4t79M ``` ### Health Score 22 — LowBetter than 22% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity12 Limited adoption so far Community9 Small or concentrated contributor base Maturity41 Maturing project, gaining track record Bus Factor1 Top contributor holds 66.7% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/cdf9d526b6fdee2ef3acdd3f3f38a9b9bada96e8a6a82ee684fd87ab85c3010d?d=identicon)[raffie.rest](/maintainers/raffie.rest) --- Top Contributors [![raffie-rest](https://avatars.githubusercontent.com/u/11791963?v=4)](https://github.com/raffie-rest "raffie-rest (2 commits)")[![r-hebing](https://avatars.githubusercontent.com/u/3007939?v=4)](https://github.com/r-hebing "r-hebing (1 commits)") ### Embed Badge ![Health badge](/badges/raffie-rest-jwt/health.svg) ``` [![Health](https://phpackages.com/badges/raffie-rest-jwt/health.svg)](https://phpackages.com/packages/raffie-rest-jwt) ``` ### Alternatives [bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth)[beatswitch/lock A flexible, driver based Acl package for PHP 5.4+ 870304.7k2](/packages/beatswitch-lock)[amocrm/amocrm-api-library amoCRM API Client 182728.5k6](/packages/amocrm-amocrm-api-library)[vonage/jwt A standalone package for creating JWTs for Vonage APIs 424.1M4](/packages/vonage-jwt) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)