PHPackages rbdwllr/reallysimplejwt - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. rbdwllr/reallysimplejwt ActiveLibrary[Authentication & Authorization](/categories/authentication) rbdwllr/reallysimplejwt ======================= A really simple library to generate user authentication JSON Web Tokens. 5.0.0(4y ago)2902.4M—1.9%54[6 issues](https://github.com/RobDWaller/ReallySimpleJWT/issues)[1 PRs](https://github.com/RobDWaller/ReallySimpleJWT/pulls)20MITPHPPHP >=8.0.0 Since Feb 19Pushed 2y ago9 watchersCompare [ Source](https://github.com/RobDWaller/ReallySimpleJWT)[ Packagist](https://packagist.org/packages/rbdwllr/reallysimplejwt)[ RSS](/packages/rbdwllr-reallysimplejwt/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (9)Versions (49)Used By (20) Really Simple JSON Web Tokens ============================= [](#really-simple-json-web-tokens) [![Actions Status](https://github.com/robdwaller/reallysimplejwt/workflows/ci/badge.svg)](https://github.com/robdwaller/reallysimplejwt/actions) [![codecov](https://camo.githubusercontent.com/4f74af600343f61d12400a02ab679ffd32c6d6d5aae7e17179f4f26038dde32e/68747470733a2f2f636f6465636f762e696f2f67682f526f624457616c6c65722f5265616c6c7953696d706c654a57542f6272616e63682f6d61737465722f67726170682f62616467652e737667)](https://codecov.io/gh/RobDWaller/ReallySimpleJWT) [![Infection MSI](https://camo.githubusercontent.com/4c4991d11c1cca3368011987578a9e481693ceaf149e2db8648b7440e8789cc3/68747470733a2f2f62616467652e737472796b65722d6d757461746f722e696f2f6769746875622e636f6d2f526f624457616c6c65722f5265616c6c7953696d706c654a57542f6d6173746572)](https://infection.github.io) [![StyleCI](https://camo.githubusercontent.com/c0ad3d8431139af51190bfba6aa79fe02726b5ec31a7a3dc23c09138f5873dc0/68747470733a2f2f7374796c6563692e696f2f7265706f732f38323337393836382f736869656c643f6272616e63683d6d6173746572)](https://styleci.io/repos/82379868) [![Latest Stable Version](https://camo.githubusercontent.com/3ce8e591edf1e5c8fed8ef62466dc7b03dbfc31a2eda5d8e9923254d608e0deb/68747470733a2f2f706f7365722e707567782e6f72672f726264776c6c722f7265616c6c7973696d706c656a77742f762f737461626c65)](https://packagist.org/packages/rbdwllr/reallysimplejwt) [![Packagist PHP Version Support](https://camo.githubusercontent.com/dc498da2e01625944086ef6339b99785373b300a62f43734c4410c5bc2a3c5ea/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f726264776c6c722f7265616c6c7973696d706c656a7774)](https://camo.githubusercontent.com/dc498da2e01625944086ef6339b99785373b300a62f43734c4410c5bc2a3c5ea/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f726264776c6c722f7265616c6c7973696d706c656a7774) [![Total Downloads](https://camo.githubusercontent.com/4f3cc67725e1747f84c3e84c03a2db44ac17744b2150218c84b915df4925449e/68747470733a2f2f706f7365722e707567782e6f72672f726264776c6c722f7265616c6c7973696d706c656a77742f646f776e6c6f616473)](https://packagist.org/packages/rbdwllr/reallysimplejwt) A simple PHP library for creating JSON Web Tokens that uses HMAC SHA256 to sign signatures. For basic usage the library exposes a static interface to allow developers to create a token that stores a user identifier and expiration time. The library is also open to extension, developers can define their own encoding and secret standards, set all the [RFC standard](https://tools.ietf.org/html/rfc7519) JWT claims, and set their own private claims. You can easily integrate ReallySimpleJWT with PSR-7 / PSR-15 compliant frameworks such as [Slim PHP](https://packagist.org/packages/slim/slim) with the [PSR-JWT middleware library](https://github.com/RobDWaller/psr-jwt). Please read the [framework integration documentation](#framework-integration-with-psr-jwt-middleware) to learn more. If you need to read tokens in the browser please take a look at our JavaScript / Typescript library [RS-JWT](https://github.com/RobDWaller/rs-jwt). Contents -------- [](#contents) - [What is a JSON Web Token?](#what-is-a-json-web-token) - [Setup](#setup) - [Basic Usage](#basic-usage) - [Create Token](#create-token) - [Validate Token](#validate-token) - [Get Header and Payload Claims Data](#get-header-and-payload-claims-data) - [Build, Parse and Validate Factory Methods](#build-parse-and-validate-factory-methods) - [Non-Static Usage](#non-static-usage) - [Advanced Usage](#advanced-usage) - [Create Custom Token](#create-custom-token) - [Access the Token](#access-the-token) - [Parse Token](#parse-token) - [Access Token Claims Data](#access-token-claims-data) - [Token Validation Methods](#token-validation-methods) - [Custom Encoding](#custom-encoding) - [Error Messages and Codes](#error-messages-and-codes) - [Token Security](#token-security) - [Secret Strength](#secret-strength) - [Framework Integration With PSR-JWT Middleware](#framework-integration-with-psr-jwt-middleware) - [Browser Integration With RS-JWT](#browser-integration-with-rs-jwt) What is a JSON Web Token? ------------------------- [](#what-is-a-json-web-token) JSON Web Tokens is a standard for creating URL friendly access tokens that assert claims about a user or system. A token is broken down into three parts; the header, the payload and the signature; with each part separated by a dot. Each part is encoded using the base64URL standard, see the [RFC](https://tools.ietf.org/html/rfc4648#page-7). An example JWT: ``` eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c ``` The header and payload are both encoded JSON strings that contain a number of claims: ``` // Example Header { "alg": "HS256", "typ": "JWT" } // Example Payload { "sub": "1234567890", "name": "John Doe", "iat": 1516239022 } ``` A claim is a key value pair, eg `"typ": "JWT"`, please read [RFC 7519](https://tools.ietf.org/html/rfc7519#section-4) to learn more about JSON Web Token claims. Token security is achieved via the signature which is made up of the header, payload and a secret known only to the token author. This information is hashed and then base64URL encoded. If a malicious user attempts to edit the header or payload claims they will be unable to replicate the signature so long as you use a strong secret. See [Token Security](#token-security) for more information on this. Setup ----- [](#setup) To install this package you will need to install [Composer](https://getcomposer.org/) and then run `composer init`. Once this is done you can install the package via the command line or by editing the composer.json file created by the `composer init` command. Finally you will need to reference the composer autoloader in your PHP code, `require 'vendor/autoload.php';`. The location of the autoload file will differ dependent on where your code is run and may not be required if you are using a framework. **Install via Composer on the command line:** ``` composer require rbdwllr/reallysimplejwt ``` **Install via the composer.json file:** Add the following to your composer.json file: ``` "require": { "rbdwllr/reallysimplejwt": "^5.0" } ``` Then run: ``` composer update ``` Basic Usage ----------- [](#basic-usage) For basic usage the library exposes a set of static methods via the `ReallySimpleJWT\Token` class which allow a developer to create and validate basic JSON Web Tokens. ### Create Token [](#create-token) Call the `create()` static method and pass in a user identifier, a secret, an expiration date time number and the token issuer. This will return a token string on success and throw a `ReallySimpleJWT\Exception\BuildException` on failure. ``` use ReallySimpleJWT\Token; $userId = 12; $secret = 'sec!ReT423*&'; $expiration = time() + 3600; $issuer = 'localhost'; $token = Token::create($userId, $secret, $expiration, $issuer); ``` To create a more customised token developers can use the `customPayload()` method. This allows the creation of a token based on an array of key value pairs which represent the payload claims. ``` use ReallySimpleJWT\Token; $payload = [ 'iat' => time(), 'uid' => 1, 'exp' => time() + 10, 'iss' => 'localhost' ]; $secret = 'Hello&MikeFooBar123'; $token = Token::customPayload($payload, $secret); ``` On success the `customPayload()` method will return a JWT token string and on failure it will throw an exception. ### Validate Token [](#validate-token) To validate a JSON web token call the `validate()` static method, pass in the token string and the secret. The validate method checks the token structure is correct and the signature is valid. It will return true on success and false on failure. ``` use ReallySimpleJWT\Token; $token = 'aaa.bbb.ccc'; $secret = 'sec!ReT423*&'; $result = Token::validate($token, $secret); ``` There are also methods available to validate the token's expiration claim and not before claim. Both will return true on success and false on failure. ``` use ReallySimpleJWT\Token; $token = 'aaa.bbb.ccc'; Token::validateExpiration($token); Token::validateNotBefore($token); ``` ### Get Header and Payload Claims Data [](#get-header-and-payload-claims-data) To retrieve the token claims data from the header or payload call the `getHeader()` and or `getPayload()` static methods. Both methods will return an associative array on success and throw an exception on failure. ``` use ReallySimpleJWT\Token; $token = 'aaa.bbb.ccc'; // Return the header claims Token::getHeader($token); // Return the payload claims Token::getPayload($token); ``` ### Build, Parse and Validate Factory Methods [](#build-parse-and-validate-factory-methods) The `ReallySimpleJWT\Token` class also provides three factory methods to gain access to the core `ReallySimpleJWT\Build`, `ReallySimpleJWT\Parse`, and `ReallySimpleJWT\Validate` classes. These classes allow you to build custom tokens, and parse and validate tokens as you see fit. ``` Token::builder(); // Returns an instance of ReallySimpleJWT\Build Token::parser($token); // Returns an instance of ReallySimpleJWT\Parse Token::validator($token, $secret); // Returns an instance of ReallySimpleJWT\Validate ``` ### Non-Static Usage [](#non-static-usage) The `ReallySimpleJWT\Token` class is just a wrapper for the `ReallySimpleJWT\Tokens` class which can be used directly for those who'd prefer to instantiate and inject the functionality. ``` use ReallySimpleJWT\Tokens; $tokens = new Tokens(); $id = 52; $secret = 'sec!ReT423*&'; $expiration = time() + 50; $issuer = 'localhost'; $token = $tokens->create('id', $id, $secret, $expiration, $issuer); $token->getToken(); ``` Please note when calling the `create()` and `customPayload()` methods on the `Tokens` class they will return an instance of the `Jwt` class unlike the `Token` class which will return a token string. In addition, the `create()` method has a slightly different signature to the `Tokens` class as a user identifier key must be passed in. `create(string $userKey, $userId, string $secret, int $expiration, string $issuer): Jwt` Advanced Usage -------------- [](#advanced-usage) To create customised JSON Web Tokens developers need to access the `ReallySimpleJWT\Build`, `ReallySimpleJWT\Parse` and `ReallySimpleJWT\Validate` classes directly. ### Create Custom Token [](#create-custom-token) The `ReallySimpleJWT\Build` class allows you to create a completely unique JSON Web Token. It has helper methods for all the [RFC](https://tools.ietf.org/html/rfc7519#section-4) defined header and payload claims. For example, the `setIssuer()` method will add the `iss` claim to the token payload. The class also allows developers to set custom header and payload claims via the `setHeaderClaim()` and `setPayloadClaim()` methods. The methods can be chained together and when the `build()` method is called the token will be generated and returned as a `ReallySimpleJWT\Jwt` object. ``` use ReallySimpleJWT\Build; use ReallySimpleJWT\Helper\Validator; use ReallySimpleJWT\Encoders\EncodeHS256; $secret = '!secReT$123*'; $build = new Build('JWT', new Validator(), new EncodeHS256($secret)); $token = $build->setContentType('JWT') ->setHeaderClaim('info', 'foo') ->setIssuer('localhost') ->setSubject('admins') ->setAudience('https://google.com') ->setExpiration(time() + 30) ->setNotBefore(time() - 30) ->setIssuedAt(time()) ->setJwtId('123ABC') ->setPayloadClaim('uid', 12) ->build(); ``` ### Access the Token [](#access-the-token) A `ReallySimpleJWT\Jwt` object is returned when a developer calls the `build()` method on the `ReallySimpleJWT\Build` class. The Jwt class offers a single `getToken()` method which returns the token string. To parse a JSON Web Token via the `ReallySimpleJWT\Parse` class a developer must first create a new `ReallySimpleJWT\Jwt` object by injecting the token string on instantiation. The Jwt class will validate the structure of the token on instantiation to ensure integrity. ``` use ReallySimpleJWT\Jwt; $token = 'aaa.bbb.ccc'; $jwt = new Jwt($token); // Return the token $jwt->getToken(); ``` ### Parse Token [](#parse-token) The `ReallySimpleJWT\Parse` class allows a developer to parse a JWT and the `parse()` method will decode the JSON Web Token and return the result as a `ReallySimpleJWT\Parsed` object. This will provide access to the header and payload claims data the token holds. ``` use ReallySimpleJWT\Parse; use ReallySimpleJWT\Jwt; use ReallySimpleJWT\Decode; $token = 'aaa.bbb.ccc'; $jwt = new Jwt($token); $parse = new Parse($jwt, new Decode()); $parsed = $parse->parse(); // Return the token header claims as an associative array. $parsed->getHeader(); // Return the token payload claims as an associative array. $parsed->getPayload(); ``` ### Access Token Claims Data [](#access-token-claims-data) The `ReallySimpleJWT\Parsed` class is returned when a developer calls the `parse()` method on the `ReallySimpleJWT\Parse` class. It provides a number of helper methods to gain access to the token claim data. A developer can call the `getHeader()` and `getPayload()` methods to gain access to the respective claim data as associative arrays. Alternatively a developer can call one of the [RFC](https://tools.ietf.org/html/rfc7519#section-4) compliant claim methods: **Header** - `getAlgorithm()` - `getType()` - `getContentType()` **Payload** - `getIssuer()` - `getSubject()` - `getAudience()` - `getExpiration()` - `getNotBefore()` - `getIssuedAt()` - `getJwtId()` - `getExpiresIn()` - `getUsableIn()` ### Token Validation Methods [](#token-validation-methods) To Validate a JSON Web Token a developer can use the `ReallySimpleJWT\Validate` class. To use the validate class you need to create and inject a `ReallySimpleJWT\Parsed` object. This is so the validate class can access the information contained within the token. ``` use ReallySimpleJWT\Jwt; use ReallySimpleJWT\Parse; use ReallySimpleJWT\Validate; use ReallySimpleJwt\Decode; use ReallySimpleJwt\Encoders\EncodeHS256; use ReallySimpleJwt\Helper\Validator; $token = new Jwt('abc.def.ghi'); $parse = new Parse($jwt, new Decode()); $parsed = $parse->parse(); $validate = new Validate( $parsed, new EncodeHS256(), new Validator() ); $validate->signature(); ``` Six validation methods are available which can all be chained: - `signature()` confirms the token signature is valid. - `expiration()` confirms the token expiration claim (`exp`) has not expired. - `notBefore()` confirms the token not before claim (`nbf`) has elapsed. - `audience()` confirms the token audience claim (`aud`) matches what is expected. - `algorithm()` confirms the token algorithm claim (`alg`) matches what is expected and is valid (See: [RFC 7518](https://www.rfc-editor.org/rfc/rfc7518.html)). - `algorithmNotNone()` confirms the token algorithm claim (`alg`) is not set to none. Each validation method will throw a `ReallySimpleJWT\Exception\ValidateException` if there is anything wrong with the supplied token. ### Custom Encoding [](#custom-encoding) By default this library hashes and encodes the JWT signature via `hash_hmac()` using the sha256 algorithm. If a developer would like to use a customised form of encoding they just need to generate a custom encode class which complies with the `ReallySimpleJWT\Interfaces\Encode` interface. This can then be injected into the `ReallySimpleJWT\Build` and `ReallySimpleJWT\Validate` classes. ``` interface EncodeInterface { public function getAlgorithm(): string; public function encode(string $toEncode): string; public function signature(string $header, string $payload): string; } ``` Error Messages and Codes ------------------------ [](#error-messages-and-codes) The ReallySimpleJWT library will in a number of situations throw exceptions to highlight problems when creating, parsing and validating JWT tokens. The error codes, messages and their explanations are in the table below. There are six exception types that may be thrown: - `ReallySimpleJWT\Exception\BuildException` - `ReallySimpleJWT\Exception\EncodeException` - `ReallySimpleJWT\Exception\JwtException` - `ReallySimpleJWT\Exception\ParsedException` - `ReallySimpleJWT\Exception\TokensException` - `ReallySimpleJWT\Exception\ValidateException` CodeMessageExplanation1Token has an invalid structure.Token must have three parts separated by dots.2Audience claim does not contain provided StringOrURI.The `aud` claim must contain the provided string or URI string provided.3Signature is invalid.Signature does not match header / payload content. Could not replicate signature with provided header, payload and secret.4Expiration claim has expired.The `exp` claim must be a valid date time number in the future.5Not Before claim has not elapsed.The `nbf` claim must be a valid date time number in the past.6The header claim \[claim\] is not set.Attempt was made to access a header claim which does not exist.7The payload claim \[claim\] is not set.Attempt was made to access a payload claim which does not exist.8Invalid payload claim.Payload claims must be key value pairs of the format `string: mixed`.9Invalid secret.Must be 12 characters in length, contain upper and lower case letters, a number, and a special character `*&!@%^#$`10Algorithm claim is not valid.Algorithm should be a valid Digital Signature or MAC Algorithm, or none. See [RFC 7518](https://tools.ietf.org/html/rfc7518).11Algorithm claim should not be none.The `alg` claim should not be set to none.Token Security -------------- [](#token-security) The JWT [RFC 7519](https://tools.ietf.org/html/rfc7519#section-7) allows for the creation of tokens without signatures and without secured / hashed signatures. The ReallySimpleJWT library however imposes security by default as there is no logical reason not to. All created tokens must have a signature and a strong secret, but the library will parse and validate tokens without a secret or a strong secret. The library will not validate tokens without a signature. By default The ReallySimpleJWT library makes available two encoding implementations, `ReallySimpleJWT\Encoders\EncodeHS256` and `ReallySimpleJWT\Encoders\EncodeHS256Strong`. The latter enforces strict secret security and is used by default to create tokens via the `Token` and `Tokens` classes. The `EncodeHS256` does not impose strict secret security and can be used with the `Build` class to create tokens when required. In addition, it is possible to create a custom encode class by implementing the `ReallySimpleJWT\Interfaces\Encode` interface. See the section [Custom Encoding](#custom-encoding). ### Secret Strength [](#secret-strength) This JWT library imposes strict secret security via the `EncodeHS256Strong` class. The secret provided must be at least 12 characters in length; contain numbers; upper and lowercase letters; and one of the following special characters `*&!@%^#$`. ``` // Bad Secret secret123 // Good Secret sec!ReT423*& ``` The reason for this is that there are lots of [JWT Crackers](https://github.com/lmammino/jwt-cracker) available meaning weak secrets are easy to crack thus rendering the signature security JWT offers useless. Framework Integration With PSR-JWT Middleware --------------------------------------------- [](#framework-integration-with-psr-jwt-middleware) You can easily integrate ReallySimpleJWT with [PSR-7 / PSR-15](https://www.php-fig.org/psr/psr-15/) compliant frameworks such as [Slim PHP](https://packagist.org/packages/slim/slim) and Laminas by using the [PSR-JWT library](https://github.com/RobDWaller/psr-jwt). For example integration with Slim PHP only requires a few lines of code: ``` // Can be added to any routes file in Slim, often index.php. require '../../vendor/autoload.php'; $app->get('/jwt', function (Request $request, Response $response) { $response->getBody()->write("JSON Web Token is Valid!"); return $response; })->add(\PsrJwt\Factory\JwtAuth::middleware('Secret123!456$', 'jwt', 'Authentication Failed')); ``` Please read the [PSR-JWT documentation](https://github.com/RobDWaller/psr-jwt) to learn more about integration options for ReallySimpleJWT. Browser Integration With RS-JWT ------------------------------- [](#browser-integration-with-rs-jwt) When you create JSON Web Tokens you may wish to read some of the information contained in the header and payload claims in the browser. If you do, we have an NPM packages for that called [RS-JWT](https://github.com/RobDWaller/rs-jwt). **Install:** ``` npm install --save rs-jwt ``` **Usage:** ``` import { parseJwt } from 'rs-jwt' const result = parseJwt('json.web.token') // Return the header claims as an object. const header = result.getHeader() // Access the type claim. console.log(header.typ) // Return the payload claims as an object. const payload = result.getPayload() // Access the expiry claim. console.log(payload.exp) ``` For more information see the project [README](https://github.com/RobDWaller/rs-jwt/blob/master/README.md) or visit the [NPM Page](https://www.npmjs.com/package/rs-jwt). License ------- [](#license) MIT Author ------ [](#author) Rob Waller Twitter: [@RobDWaller](https://twitter.com/RobDWaller) ### Health Score 53 — FairBetter than 97% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity61 Solid adoption and visibility Community33 Small or concentrated contributor base Maturity81 Battle-tested with a long release history Bus Factor1 Top contributor holds 99.1% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~40 days Recently: every ~69 days Total 48 Last Release 1493d ago Major Versions 1.1.0 → 2.0.0-alpha12018-12-12 2.1.0 → 3.0.0-beta2020-01-17 3.1.1 → 4.0.0-alpha2020-11-30 3.x-dev → 4.x-dev2021-07-12 4.0.3 → 5.0.0-beta2022-01-09 PHP version history (6 changes)v0.1-alpha1PHP >=5.6.0 1.0.0PHP >=7.0.0 2.0.0-alphaPHP >=7.1.0 3.0.0-betaPHP >=7.2.0 4.0.0-alphaPHP >=7.4.0 5.0.0-betaPHP >=8.0.0 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/634080?v=4)[Rob Waller](/maintainers/RobDWaller)[@RobDWaller](https://github.com/RobDWaller) --- Top Contributors [![RobDWaller](https://avatars.githubusercontent.com/u/634080?v=4)](https://github.com/RobDWaller "RobDWaller (544 commits)")[![szepeviktor](https://avatars.githubusercontent.com/u/952007?v=4)](https://github.com/szepeviktor "szepeviktor (2 commits)")[![B3none](https://avatars.githubusercontent.com/u/24966460?v=4)](https://github.com/B3none "B3none (1 commits)")[![joelcuevas](https://avatars.githubusercontent.com/u/275014?v=4)](https://github.com/joelcuevas "joelcuevas (1 commits)")[![pixeline](https://avatars.githubusercontent.com/u/393415?v=4)](https://github.com/pixeline "pixeline (1 commits)") --- Tags json-web-tokenjson-web-token-phpjwtjwt-authjwt-tokenphpphpjwtjsontokensAuthenticationjson web tokens ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StylePHP CS Fixer Type Coverage Yes ### Embed Badge ![Health badge](/badges/rbdwllr-reallysimplejwt/health.svg) ``` [![Health](https://phpackages.com/badges/rbdwllr-reallysimplejwt/health.svg)](https://phpackages.com/packages/rbdwllr-reallysimplejwt) ``` ### Alternatives [rbdwllr/psr-jwt A PSR 7 compliant JSON Web Token Middleware Library. 1658.0k7](/packages/rbdwllr-psr-jwt)[vizir/laravel-keycloak-web-guard Simple Keycloak Guard to Laravel Web Routes 166574.1k](/packages/vizir-laravel-keycloak-web-guard)[maicol07/flarum-ext-sso SSO for Flarum 468.3k](/packages/maicol07-flarum-ext-sso) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)