PHPackages                             rcerljenko/laravel-jwt - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. rcerljenko/laravel-jwt

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

rcerljenko/laravel-jwt
======================

Simple JWT Auth for Laravel PHP Framework

2.1.0(3y ago)3815.2k7MITPHPPHP ^8.0CI failing

Since Sep 12Pushed 3y ago3 watchersCompare

[ Source](https://github.com/rcerljenko/laravel-jwt)[ Packagist](https://packagist.org/packages/rcerljenko/laravel-jwt)[ Docs](https://github.com/rcerljenko/laravel-jwt)[ RSS](/packages/rcerljenko-laravel-jwt/feed)WikiDiscussions master Synced 3w ago

READMEChangelog (10)Dependencies (5)Versions (12)Used By (0)

Laravel JWT
===========

[](#laravel-jwt)

Simple JWT Auth for Laravel PHP Framework using [Firebase JWT](https://github.com/firebase/php-jwt) under the hood.

Installation
------------

[](#installation)

Standard [Composer](https://getcomposer.org/download) package installation:

```
composer require rcerljenko/laravel-jwt -v
```

Usage
-----

[](#usage)

1. Publish the config file. This will create a `config/jwt.php` file for basic configuration options.

```
php artisan vendor:publish --provider="RCerljenko\LaravelJwt\LaravelJwtServiceProvider" --tag="config"
```

2. Add a new auth guard to your auth config file using a `jwt` driver.

```
// config/auth.php

'guards' => [
	'web' => [
		'driver' => 'session',
		'provider' => 'users',
	],

	'api' => [
		'driver' => 'jwt',
		'provider' => 'users',
	],
],
```

3. Protect your API routes using this new guard.

```
// routes/api.php

use Illuminate\Support\Facades\Route;

Route::middleware('auth:api')->group(function () {
	// JWT protected routes
});
```

4. Use provided `HasJwt` trait from this package on your Auth model (eg. User).

```
namespace App\Models;

use RCerljenko\LaravelJwt\Traits\HasJwt;
use Illuminate\Notifications\Notifiable;
use Illuminate\Foundation\Auth\User as Authenticatable;

class User extends Authenticatable
{
	use Notifiable, HasJwt;
}
```

You now have access to `token()` method on your User model, eg:

```
$user = User::findOrFail(1);
$user->token();
```

You should probably return this token via Login Controller or User Resource.

Configuration
-------------

[](#configuration)

This package provides simple configuration via `config/jwt.php` file after you publish the config. Let's go over each configuration option.

- `secret-key` - Secret key to use when encoding / decoding tokens. It should be a random string. Remember, if you change this key all active JWT tokens will be invalidated.
- `hash-algo` - Hashing algorithm. List of supported ones are in the config file. You probably don't need to change this.
- `expiration` - Default token expiration time in minutes. You can set it to `null` and the tokens will never expire.
- `claims` - Default claims that will be applied to all tokens (besides the required ones needed for decoding and validation).

This was global configuration for all tokens. Besides that, library provides a local per-model configuration via `HasJwt` trait helper methods.

- `getJwtId()` - It should return the model unique key used to retrieve that model from database. It defaults to model primary key.
- `getJwtValidFromTime()` - It should return `null` (default) or a Carbon instance. You can use that if you want to create tokens which are not active right away.
- `getJwtValidUntilTime()` - It should return `null` or a Carbon instance. This sets the JWT expiration time which, by default, uses the `expiration` option from the config file.
- `getJwtCustomClaims()` - Should return a key/value array of extra custom claims that you want to be a part of your token. By default it's an empty array.

You can also use configuration directly on the `token()` method which then overrides all other configurations, eg:

```
$user->token([
	'id' => $user->email,
	'valid_from' => now()->addHour(),
	'valid_until' => now()->addDay(),
	'claims' => [
		'extra1' => 'foo',
		'extra2' => 'bar'
	]
]);
```

You don't need to override all configuration options, just the ones that you wish to change.

Request
-------

[](#request)

Token is extracted from the request in one of three ways:

1. From `Authorization: Bearer {token}` header (most common).
2. From URL query param `token`.
3. From request payload using `token` field name.
4. From cookie using `token` key.

###  Health Score

36

—

LowBetter than 79% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity32

Limited adoption so far

Community14

Small or concentrated contributor base

Maturity63

Established project with proven stability

 Bus Factor1

Top contributor holds 88.9% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~61 days

Recently: every ~122 days

Total

11

Last Release

1132d ago

Major Versions

1.7.0 → 2.0.02022-04-06

PHP version history (2 changes)1.0.0PHP ^7.4|^8.0

2.0.0PHP ^8.0

### Community

Maintainers

![](https://www.gravatar.com/avatar/6d38da6a9b613667299b628c4c254865b340109c51554140ad8356a4cc5c5e7a?d=identicon)[rcerljenko](/maintainers/rcerljenko)

---

Top Contributors

[![rcerljenko](https://avatars.githubusercontent.com/u/16762056?v=4)](https://github.com/rcerljenko "rcerljenko (8 commits)")[![ashraful1971](https://avatars.githubusercontent.com/u/81164003?v=4)](https://github.com/ashraful1971 "ashraful1971 (1 commits)")

---

Tags

jwtlaravel

###  Code Quality

Code StylePHP CS Fixer

### Embed Badge

![Health badge](/badges/rcerljenko-laravel-jwt/health.svg)

```
[![Health](https://phpackages.com/badges/rcerljenko-laravel-jwt/health.svg)](https://phpackages.com/packages/rcerljenko-laravel-jwt)
```

###  Alternatives

[spatie/laravel-permission

Permission handling for Laravel 12 and up

12.9k98.0M1.3k](/packages/spatie-laravel-permission)[laravel/passport

Laravel Passport provides OAuth2 server support to Laravel.

3.4k89.4M575](/packages/laravel-passport)[psalm/plugin-laravel

Psalm plugin for Laravel

3345.1M337](/packages/psalm-plugin-laravel)[laravel/ai

The official AI SDK for Laravel.

9782.1M162](/packages/laravel-ai)[illuminate/auth

The Illuminate Auth package.

9327.9M1.2k](/packages/illuminate-auth)[moonshine/moonshine

Laravel administration panel

1.3k239.9k76](/packages/moonshine-moonshine)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)