PHPackages                             rluders/jwtauth - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. rluders/jwtauth

ActiveWinter-plugin[Authentication &amp; Authorization](/categories/authentication)

rluders/jwtauth
===============

JSON Web Token Authentication plugin for Winter CMS

v1.5.0(3y ago)3077029[9 issues](https://github.com/rluders/wn-jwtauth-plugin/issues)GPL-3.0-or-laterPHPPHP &gt;=7.0

Since Aug 18Pushed 3y ago3 watchersCompare

[ Source](https://github.com/rluders/wn-jwtauth-plugin)[ Packagist](https://packagist.org/packages/rluders/jwtauth)[ Docs](http://www.luders.com.br)[ GitHub Sponsors](https://github.com/rluders)[ Patreon](https://www.patreon.com/rluders)[ RSS](/packages/rluders-jwtauth/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (2)Dependencies (3)Versions (17)Used By (0)

 [![](jwt.png)](jwt.png)

 [ ![](https://camo.githubusercontent.com/75384fb9319afde1bafb669a1a4f593434c00fca811d41d5e764c1b12d08a283/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f57696e746572253230434d532d506c7567696e2d2532334545373230332e737667) ](https://wintercms.com/plugin/rluders-jwtauth) [ ![](https://camo.githubusercontent.com/1576df4d95a30b61fed99d6564293daaedbbd481434a8aeeb26617a9ac22d8cd/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f537570706f72745f6f6e2d50617472656f6e2d677265656e2e737667) ](https://www.patreon.com/rluders) [ ![](https://camo.githubusercontent.com/85ceab570869e49f30edc6d9299bc137a463b41d254cc640f48ad90b95cc2f91/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f726c75646572732f6f632d6a7774617574682d706c7567696e2e737667) ](https://www.gnu.org/licenses/gpl-3.0.en.html)

Introduction
============

[](#introduction)

This plugin provides a JSON Web Tokens authentication mechanism for [Winter CMS](http://www.wintercms.com) integrated with `Winter.User`. It's essential for your web application built with Angular, Vue.js, React or other modern Javascript frameworks.

Requirements
------------

[](#requirements)

- [Winter.User](https://github.com/wintercms/wn-user-plugin) plugin
- [RLuders.CORS](https://wintercms.com/plugin/rluders-cors) plugin (optional, but recommended)

Theme
-----

[](#theme)

- [Angular Skeleton](https://wintercms.com/theme/rluders-angular2)

Tutorials
---------

[](#tutorials)

- [Creating Vue, Vuex and Winter CMS APP - Login and Register](https://www.youtube.com/watch?v=8S3DySmMOuk) by [Watch and Learn](https://www.youtube.com/channel/UCXQC_GB5hG6PkzIhSMZ-hWA)

Installation
============

[](#installation)

```
$ composer require rluders/jwtauth
```

Configuration
=============

[](#configuration)

You must set a secret token for your application. Do do it, on Winter's Backend access: *Settings &gt; Users &gt; JWTAuth*

Usage
=====

[](#usage)

Here's the list of available endpoints for this plugin.

> If you are using [**Postman**](https://www.getpostman.com/), you can [click here to import the collection](https://www.getpostman.com/collections/5667c055f6f81ff3f821) with all the calls that you need to test it.

Login
-----

[](#login)

`POST /api/auth/login`

**Route name**

`api.auth.login`

### Parameters

[](#parameters)

NameTypeRequiredDescriptionloginstringYesAccount login attributepasswordstringYesAccount password> The field `login` value can be the account `email` or `username`. You can select it on `Winter.User` configuration what field should be used for login.

### Responses

[](#responses)

**SUCCESS**

> Code: 200

```
{
  "token": string,
  "user": object
}
```

**ERROR**

> Code: 401

```
{
  "error":
    invalid_credentials |
    could_not_create_token |
    user_inactive |
    user_is_banned
}
```

Register
--------

[](#register)

`POST /api/auth/register`

**Route name**

`api.auth.register`

### Parameters

[](#parameters-1)

NameTypeRequiredDescriptionusernamestringNoAccount usernameemailstringYesAccount emailpasswordstringYesAccount passwordpassword\_confirmationstringNoConfirm the new password> The field `username` can be **required**. It depends of your `Winter.User` configuration.

### Responses

[](#responses-1)

**SUCCESS**

> Code: 201

```
[]
```

**ERROR**

> Code: 401

```
{
  "error": object | registration_disabled
}
```

### Supported events

[](#supported-events)

- `Winter.User.beforeRegister`
- `Winter.User.register`

Account Activation
------------------

[](#account-activation)

`POST /api/auth/account-activation`

**Route name**

`api.auth.account-activation`

### Parameters

[](#parameters-2)

NameTypeRequiredDescriptionactivation\_codestringYesAccount activation code### Responses

[](#responses-2)

**SUCCESS**

> Code: 200

```
[]
```

**ERROR**

> Code: 422

```
{
  "error": invalid_activation_code | invalid_user | user_not_found
}
```

Forgot Password
---------------

[](#forgot-password)

`POST /api/auth/forgot-password`

**Route name**

`api.auth.forgot-password`

### Parameters

[](#parameters-3)

NameTypeRequiredDescriptionemailstringYesAccount email### Responses

[](#responses-3)

**SUCCESS**

> Code: 200

```
[]
```

**ERROR**

> Code: 404

```
{
  "error": user_not_found
}
```

Reset Password
--------------

[](#reset-password)

`POST /api/auth/reset-password`

**Route name**

`api.auth.reset-password`

### Parameters

[](#parameters-4)

NameTypeRequiredDescriptionreset\_password\_codestringYesReset password codepasswordstringYesAccount new passwordpassword\_confirmationstringNoConfirm the new password### Responses

[](#responses-4)

**SUCCESS**

> Code: 200

```
[]
```

**ERROR**

> Code: 422

```
{
  "error":
    invalid_reset_password_code | invalid_user | invalid_reset_password_code
}
```

Refresh Token
-------------

[](#refresh-token)

`POST /api/auth/refresh-token`

**Route name**

`auth.api.refresh-token`

### Parameters

[](#parameters-5)

NameTypeRequiredDescriptiontokenstringYesValid user JWToken### Responses

[](#responses-5)

**SUCCESS**

> Code: 200

```
{
  "token": string
}
```

**ERROR**

> Code: 403

```
{
  "error": could_not_refresh_token | given_token_was_blacklisted
}
```

Get User
--------

[](#get-user)

`GET /api/auth/me`

**Middleware**

`jwt.auth`

**Route name**

`api.auth.me`

### Parameters

[](#parameters-6)

NameTypeRequiredDescriptiontokenstringYesValid token### Responses

[](#responses-6)

**SUCCESS**

> Code: 200

```
{
  "user": object
}
```

**ERROR**

> Code: 404

```
{
  "error": user_not_found
}
```

Known issues
============

[](#known-issues)

Beside the fact that I'm always trying to solve the possible issues, bad things could happen. Here, an list of possible issues and how to fix it.

Note to Apache users
--------------------

[](#note-to-apache-users)

In order to use the authorization Bearer Token you must add the following code to your `.httaccess`

```
RewriteEngine On
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

```

License
=======

[](#license)

GPLv3

###  Health Score

36

—

LowBetter than 82% of packages

Maintenance14

Infrequent updates — may be unmaintained

Popularity30

Limited adoption so far

Community24

Small or concentrated contributor base

Maturity65

Established project with proven stability

 Bus Factor1

Top contributor holds 60.5% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~129 days

Recently: every ~203 days

Total

14

Last Release

1146d ago

PHP version history (2 changes)v1.2.2PHP &gt;=7.0

v1.4.2PHP &gt;=7.2

### Community

Maintainers

![](https://www.gravatar.com/avatar/094cc4b75064dd5b8b40bafde99c5e35d7d978eb26f5bbf0613b4c5993b935a8?d=identicon)[rluders](/maintainers/rluders)

---

Top Contributors

[![rluders](https://avatars.githubusercontent.com/u/191027?v=4)](https://github.com/rluders "rluders (52 commits)")[![Incremental92](https://avatars.githubusercontent.com/u/63950081?v=4)](https://github.com/Incremental92 "Incremental92 (7 commits)")[![josephcrowell](https://avatars.githubusercontent.com/u/2770395?v=4)](https://github.com/josephcrowell "josephcrowell (7 commits)")[![bkrajendra](https://avatars.githubusercontent.com/u/994083?v=4)](https://github.com/bkrajendra "bkrajendra (4 commits)")[![khorashadi666](https://avatars.githubusercontent.com/u/43370342?v=4)](https://github.com/khorashadi666 "khorashadi666 (4 commits)")[![cch504](https://avatars.githubusercontent.com/u/30062429?v=4)](https://github.com/cch504 "cch504 (2 commits)")[![bernardotavares](https://avatars.githubusercontent.com/u/25110465?v=4)](https://github.com/bernardotavares "bernardotavares (2 commits)")[![anotterdev](https://avatars.githubusercontent.com/u/18031711?v=4)](https://github.com/anotterdev "anotterdev (1 commits)")[![vittoboa](https://avatars.githubusercontent.com/u/38300176?v=4)](https://github.com/vittoboa "vittoboa (1 commits)")[![Athov](https://avatars.githubusercontent.com/u/8526043?v=4)](https://github.com/Athov "Athov (1 commits)")[![boxybird](https://avatars.githubusercontent.com/u/18317878?v=4)](https://github.com/boxybird "boxybird (1 commits)")[![bugzbrown](https://avatars.githubusercontent.com/u/190893?v=4)](https://github.com/bugzbrown "bugzbrown (1 commits)")[![Dinver](https://avatars.githubusercontent.com/u/36528841?v=4)](https://github.com/Dinver "Dinver (1 commits)")[![omid-mamandi](https://avatars.githubusercontent.com/u/109524457?v=4)](https://github.com/omid-mamandi "omid-mamandi (1 commits)")[![Su5eD](https://avatars.githubusercontent.com/u/51261569?v=4)](https://github.com/Su5eD "Su5eD (1 commits)")

---

Tags

hacktoberfestjwtjwt-authenticationjwtauthtokentoken-authenticationwintercmswintercms-pluginjwtjsonapiAuthenticationcmswinterwintercmsWeb Token

### Embed Badge

![Health badge](/badges/rluders-jwtauth/health.svg)

```
[![Health](https://phpackages.com/badges/rluders-jwtauth/health.svg)](https://phpackages.com/packages/rluders-jwtauth)
```

###  Alternatives

[auth0/auth0-php

PHP SDK for Auth0 Authentication and Management APIs.

40820.2M68](/packages/auth0-auth0-php)[auth0/login

Auth0 Laravel SDK. Straight-forward and tested methods for implementing authentication, and accessing Auth0's Management API endpoints.

2745.0M3](/packages/auth0-login)[rbdwllr/reallysimplejwt

A really simple library to generate user authentication JSON Web Tokens.

2902.4M22](/packages/rbdwllr-reallysimplejwt)[auth0/symfony

Symfony SDK for Auth0 Authentication and Management APIs.

128738.1k](/packages/auth0-symfony)[auth0/wordpress

WordPress Plugin for Auth0

17419.5k](/packages/auth0-wordpress)[benbjurstrom/cognito-jwt-guard

A laravel auth guard for JSON Web Tokens issued by Amazon AWS Cognito

1113.1k](/packages/benbjurstrom-cognito-jwt-guard)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)