PHPackages                             sakhdelphi/phalcon-jwt-auth - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. sakhdelphi/phalcon-jwt-auth

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

sakhdelphi/phalcon-jwt-auth
===========================

A simple JWT middleware for Phalcon Micro to handle stateless authentication

1.0.1(5y ago)084↓100%PHPPHP &gt;=7.0

Since Feb 8Pushed 5y agoCompare

[ Source](https://github.com/SakhDelphi/phalcon-jwt-auth)[ Packagist](https://packagist.org/packages/sakhdelphi/phalcon-jwt-auth)[ RSS](/packages/sakhdelphi-phalcon-jwt-auth/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (1)Dependencies (1)Versions (3)Used By (0)

phalcon-jwt-auth
================

[](#phalcon-jwt-auth)

A simple JWT middleware for Phalcon Micro to handle stateless authentication.

Installation
------------

[](#installation)

```
$ composer require sakhdelphi/phalcon-jwt-auth
```

or in your composer.json

```
{
    "require": {
		"sakhdelphi/phalcon-jwt-auth" : "dev-master"
    }
}
```

then run

```
$ composer update
```

Usage
-----

[](#usage)

### Configuration - Loading the config service

[](#configuration---loading-the-config-service)

in config.ini or in any config file

```
[jwtAuth]

; JWT Secret Key
secretKey = 923753F2317FC1EE5B52DF23951B

; JWT default Payload

;; expiry time in minutes
payload[exp] = 1440
payload[iss] = phalcon-jwt-auth

; Micro Applications do not have a controller or dispatcher
; so to know the resource being called we have to check the actual URL.

; If you want to disable the middleware on certain routes or resource:
;; index
ignoreUri[] = /

;; regex pattern with http methods
ignoreUri[] = regex:/application/
ignoreUri[] = regex:/users/:POST,PUT

;; literal strings
ignoreUri[] = /auth/user:POST,PUT
ignoreUri[] = /auth/application
```

in bootstrap or index file

```
use Phalcon\Mvc\Micro;
use Phalcon\Config\Adapter\Ini as ConfigIni;
use Phalcon\Di\FactoryDefault;
use Dmkit\Phalcon\Auth\Middleware\Micro as AuthMicro;

// set default services
$di = new FactoryDefault();

/**
 * IMPORTANT:
 * You must set "config" service that will load the configuration file.
 */
$config = new ConfigIni( APP_PATH . "app/config/config.ini");
$di->set(
    "config",
    function () use($config) {
        return $config;
    }
);

$app = new Micro($di);

// AUTH MICRO
$auth = new AuthMicro($app);

$app->handle();
```

### Configuration - Don't want to use a config file? then pass the config instead

[](#configuration---dont-want-to-use-a-config-file-then-pass-the-config-instead)

in bootstrap or index file

```
use Phalcon\Mvc\Micro;
use Phalcon\Config\Adapter\Ini as ConfigIni;
use Phalcon\Di\FactoryDefault;
use Dmkit\Phalcon\Auth\Middleware\Micro as AuthMicro;

// set default services
$di = new FactoryDefault();

$app = new Micro($di);

// SETUP THE CONFIG
$authConfig = [
    'secretKey' => '923753F2317FC1EE5B52DF23951B1',
    'payload' => [
            'exp' => 1440,
            'iss' => 'phalcon-jwt-auth'
        ],
     'ignoreUri' => [
            '/',
            'regex:/application/',
            'regex:/users/:POST,PUT',
            '/auth/user:POST,PUT',
            '/auth/application'
        ]
];

// AUTH MICRO
$auth = new AuthMicro($app, $authConfig);

$app->handle();
```

### Authentication

[](#authentication)

To make authenticated requests via http, you will need to set an authorization headers as follows:

```
Authorization: Bearer {yourtokenhere}

```

or pass the token as a query string

```
?_token={yourtokenhere}

```

### Callbacks

[](#callbacks)

By default if the authentication fails, the middleware will stop the execution of routes and will immediately return a response of 401 Unauthorized. If you want to add your own handler:

```
$auth->onUnauthorized(function($authMicro, $app) {

    $response = $app["response"];
    $response->setStatusCode(401, 'Unauthorized');
    $response->setContentType("application/json");

    // to get the error messages
    $response->setContent(json_encode([$authMicro->getMessages()[0]]));
    $response->send();

    // return false to stop the execution
    return false;
});
```

If you want an additional checking on the authentication, like intentionally expiring a token based on the payload issued date, you may do so:

```
$auth->onCheck(function($auth) {
 // to get the payload
 $data = $auth->data();

 if($data['iat'] data() );

print_r( $app->getDI()->get('auth')->data('email') );

// in your contoller
print_r( $this->auth->data() );
```

If you want to change the service name:

```
AuthMicro::$diName = 'jwtAuth';
```

### Creating a token

[](#creating-a-token)

In your controller or route handler

```
$payload = [
    'sub'   => $user->id,
    'email' => $user->email,
    'username' =>  $user->username,
    'role'  => 'admin',
    'iat' => time(),
];
$token = $this->auth->make($payload);
```

### Accessing the authenticated user / data

[](#accessing-the-authenticated-user--data)

In your controller or route handler

```
echo $this->auth->id(); // will look for sub or id payload

echo $this->auth->data(); // return all payload

echo $this->auth->data('email');
```

### Extending

[](#extending)

If you want to add your own middleware or play around:

```
Dmkit\Phalcon\Auth\Auth.php and its adapters - does all the authentication

Dmkit\Phalcon\Auth\TokenGetter\TokenGetter.php and its adapters - does the parsing or getting of token
```

### JWT

[](#jwt)

Phalcon JWT Auth uses the Firebase JWT library. To learn more about it and JSON Web Tokens in general, visit:

### Tests

[](#tests)

Install PHPUnit

```
$ phpunit --configuration phpunit.xml.dist
PHPUnit 5.6.5 by Sebastian Bergmann and contributors.

......["missing token"].["members option"].["members put"].["members put"].["Expired token"].["members post"]....                                                   15 / 15 (100%)

Time: 73 ms, Memory: 10.00MB

OK (15 tests, 27 assertions)
```

###  Health Score

28

—

LowBetter than 54% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity11

Limited adoption so far

Community12

Small or concentrated contributor base

Maturity59

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 78.4% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~834 days

Total

2

Last Release

2177d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/3eecfa4a5f01c60c1ea1f6eeedf2307917dfcaeeb00296412cd9e9dd5a9aa706?d=identicon)[SakhDelphi](/maintainers/SakhDelphi)

---

Top Contributors

[![dmkit](https://avatars.githubusercontent.com/u/338585?v=4)](https://github.com/dmkit "dmkit (40 commits)")[![gabbanaesteban](https://avatars.githubusercontent.com/u/11374198?v=4)](https://github.com/gabbanaesteban "gabbanaesteban (4 commits)")[![jimjam88](https://avatars.githubusercontent.com/u/1132487?v=4)](https://github.com/jimjam88 "jimjam88 (2 commits)")[![mikhail-radomskii](https://avatars.githubusercontent.com/u/6202990?v=4)](https://github.com/mikhail-radomskii "mikhail-radomskii (2 commits)")[![kaioken](https://avatars.githubusercontent.com/u/118385?v=4)](https://github.com/kaioken "kaioken (1 commits)")[![quickshiftin](https://avatars.githubusercontent.com/u/96733?v=4)](https://github.com/quickshiftin "quickshiftin (1 commits)")[![DannyFeliz](https://avatars.githubusercontent.com/u/5460365?v=4)](https://github.com/DannyFeliz "DannyFeliz (1 commits)")

---

Tags

jwtAuthenticationphalcon

### Embed Badge

![Health badge](/badges/sakhdelphi-phalcon-jwt-auth/health.svg)

```
[![Health](https://phpackages.com/badges/sakhdelphi-phalcon-jwt-auth/health.svg)](https://phpackages.com/packages/sakhdelphi-phalcon-jwt-auth)
```

###  Alternatives

[admad/cakephp-jwt-auth

CakePHP plugin for authenticating using JSON Web Tokens

160680.3k8](/packages/admad-cakephp-jwt-auth)[dmkit/phalcon-jwt-auth

A simple JWT middleware for Phalcon Micro to handle stateless authentication

3541.5k](/packages/dmkit-phalcon-jwt-auth)[internacionalweb/cognito-token-verifier

This library verifies that the signature of the JWT is valid, comes from a desired application, and that the token has not been tampered with or expired.

102.1k](/packages/internacionalweb-cognito-token-verifier)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)