PHPackages                             sonnt/cakephp-jwt-auth - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. sonnt/cakephp-jwt-auth

ActiveCakephp-plugin

sonnt/cakephp-jwt-auth
======================

cake php jwt auth with password

1.0(9y ago)026MITPHP

Since May 12Pushed 9y ago1 watchersCompare

[ Source](https://github.com/sonnt0411/cakephp-jwt-auth)[ Packagist](https://packagist.org/packages/sonnt/cakephp-jwt-auth)[ RSS](/packages/sonnt-cakephp-jwt-auth/feed)WikiDiscussions master Synced 2mo ago

READMEChangelogDependencies (3)Versions (2)Used By (0)

CakePHP JWT Authenticate plugin
===============================

[](#cakephp-jwt-authenticate-plugin)

[![Build Status](https://camo.githubusercontent.com/a3fad70bbc23807044908fa210bb8e6069ab050fc4162f468ec1e7bd7fcfa301/68747470733a2f2f696d672e736869656c64732e696f2f7472617669732f41446d61642f63616b657068702d6a77742d617574682f6d61737465722e7376673f7374796c653d666c61742d737175617265)](https://travis-ci.org/ADmad/cakephp-jwt-auth)[![Coverage](https://camo.githubusercontent.com/ad6af5d14a42c616f51c283162d15cf12a0acccb16c0ff72ee9cc8c496bf753c/68747470733a2f2f696d672e736869656c64732e696f2f636f6465636f762f632f6769746875622f41446d61642f63616b657068702d6a77742d617574682e7376673f7374796c653d666c61742d737175617265)](https://codecov.io/github/ADmad/cakephp-jwt-auth)[![Total Downloads](https://camo.githubusercontent.com/feb51b6aae4942aaa257ed78f5d32b6559975df048a1f7f3d5788ec90c40bf1d/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f41446d61642f63616b657068702d6a77742d617574682e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/ADmad/cakephp-jwt-auth)[![License](https://camo.githubusercontent.com/942e017bf0672002dd32a857c95d66f28c5900ab541838c6c664442516309c8a/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d626c75652e7376673f7374796c653d666c61742d737175617265)](LICENSE.txt)

Plugin containing AuthComponent's authenticate class for authenticating using [JSON Web Tokens](http://jwt.io/). You can read about JSON Web Token specification in detail [here](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-27).

Requirements
------------

[](#requirements)

- CakePHP 3.1+

Installation
------------

[](#installation)

```
composer require sonnt/cakephp-jwt-auth
```

Usage
-----

[](#usage)

In your app's `config/bootstrap.php` add:

```
// In config/bootstrap.php
Plugin::load(‘Sonnt/JwtAuth');
```

or using cake's console:

```
./bin/cake plugin load ADmad/JwtAuth
```

Configuration:
--------------

[](#configuration)

Setup `AuthComponent`:

```
    // In your controller, for e.g. src/Api/AppController.php
    public function initialize()
    {
        parent::initialize();

        $this->loadComponent('Auth', [
            'storage' => 'Memory',
            'authenticate' => [
                ‘Sonnt/JwtAuth.Jwt' => [
                    'userModel' => 'Users',
                    'fields' => [
                        'username' => 'id'
                    ],

                    'parameter' => 'token',

                    // Boolean indicating whether the "sub" claim of JWT payload
                    // should be used to query the Users model and get user info.
                    // If set to `false` JWT's payload is directly returned.
                    'queryDatasource' => true,
                ]
            ],

            'unauthorizedRedirect' => false,
            'checkAuthIn' => 'Controller.initialize',

            // If you don't have a login action in your application set
            // 'loginAction' to false to prevent getting a MissingRouteException.
            'loginAction' => false
        ]);
    }
```

Working
-------

[](#working)

The authentication class checks for the token in two locations:

- `HTTP_AUTHORIZATION` environment variable:

    It first checks if token is passed using `Authorization` request header. The value should be of form `Bearer `. The `Authorization` header name and token prefix `Bearer` can be customzied using options `header` and `prefix`respectively.

    **Note:** Some servers don't populate `$_SERVER['HTTP_AUTHORIZATION']` when `Authorization` header is set. So it's upto you to ensure that either `$_SERVER['HTTP_AUTHORIZATION']` or `$_ENV['HTTP_AUTHORIZATION']` is set.

    For e.g. for apache you could use the following:

    ```
    RewriteEngine On
    RewriteCond %{HTTP:Authorization} ^(.*)
    RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]

    ```
- The query string variable specified using `parameter` config:

    Next it checks if the token is present in query string. The default variable name is `token` and can be customzied by using the `parameter` config shown above.

Token Generation
----------------

[](#token-generation)

You can use `\Firebase\JWT\JWT::encode()` of the [firebase/php-jwt](https://github.com/firebase/php-jwt)lib, which this plugin depends on, to generate tokens.

**The payload should have the "sub" (subject) claim whos value is used to query the Users model and find record matching the "id" field.**

You can set the `queryDatasource` option to `false` to directly return the token's payload as user info without querying datasource for matching user record.

Further reading
---------------

[](#further-reading)

For an end to end usage example check out [this](http://www.bravo-kernel.com/2015/04/how-to-add-jwt-authentication-to-a-cakephp-3-rest-api/) blog post by Bravo Kernel.

###  Health Score

26

—

LowBetter than 43% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity6

Limited adoption so far

Community4

Small or concentrated contributor base

Maturity63

Established project with proven stability

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Unknown

Total

1

Last Release

3285d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/d9f71d11c034988478012fc9079393d9594114a55612d383d969e7142d0f8210?d=identicon)[sonnt0411](/maintainers/sonnt0411)

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/sonnt-cakephp-jwt-auth/health.svg)

```
[![Health](https://phpackages.com/badges/sonnt-cakephp-jwt-auth/health.svg)](https://phpackages.com/packages/sonnt-cakephp-jwt-auth)
```

###  Alternatives

[laravel/socialite

Laravel wrapper around OAuth 1 &amp; OAuth 2 libraries.

5.7k96.9M672](/packages/laravel-socialite)[laravel/passport

Laravel Passport provides OAuth2 server support to Laravel.

3.4k85.0M529](/packages/laravel-passport)[google/auth

Google Auth Library for PHP

1.4k272.7M161](/packages/google-auth)[kreait/firebase-php

Firebase Admin SDK

2.4k39.7M72](/packages/kreait-firebase-php)[shopify/shopify-api

Shopify API Library for PHP

4634.8M16](/packages/shopify-shopify-api)[thenetworg/oauth2-azure

Azure Active Directory OAuth 2.0 Client Provider for The PHP League OAuth2-Client

2509.6M48](/packages/thenetworg-oauth2-azure)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)