PHPackages sop/jwx - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. sop/jwx ActiveLibrary[Authentication & Authorization](/categories/authentication) sop/jwx ======= A PHP library for JSON web tokens (JWT) with signature (JWS) and encryption (JWE) support. 0.12.0(3y ago)26257.5k↓31.5%61MITPHPPHP >=7.2 Since May 4Pushed 3y ago1 watchersCompare [ Source](https://github.com/sop/jwx)[ Packagist](https://packagist.org/packages/sop/jwx)[ Docs](https://github.com/sop/jwx)[ RSS](/packages/sop-jwx/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (2)Dependencies (6)Versions (20)Used By (1) JWX === [](#jwx) [![Build Status](https://camo.githubusercontent.com/8357ce7ee90ea6cd0f99e16f06aaed90a297b384deeef06400e02b9dab202f2c/68747470733a2f2f7472617669732d63692e636f6d2f736f702f6a77782e7376673f6272616e63683d6d6173746572)](https://travis-ci.com/sop/jwx)[![Scrutinizer Code Quality](https://camo.githubusercontent.com/578e1db0b273995e32864039accc9eda7269d48d9117f84c8d626db33f06ae3b/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f736f702f6a77782f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/sop/jwx/?branch=master)[![Coverage Status](https://camo.githubusercontent.com/4dda740589ed15a963ad1504ac4e5c8a2311a3d3d13f935248f247d31ae53ba0/68747470733a2f2f636f766572616c6c732e696f2f7265706f732f6769746875622f736f702f6a77782f62616467652e7376673f6272616e63683d6d6173746572)](https://coveralls.io/github/sop/jwx?branch=master)[![License](https://camo.githubusercontent.com/18c0c472ad188140c27506c56ba2353781270022bf2b56a084faa7909658c67c/68747470733a2f2f706f7365722e707567782e6f72672f736f702f6a77782f6c6963656e7365)](https://github.com/sop/jwx/blob/master/LICENSE) A PHP library for JSON web tokens ([JWT](https://tools.ietf.org/html/rfc7519)) with signature ([JWS](https://tools.ietf.org/html/rfc7515)) and encryption ([JWE](https://tools.ietf.org/html/rfc7516)) support. Also implements unencoded payload option ([RFC 7797](https://tools.ietf.org/html/rfc7797)). Features -------- [](#features) - Signing and signature validation (JWS) - HMAC, RSA and EC - Encryption and decryption with compression and integrity protection (JWE) - AES - Claims validation - Configurable with sensible defaults - JSON Web Keys (JWK) - Convert PEM encoded keys to JWK and vice versa Supported algorithms -------------------- [](#supported-algorithms) - Signature - HMAC with SHA-256, SHA-384 and SHA-512 - RSASSA-PKCS1-v1\_5 with SHA-256, SHA-384 and SHA-512 - ECDSA with P-256, P-384 and P-521 curves - Content encryption - AES-CBC with 128, 192 and 256-bit key sizes - AES-GCM with 128, 192 and 256-bit key sizes - Key management - Shared symmetric key (direct) - RSAES-PKCS1-v1\_5 - RSAES OAEP - AES Key Wrap with 128, 192 and 256-bit key sizes - AES-GCM key encryption with 128, 192 and 256-bit key sizes - Password-based key encryption (PBES2 with AES Key Wrap) - Compression - DEFLATE Requirements ------------ [](#requirements) - PHP >=7.2 - openssl - hash - [sop/crypto-types](https://github.com/sop/crypto-types) - [sop/crypto-encoding](https://github.com/sop/crypto-encoding) - [sop/aes-kw](https://github.com/sop/aes-kw) - [sop/gcm](https://github.com/sop/gcm) Installation ------------ [](#installation) This library is available on [Packagist](https://packagist.org/packages/sop/jwx). ``` composer require sop/jwx ``` Usage ----- [](#usage) `Claims` class holds `Claim` objects that represent the claims. The claims shall be encoded into a JWT which may further be signed or encrypted, producing a JWS or a JWE respectively. JWS and JWE may also be used to carry arbitrary payload, not just JSON claims. Code examples ------------- [](#code-examples) ### [Simple JWT](https://github.com/sop/jwx/blob/master/examples/jwt-io.php) [](#simple-jwt) Parse JWT from [https://jwt.io/](https://jwt.io/#debugger-io) HS512 example. ``` $jwt = new JWT($token); // create context for the claims validation // 'your-512-bit-secret' key is used to verify the signature $ctx = ValidationContext::fromJWK( SymmetricKeyJWK::fromKey('your-512-bit-secret')); // validate claims $claims = $jwt->claims($ctx); // print value of the subject claim echo $claims->subject()->value(); ``` ### [Additional Validation](https://github.com/sop/jwx/blob/master/examples/jwt-io.php) [](#additional-validation) Parse the same token as above but additionally validate subject and admin claims. ``` $jwt = new JWT($token); // validate that the subject is "1234567890" // validate that the admin claim is true using explicitly provided validator $ctx = ValidationContext::fromJWK( SymmetricKeyJWK::fromKey('your-512-bit-secret'), ['sub' => '1234567890'] )->withConstraint('admin', true, new EqualsValidator()); // validate and print all claims $claims = $jwt->claims($ctx); foreach ($claims as $claim) { printf("%s: %s\n", $claim->name(), $claim->value()); } ``` ### More Examples [](#more-examples) See [`/examples`](https://github.com/sop/jwx/tree/master/examples)directory for more examples. - [Create a signed JWT](https://github.com/sop/jwx/blob/master/examples/jws-create.php) - [Consume a signed JWT](https://github.com/sop/jwx/blob/master/examples/jws-consume.php) - [Create an encrypted JWT](https://github.com/sop/jwx/blob/master/examples/jwe-create.php) - [Consume an encrypted JWT](https://github.com/sop/jwx/blob/master/examples/jwe-consume.php) - [Create a nested JWT](https://github.com/sop/jwx/blob/master/examples/nested-create.php) - [Consume a nested JWT](https://github.com/sop/jwx/blob/master/examples/nested-consume.php) - [Encrypt arbitrary data](https://github.com/sop/jwx/blob/master/examples/arbitrary-encrypt.php) - [Decrypt arbitrary data](https://github.com/sop/jwx/blob/master/examples/arbitrary-decrypt.php) License ------- [](#license) This project is licensed under the MIT License. ### Health Score 38 — LowBetter than 85% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity46 Moderate usage in the ecosystem Community12 Small or concentrated contributor base Maturity57 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~136 days Recently: every ~431 days Total 18 Last Release 1350d ago PHP version history (3 changes)0.1.0PHP >=5.6.3 0.10.0PHP >=7.0 0.11.0PHP >=7.2 ### Community Maintainers ![](https://www.gravatar.com/avatar/35cf70dd6be68d37fd42490e3ad9c199d2a1f1dd4420f71658998b7d8b694e97?d=identicon)[sop](/maintainers/sop) --- Top Contributors [![sop](https://avatars.githubusercontent.com/u/1017000?v=4)](https://github.com/sop "sop (390 commits)") --- Tags josejson-web-algorithmsjson-web-encryptionjson-web-keyjson-web-signaturejson-web-tokenjwajwejwkjwsjwtjwtjsonJWSJWEJOSEJWKtokenJSON Web TokenJSON Web Signaturejson web keyJSON Web Encryption ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/sop-jwx/health.svg) ``` [![Health](https://phpackages.com/badges/sop-jwx/health.svg)](https://phpackages.com/packages/sop-jwx) ``` ### Alternatives [namshi/jose JSON Object Signing and Encryption library for PHP. 1.8k99.6M101](/packages/namshi-jose)[web-token/jwt-framework JSON Object Signing and Encryption library for PHP and Symfony Bundle. 94818.9M77](/packages/web-token-jwt-framework)[web-token/jwt-library JWT library 2011.2M83](/packages/web-token-jwt-library)[web-token/jwt-bundle JWT Bundle of the JWT Framework. 132.5M7](/packages/web-token-jwt-bundle) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)