PHPackages spie/laravel-jwt - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. spie/laravel-jwt ActiveLibrary[Authentication & Authorization](/categories/authentication) spie/laravel-jwt ================ JWT package for Laravel and Lumen. v3.6.0(6mo ago)3139MITPHPPHP ^7.4 || ^8.0CI failing Since Nov 25Pushed 6mo ago1 watchersCompare [ Source](https://github.com/SPie/laravel-jwt)[ Packagist](https://packagist.org/packages/spie/laravel-jwt)[ RSS](/packages/spie-laravel-jwt/feed)WikiDiscussions master Synced today READMEChangelog (10)Dependencies (16)Versions (28)Used By (0) JWT Package for Laravel ======================= [](#jwt-package-for-laravel) [![Build](https://github.com/SPie/laravel-jwt/actions/workflows/tests.yml/badge.svg)](https://github.com/SPie/laravel-jwt/actions/workflows/tests.yml)[![Coverage Status](https://camo.githubusercontent.com/321811b6e0ffdbbe408c9c6f686115c6da534ba93eb21493e8e891ca69ce6b87/68747470733a2f2f636f766572616c6c732e696f2f7265706f732f6769746875622f535069652f6c61726176656c2d6a77742f62616467652e7376673f6272616e63683d6d6173746572)](https://coveralls.io/github/SPie/laravel-jwt?branch=master)[![StyleCI](https://camo.githubusercontent.com/90318bcad6b5e8d8aac6ce70c40653135e3b6bfbf5853f00c1b4b1e98bbfa03a/68747470733a2f2f6769746875622e7374796c6563692e696f2f7265706f732f3135383837393335302f736869656c643f6272616e63683d6d6173746572)](https://github.styleci.io/repos/158879350) This package provides a Laravel `Guard` for JWT authentication. This package provides a access and refresh token workflow. You need to create an access token first. With the access token you can issue a refresh token. Then this refresh token can be used to create access tokens if required. Requirements ------------ [](#requirements) - PHP ^7.4 || ^8.0 - [Laravel Components](https://github.com/laravel/framework) 7.0 || ^8.0 || ^9.0 || ^10.0 || ^11.0 || ^12.0 - [lcobucci/jwt](https://github.com/lcobucci/jwt) ^4.0 Installation ------------ [](#installation) Just pull the package with composer ``` composer require spie/laravel-jwt ``` ### Laravel [](#laravel) Add the `SPie\LaravelJWT\Providers\LaravelServiceProvider` to the `providers` array in `config/app.php`. ``` 'providers' => [ ... SPie\LaravelJWT\Providers\LaravelServiceProvider::class ], ``` ### Lumen [](#lumen) In `bootstrap/app.php` add `Illuminate\Auth\AuthServiceProvider` and `SPie\LaravelJWT\Providers\LumenServiceProvider`. ``` ... $app->register(Illuminate\Auth\AuthServiceProvider::class); $app->register(SPie\LaravelJWT\Providers\LumenServiceProvider::class); ... ``` Configuration ------------- [](#configuration) ### JWT [](#jwt) You can configure the JWT package in your `.env` file. You can find the available config options in the `.env.example` file. ``` JWT_SECRET= JWT_ISSUER=App JWT_SIGNER=Lcobucci\JWT\Signer\Hmac\Sha256 JWT_ACCESSS_TOKEN_PROVIDER=SPie\LaravelJWT\TokenProvider\HeaderTokenProvider JWT_ACCESS_TOKEN_TTL=10 JWT_ACCESS_TOKEN_KEY=Authorization JWT_BLACKLIST=SPie\LaravelJWT\Blacklist\CacheTokenBlacklist JWT_REFRESH_TOKEN_PROVIDER=SPie\LaravelJWT\TokenProvider\CookieTokenProvider JWT_REFRESH_TOKEN_TTL= JWT_REFRESH_TOKEN_KEY=refresh-token JWT_REFRESH_TOKEN_REPOSITORY= JWT_IP_CHECK_ENABLED= ``` You can also copy the `config/jwt.php` file from the repo to your projects config directory to configure JWT without an `.env` file. **It is required to add a value for** `JWT_SECRET` **and** `JWT_ISSUER`. For every other config a default value exists. ### Auth [](#auth) You need to add an entry for the `JWTGuard` in your `config/auth.php` file. ``` 'guards' => [ ... 'jwt' => [ 'driver' => 'jwt', ], ], ``` Usage ----- [](#usage) You can use the `SPie\LaravelJWT\Auth\JWTGuard` by using dependency injection and depend on `Illuminate\Contracts\Auth\Guard`, but you have to bind the `JWTGuard` to `SPie\LaravelJWT\Auth\JWTGuard` to `Illuminate\Contracts\Auth\Guard` in your `ServiceProvider`. You can also get the `JWTGuard` by `Illuminate\Auth\AuthManager::guard($name)`, using the guard name configured in `config/auth.php`. ### User [](#user) To use your user model for authentication, it has to implement the `SPie\LaravelJWT\Contracts\JWTAuthenticatable` interface. ### Login [](#login) To Login use the `login` method provided by `Illuminate\Contracts\Auth\StatefulGuard`. After that you can get the Access and Refresh token by the `getAccessToken` and `getRefreshToken` methods. ### Logout [](#logout) The `JWTGuard::logout()` method will unset the `$jwt` and `$user` property. If a `TokenBlacklist` is configured, the token will be revoked. If a refresh token was used, it will get revoked. ### TokenProvider [](#tokenprovider) You have to specify a `TokenProvider` to be able to extract a token from request. This package includes two `TokenProvider` already: the `SPie\LaravelJWT\TokenProvider\HeaderTokenProvider` and the `SPie\LaravelJWT\TokenProvider\CookieTokenProvider`. Of course, you can create a custom `TokenProvider`, implementing the `SPie\LaravelJWT\Contracts\TokenProvider` interface and specify it in the JWT config. You have to specify a `TokenProvider` for refresh tokens too. ### JWTHandler [](#jwthandler) To create or validate JWTs, you can use the `SPie\LaravelJWT\JWTHandler`. #### Create JWT [](#create-jwt) To create a JWT, you have to provide a subject and an optional payload and TTl. ``` /** @var SPie\LaravelJWT\JWT $jwt */ $jwt = $jwtHandler->createJWT('SUBJECT', ['claim1' => 'value1'], ); ``` #### Get valid JWT [](#get-valid-jwt) To validate a JWT, you have to provide the token as string. You will get a `SPie\LaravelJWT\JWT` object, if the token is valid, or a specific `JWTException`. ``` $token = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJUZXN0IiwiaWF0IjoxNTQyOTc0NzM3LCJleHAiOjE1NzQ1OTcxMzcsImF1ZCI6IiIsInN1YiI6IlRlc3QifQ.XdS6BiYD02I_1AAFeCxuO3LdeNBXLjE9TWd-G89ePOk'; /** @var SPie\LaravelJWT\JWT $jwt */ $jwt = $jwtHandler->getValidJWT($token); ``` Possible exceptions are: - `SPie\LaravelJWT\Exceptions\InvalidTokenException` - `SPie\LaravelJWT\Exceptions\InvalidSignatureException` - `SPie\LaravelJWT\Exceptions\TokenExpiredException` - `SPie\LaravelJWT\Exceptions\BeforeValidException` If the setting `JWT_IP_CHECK_ENABLED` is set, the IP address will be compared with the one. If they don't match, the user is not authenticated. ### JWT Object [](#jwt-object) The `SPie\LaravelJWT\JWT` object is just a wrapper for `Lcobucci\JWT\Token`. To get the string representation of the JWT, you have to call the `JWT::getJWT()` method. ### TokenBlacklist [](#tokenblacklist) The `JWTGuard` can use a token blacklist. The token blacklist has to implement the `SPie\LaravelJWT\Contracts\TokenBlacklist`interface. The interface provide two methods: `revoke(SPie\LaravelJWT\JWT $jwt)` and `isRevoked(string $jwt)`. The `revoke` method will store the JWT until it would expire, or forever if no expiration date is set. The `isRevoked` method will check for a revoked token. ### RefreshTokenRepository [](#refreshtokenrepository) You have to implement the `SPie\LaravelJWT\RefreshTokenRepository` if you want to use refresh tokens. The `RefreshTokenRepository`will store and revoke the refresh tokens if needed and also checks if a refresh token is already revoked. ### Health Score 45 — FairBetter than 92% of packages Maintenance68 Regular maintenance activity Popularity14 Limited adoption so far Community7 Small or concentrated contributor base Maturity76 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~115 days Recently: every ~334 days Total 23 Last Release 188d ago Major Versions v0.4.1 → v1.0.02019-05-12 v1.x-dev → v2.x-dev2020-05-15 v2.0.0 → v3.0.02020-10-08 PHP version history (5 changes)v0.1.0PHP >7.1.3 v2.x-devPHP >=7.2.0 v3.0.0PHP >=7.4.0 v3.3.0PHP >=7.4.0 || >= 8.0.0 v3.6.0PHP ^7.4 || ^8.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/01d41f06ada17080d6ecf571764a2c60c5e2c127a564a5dfa4c5cd89ee90eb6b?d=identicon)[SPie](/maintainers/SPie) --- Top Contributors [![SPie](https://avatars.githubusercontent.com/u/2544853?v=4)](https://github.com/SPie "SPie (93 commits)") --- Tags hacktoberfestjwtlaraveljwtlaravelAuthenticationlumen ### Code Quality TestsPHPUnit Static AnalysisPHPStan Type Coverage Yes ### Embed Badge ![Health badge](/badges/spie-laravel-jwt/health.svg) ``` [![Health](https://phpackages.com/badges/spie-laravel-jwt/health.svg)](https://phpackages.com/packages/spie-laravel-jwt) ``` ### Alternatives [tymon/jwt-auth JSON Web Token Authentication for Laravel and Lumen 11.5k49.1M350](/packages/tymon-jwt-auth)[php-open-source-saver/jwt-auth JSON Web Token Authentication for Laravel and Lumen 8359.8M53](/packages/php-open-source-saver-jwt-auth)[laravel/pulse Laravel Pulse is a real-time application performance monitoring tool and dashboard for your Laravel application. 1.7k12.1M99](/packages/laravel-pulse)[roots/acorn Framework for Roots WordPress projects built with Laravel components. 9682.1M97](/packages/roots-acorn)[aedart/athenaeum Athenaeum is a mono repository; a collection of various PHP packages 255.2k](/packages/aedart-athenaeum)[alajusticia/laravel-logins Session management in Laravel apps, user notifications on new access, support for multiple separate remember tokens, IP geolocation, User-Agent parser 2011.0k](/packages/alajusticia-laravel-logins) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)