PHPackages thamtech/yii2-jsonrpc-jwsauth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. thamtech/yii2-jsonrpc-jwsauth ActiveYii2-extension[Authentication & Authorization](/categories/authentication) thamtech/yii2-jsonrpc-jwsauth ============================= JWS Token Authentication over JSON RPC 2.0 16PHP Since Sep 25Pushed 10y ago1 watchersCompare [ Source](https://github.com/thamtech/yii2-jsonrpc-jwsauth)[ Packagist](https://packagist.org/packages/thamtech/yii2-jsonrpc-jwsauth)[ RSS](/packages/thamtech-yii2-jsonrpc-jwsauth/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) yii2-jsonrpc-jwsauth ==================== [](#yii2-jsonrpc-jwsauth) An extension to handle signed access token authentication via JSON RPC 2.0. This library interfaces with [yii2-json-rpc-2.0](http://github.com/cranetm/yii2-json-rpc-2.0) to provide the JSON RPC 2.0 communication in your controller and [namshi/jose](http://github.com/namshi/jose) to generate signed [JWS](https://tools.ietf.org/html/rfc7515) tokens. For license information check the [LICENSE](LICENSE.md)-file. Installation ------------ [](#installation) The preferred way to install this extensions is through [composer](http://getcomposer.org/download/). Either run ``` php composer.phar require --prefer-dist thamtech/yii2-jsonrpc-jwsauth ``` or add ``` "thamtech/yii2-jsonrpc-jwsauth": "*" ``` to the `require` section of your `composer.json` file. Integration ----------- [](#integration) 1. [Generate a kepair using OpenSSL](https://en.wikibooks.org/wiki/Cryptography/Generate_a_keypair_using_OpenSSL)and store the keys in public.pem and private.pem. 2. Add the JwsManager application component in your site configuration: ``` return [ 'components' => [ 'jwsManager' => [ 'class' => 'thamtech\jwsauth\components\JwsManager', 'pubkey' => '@app/config/keys/jwsauth/public.pem', 'pvtkey' => '@app/config/keys/jwsauth/private.pem', // The settings below are optional. Defaults will be used if not set here. //'encoder' => 'Namshi\JOSE\Base64\Base64UrlSafeEncoder', //'refreshExp' => '24 hours', //'exp' => '1 hour', //'alg' => 'RS256', //'jwsClass' => 'Namshi\JOSE\SimpleJWS', ], ] ] ``` 3. Create a `UserController` in your application: ``` class UserController extends \thamtech\jwsauth\controllers\UserController { // parent class provides actionAuthenticate($username, $passwrd) // and actionRefreshToken() // You may add your own additional methods to provide additional user // management services such as registration, password changes, etc. } ``` 4. Update your `User` model to implement `\thamtech\jwsauth\models\IdentityInterface`instead of `\yii\web\IdentityInterface`, and use the `SimpleUserTrait`: ``` class User extends \yii\base\Object implements \thamtech\jwsauth\models\IdentityInterface { use SimpleUserTrait; public $id; public $username; // You must still implement all methods required by \yii\web\IdentityInterface // since \thamtech\jwsauth\models\IdentityInterface extends // \yii\web\IdentityInterface } ``` 5. Add the JsonRpcAuth filter on any \\JsonRpc2\\Controller you would like jwsauth-authenticated users to access: ``` public function behaviors() { return [ 'authenticator' => [ 'class' => \thamtech\jwsauth\filters\auth\JsonRpcAuth::className(), 'except' => ['public-method-1', 'public-method-2'], ], ]; } ``` Client-Side Usage ----------------- [](#client-side-usage) 1. Make a JSON RPC request to the authenticate method passing in a username and password. ``` http://yoursite/user ``` with data ``` { "jsonrpc": "2.0", "id": 1, "method": "authenticate", "params": { "username": "YOUR-USERNAME", "password": "YOUR-PASSWORD" } } ``` and a successful response will be something like this ``` {"jsonrpc":"2.0","id":1,"result":{"token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXUyJ9.eyJpZCI6MT-TRIMMED_FOR_BREVITY"}} ``` 2. Make a JSON RPC request to any controller/method requiring authentication using the token provided in the previous step: ``` http://yoursite/protected-controller ``` with data ``` { "jsonrpc": "2.0", "id": 2, "auth": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXUyJ9.eyJpZCI6MT-TRIMMED_FOR_BREVITY", "method": "access-sensitive-data", "params": {"id": 27} } ``` ### Expiration and Refreshing Tokens [](#expiration-and-refreshing-tokens) When the token expires (after 1 hour by default), you may refresh the token without requiring the user to re-authenticate with username and password. This is allowed up to the refresh expiration of a token (24 hours by default). If you have a valid token and make an authenticated request but receive a result like the following: ``` { "jsonrpc": "2.0", "id": 3, "error": { "code": -32652, "data": null, "message": "Invalid or expired token" } } ``` then your next step is to try to refresh the token: ``` http://yoursite/user ``` with data ``` { "jsonrpc": "2.0", "id": 4, "auth": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXUyJ9.eyJpZCI6MT-TRIMMED_FOR_BREVITY", "method": "refresh-token" } ``` The response will either contain a new token which you may continue using normally: ``` {"jsonrpc":"2.0","id":4,"result":{"token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXUyJ9.eyJpZCI6MT-TRIMMED_FOR_BREVITY"}} ``` Or an indication that the token could not be refreshed: ``` { "jsonrpc": "2.0", "id": 3, "error": { "code": -32652, "data": null, "message": "expired; user must reauthenticate" } } ``` If the token could not be refreshed, then you will need to: 1. Ask the user to re-login with their username and password 2. Use the "authenticate" method in Step 1 of the Client-Side Usage section above to get a new auth token. 3. Continue making authenticated requests with the new token. Advanced Usage -------------- [](#advanced-usage) - You do not have to use `SimpleUserTrait` in your User identity. It is merely a convenience for most use cases. You are free to implement your own `getAuthKey()` and `findIdentityByAccessToken()` methods directly in your `User` identity class in a way that better suits your application's needs. - Rather than instantiating a `UserController` as a sublcass, you could refer to `\thamtech\jwsauth\controllers\UserController` directly in a controller map: ``` [ 'controllerMap' => [ // declares "login" controller using a class name 'login' => 'thamtech\jwsauth\controllers\UserController', ], ] ``` See Also -------- [](#see-also) - [cranetm/yii2-json-rpc-2.0](http://github.com/cranetm/yii2-json-rpc-2.0) - Yii 2 extension that helps turn your Controllers into JSON RPC 2.0 APIs. - [namshi/jose](http://github.com/namshi/jose) - PHP implementation of the JWS (JSON Web Signature) specification. - [JSON Web Signature (JWS)](https://tools.ietf.org/html/rfc7515) - JWS specifications ### Health Score 20 — LowBetter than 14% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity6 Limited adoption so far Community7 Small or concentrated contributor base Maturity41 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://avatars.githubusercontent.com/u/2757540?v=4)[Tyler Ham](/maintainers/tyler-ham)[@tyler-ham](https://github.com/tyler-ham) --- Top Contributors [![tyler-ham](https://avatars.githubusercontent.com/u/2757540?v=4)](https://github.com/tyler-ham "tyler-ham (3 commits)") ### Embed Badge ![Health badge](/badges/thamtech-yii2-jsonrpc-jwsauth/health.svg) ``` [![Health](https://phpackages.com/badges/thamtech-yii2-jsonrpc-jwsauth/health.svg)](https://phpackages.com/packages/thamtech-yii2-jsonrpc-jwsauth) ``` ### Alternatives [bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth)[beatswitch/lock A flexible, driver based Acl package for PHP 5.4+ 870304.7k2](/packages/beatswitch-lock)[amocrm/amocrm-api-library amoCRM API Client 182728.5k6](/packages/amocrm-amocrm-api-library)[vonage/jwt A standalone package for creating JWTs for Vonage APIs 424.1M4](/packages/vonage-jwt) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)