PHPackages tmilos/jose-jwt - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. tmilos/jose-jwt ActiveLibrary[Authentication & Authorization](/categories/authentication) tmilos/jose-jwt =============== Javascript Object Signing and Encryption JOSE PHP library, supporting JSON Web Tokens JWT and JSON Web Encryption JWE 2.0.0(9y ago)7146.2k↑215%2[3 issues](https://github.com/tmilos/jose-jwt/issues)MITPHPPHP >=5.5 Since Jan 22Pushed 7y ago2 watchersCompare [ Source](https://github.com/tmilos/jose-jwt)[ Packagist](https://packagist.org/packages/tmilos/jose-jwt)[ Docs](https://github.com/tmilos/jose-jwt)[ RSS](/packages/tmilos-jose-jwt/feed)WikiDiscussions master Synced 3w ago READMEChangelog (3)Dependencies (3)Versions (4)Used By (0) jose-jwt ======== [](#jose-jwt) Javascript Object Signing and Encryption JOSE PHP library, supporting JSON Web Tokens JWT and JSON Web Encryption JWE. [![Author](https://camo.githubusercontent.com/c66133f19d9fe3288aee0e4be5c2e4b63190edb4d032c77a58d62f29b4ca0c66/687474703a2f2f696d672e736869656c64732e696f2f62616467652f617574686f722d40746d696c6f732d626c75652e7376673f7374796c653d666c61742d737175617265)](https://twitter.com/tmilos77)[![License](https://camo.githubusercontent.com/7328fa4b03c90d5d4ba325e6e3b03844f6cfefd0b0aa3bb4239415ad50e60699/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f746d696c6f732f6a6f73652d6a77742e737667)](https://packagist.org/packages/tmilos/jose-jwt)[![Build Status](https://camo.githubusercontent.com/3b062f72ad106931637bd9abe4ef96f68f9fee363cd8b48f9daf1b7d8e164ab3/68747470733a2f2f7472617669732d63692e6f72672f746d696c6f732f6a6f73652d6a77742e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/tmilos/jose-jwt)[![Coverage Status](https://camo.githubusercontent.com/7f479182ff2d48f7fdab0fa5c5e3eed37ca16c96274368fe938f78fdad2ade18/68747470733a2f2f636f766572616c6c732e696f2f7265706f732f746d696c6f732f6a6f73652d6a77742f62616467652e7376673f6272616e63683d6d617374657226736572766963653d676974687562)](https://coveralls.io/github/tmilos/jose-jwt?branch=master)[![HHVM Status](https://camo.githubusercontent.com/e62417f6d6569e6c172208e3887fa68933a41a356dc19ec0e9436787a676f3d1/687474703a2f2f6868766d2e683463632e64652f62616467652f746d696c6f732f6a6f73652d6a77742e737667)](http://hhvm.h4cc.de/package/tmilos/jose-jwt)[![Scrutinizer Code Quality](https://camo.githubusercontent.com/f514efbe82480d1f8eb8ea7e2a4ab6d7920a9b37761fb25fc750cb552f79bad0/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f746d696c6f732f6a6f73652d6a77742f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/tmilos/jose-jwt/?branch=master) JWT algorithms -------------- [](#jwt-algorithms) Supported signing algorithms JWS AlgorithmnoneHS256HS384HS512RS256RS384RS512JWE algorithms and encryptions ------------------------------ [](#jwe-algorithms-and-encryptions) Supported JWE algorithms JWE AlgorithmRSA1\_5RSA-OAEPA128KWA192KWA256KWdirSupported JWE encryption JWE EncryptionA128CBC-HS256A192CBC-HS384A256CBC-HS512JWT API ------- [](#jwt-api) ``` $factory = new \Tmilos\JoseJwt\Context\DefaultContextFactory(); $context = $factory->get(); $payload = ['msg' => 'Hello!']; $extraHeader = ['iam'=>'my-id']; // plain (no signature) token $token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, null, \Tmilos\JoseJwt\Jws\JwsAlgorithm::NONE, $extraHeader); // HS256 signature $secret = '...'; // 256 bits secret $token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS256, $extraHeader); // HS384 signature $secret = '...'; // 256 bits secret $token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS384, $extraHeader); // HS512 signature $secret = '...'; // 256 bits secret $token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS512, $extraHeader); // RS256 $privateKey = openssl_get_privatekey($filename); $token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS256, $extraHeader); // RS384 $privateKey = openssl_get_privatekey($filename); $token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS384, $extraHeader); // RS512 $privateKey = openssl_get_privatekey($filename); $token = \Tmilos\JoseJwt\Jwt::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS512, $extraHeader); // decode $header = \Tmilos\JoseJwt\Jwt::header($token); // eventually also use other header data to indicate which key should be used switch($header['alg']) { case \Tmilos\JoseJwt\Jws\JwsAlgorithm::NONE: $key = null; break; case \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS256: case \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS384: case \Tmilos\JoseJwt\Jws\JwsAlgorithm::HS512: $key = $secret; break; case \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS256: case \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS384: case \Tmilos\JoseJwt\Jws\JwsAlgorithm::RS512: $key = $publicKey; break; } $payload = \Tmilos\JoseJwt\JWT::decode($context, $token, $key); ``` JWE API ------- [](#jwe-api) ``` $factory = new \Tmilos\JoseJwt\Context\DefaultContextFactory(); $context = $factory->get(); // Symmetric $payload = ['msg' => 'Hello!']; $extraHeader = ['iam'=>'my-id']; // DIR - A128CBC-HS256 $secret = '...'; // 256 bits secret $token = \Tmilos\JoseJwt\Jwe::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jwe\JweAlgorithm::DIR, \Tmilos\JoseJwt\Jwe\JweEncryption::A128CBC_HS256, $extraHeaders); // DIR - A192CBC-HS384 $secret = '...'; // 384 bits secret $token = \Tmilos\JoseJwt\Jwe::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jwe\JweAlgorithm::DIR, \Tmilos\JoseJwt\Jwe\JweEncryption::A192CBC_HS384, $extraHeaders); // DIR - A256CBC-HS512 $secret = '...'; // 512 bits secret $token = \Tmilos\JoseJwt\Jwe::encode($context, $payload, $secret, \Tmilos\JoseJwt\Jwe\JweAlgorithm::DIR, \Tmilos\JoseJwt\Jwe\JweEncryption::A256CBC_HS512, $extraHeaders); // decode $payload = \Tmilos\JoseJwt\Jwe::decode($context, $token, $secret); // RSA $myPrivateKey = openssl_get_privatekey(); $partyPublicKey = openssl_get_publickey(); // RSA_OAEP - A128CBC-HS256 $token = \Tmilos\JoseJwt\Jwe::encode($context, $payload, $partyPublicKey, \Tmilos\JoseJwt\Jwe\JweAlgorithm::RSA_OAEP, \Tmilos\JoseJwt\Jwe\JweEncryption::A128CBC_HS256, $extraHeaders); // RSA_OAEP - A256CBC-HS512 $token = \Tmilos\JoseJwt\Jwe::encode($context, $payload, $partyPublicKey, \Tmilos\JoseJwt\Jwe\JweAlgorithm::RSA_OAEP, \Tmilos\JoseJwt\Jwe\JweEncryption::A256CBC_HS512, $extraHeaders); // decode $payload = \Tmilos\JoseJwt\Jwe::decode($context, $token, $myPrivateKey); // read header w/out decryption $header = \Tmilos\Tmilos\JoseJwt\Jwe::decode($token); // {"alg": "A192KW", "enc": "A128CBC-HS256", "typ": "JWT", "custom": "X"} ``` ### Health Score 34 — LowBetter than 75% of packages Maintenance11 Infrequent updates — may be unmaintained Popularity38 Limited adoption so far Community11 Small or concentrated contributor base Maturity60 Established project with proven stability Bus Factor1 Top contributor holds 93.3% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~185 days Total 3 Last Release 3435d ago Major Versions 1.0.1 → 2.0.02017-01-26 PHP version history (2 changes)1.0.0PHP >=5.4 2.0.0PHP >=5.5 ### Community Maintainers ![](https://www.gravatar.com/avatar/1e5954d541c3e6ce57f3674bd4ce58bf22629f70b8e8a8779aec754787d26e7e?d=identicon)[tmilos](/maintainers/tmilos) --- Top Contributors [![tmilos](https://avatars.githubusercontent.com/u/1818373?v=4)](https://github.com/tmilos "tmilos (14 commits)")[![nazar-pc](https://avatars.githubusercontent.com/u/928965?v=4)](https://github.com/nazar-pc "nazar-pc (1 commits)") --- Tags jose-jwtjwtphpjwtJWSJWEJOSEjwajson web tokensJSON Web EncryptionJavascript Object Signing and Encryption ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/tmilos-jose-jwt/health.svg) ``` [![Health](https://phpackages.com/badges/tmilos-jose-jwt/health.svg)](https://phpackages.com/packages/tmilos-jose-jwt) ``` ### Alternatives [web-token/jwt-framework JSON Object Signing and Encryption library for PHP and Symfony Bundle. 95220.1M98](/packages/web-token-jwt-framework)[web-token/jwt-library JWT library 2013.9M116](/packages/web-token-jwt-library)[web-token/jwt-bundle JWT Bundle of the JWT Framework. 132.6M8](/packages/web-token-jwt-bundle)[sop/jwx A PHP library for JSON web tokens (JWT) with signature (JWS) and encryption (JWE) support. 25278.4k1](/packages/sop-jwx) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)