PHPackages torugo/jwt - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. torugo/jwt ActiveLibrary[Authentication & Authorization](/categories/authentication) torugo/jwt ========== Simple library to handle Json Web Tokens. 1.1.0(1y ago)033MITPHPPHP ^8.1 Since Sep 2Pushed 1y ago1 watchersCompare [ Source](https://github.com/vitor-hugo/jwt)[ Packagist](https://packagist.org/packages/torugo/jwt)[ RSS](/packages/torugo-jwt/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (3)Versions (6)Used By (0) Torugo PHP-JWT =============== [](#torugo-php-jwt-) Simple PHP library to handle Json Web Tokens (JWT). Table of Contents ================== [](#table-of-contents-) - [Requirements](#requirements) - [Installation via composer](#installation-via-composer) - [Supported algorithms](#supported-algorithms) - [Usage](#usage) - [Encoding](#encoding) - [Decoding](#decoding) - [Validating the token](#validating-the-token) - [Getting the token payload without validating it](#getting-the-token-payload-without-validating-it) - [Contribute](#contribute) - [License](#license) Requirements ============ [](#requirements) - PHP 8+ - PHP mbstring extension installed and loaded. - PHP openssl extension installed and loaded. - Composer 2+ Installation via composer ========================= [](#installation-via-composer) ``` composer require torugo/jwt ``` Supported algorithms ==================== [](#supported-algorithms) For now only the algorithms listed below are supported: AlgorithmJWTALg enumKeyHS256`JWTAlg::HS256`Symmetric keyHS384`JWTAlg::HS384`Symmetric keyHS512`JWTAlg::HS512`Symmetric keyRS256`JWTAlg::RS256`Private/Public RSA keysRS384`JWTAlg::RS384`Private/Public RSA keysRS512`JWTAlg::RS512`Private/Public RSA keysUsage ===== [](#usage) Encoding -------- [](#encoding) ``` use Torugo\JWT\JWT; use Torugo\JWT\Enums\JwtAlg; $key = "example_key_Jr6QWaxb7pgerDJgL"; $payload = [ "sid" => "session_id", "uid" => "user_id", // ... more data "iat" => 1724972934, // if not present, this library adds automatically "nbf" => 1724000000, // if not present, this library adds automatically "ext" => 1724973234, // if not present, this library adds automatically ]; $jwt = JWT::encode($payload, $key, JWTAlg::HS256); ``` Decoding ======== [](#decoding) Validating the token -------------------- [](#validating-the-token) The method `validate` checks the token signature and the time controls. Returns the payload content as a `key=>pair` array. Throws: - `InvalidTokenException`: When the signature or structure is invalid. - `ExpiredTokenException`: The token signature is valid, but the token time expired. - `InvalidKeyException`: When the key type is invalid (not when the key is incorret). ``` use Torugo\JWT\JWT; use Torugo\JWT\Exceptions\ExpiredTokenException; use Torugo\JWT\Exceptions\InvalidKeyException; use Torugo\JWT\Exceptions\InvalidTokenException; $key = "example_key_Jr6QWaxb7pgerDJgL"; try { $payload = JWT::validate($jwt, $key); } catch (ExpiredTokenException $e) { // Handle exception } catch (InvalidTokenException $e) { // Handle exception } catch (InvalidKeyException $e) { // Handle exception } ``` Getting the token payload without validating it ----------------------------------------------- [](#getting-the-token-payload-without-validating-it) Getting token payload without validation is insecure, use this method at your own risk. ``` $payload = JWT::decodePayload($jwt, $key); ``` You can use this method to refresh the token when the token expires. **Example** ``` try { $payload = JWT::decodePayload($jwt, $key); } catch (ExpiredTokenException $e) { // When using RS256, RS384 or RS512 you must also pass the privateKey // On HS algorithms it is not needed $token = JWT::refreshToken($token, $publicKey, $privatekey); } catch (\Throwable $e) { // Handle exception } ``` Contribute ========== [](#contribute) It is currently not open to contributions, I intend to make it available as soon as possible. License ======= [](#license) This library is licensed under the MIT License - see the LICENSE file for details. ### Health Score 28 — LowBetter than 54% of packages Maintenance35 Infrequent updates — may be unmaintained Popularity7 Limited adoption so far Community7 Small or concentrated contributor base Maturity52 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~6 days Total 5 Last Release 598d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/94c7a8fd24b1105482b6df73fd33e1acc96372eac305a42669e08f24097a65ec?d=identicon)[torugo](/maintainers/torugo) --- Top Contributors [![vitor-hugo](https://avatars.githubusercontent.com/u/32072927?v=4)](https://github.com/vitor-hugo "vitor-hugo (25 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/torugo-jwt/health.svg) ``` [![Health](https://phpackages.com/badges/torugo-jwt/health.svg)](https://phpackages.com/packages/torugo-jwt) ``` ### Alternatives [bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth)[beatswitch/lock A flexible, driver based Acl package for PHP 5.4+ 870304.7k2](/packages/beatswitch-lock)[amocrm/amocrm-api-library amoCRM API Client 182728.5k6](/packages/amocrm-amocrm-api-library)[vonage/jwt A standalone package for creating JWTs for Vonage APIs 424.1M4](/packages/vonage-jwt) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)