PHPackages vudev/jsonwebtoken - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. vudev/jsonwebtoken ActiveLibrary[Authentication & Authorization](/categories/authentication) vudev/jsonwebtoken ================== This library is designed to generate JWT tokens. v0.0.7(4y ago)2453MITPHPPHP >=7.4 Since Nov 13Pushed 4y ago1 watchersCompare [ Source](https://github.com/DeveloperVusal/JsonWebToken)[ Packagist](https://packagist.org/packages/vudev/jsonwebtoken)[ RSS](/packages/vudev-jsonwebtoken/feed)WikiDiscussions main Synced 1w ago READMEChangelog (7)DependenciesVersions (10)Used By (0) PHP Json Web Token ================== [](#php-json-web-token) ##### php >= 7.4 [](#php--74) Install ------- [](#install) ``` composer require vudev/jsonwebtoken ``` Description ----------- [](#description) ### Syntax [](#syntax) ``` $jwt = new JWT([ 'payload' => [ 'user_id' => 1, 'expiresIn' => '15min' ], 'secret' => 'NWPnXk>l^{TVhaU' ]); ``` ### Object options [](#object-options) NameTypeDefaultRequiredDescriptionpayloadarray\[\]requiredUseful data that is stored inside the JWT. This data is also called JWT-claims (applications)secretstring''requiredSecret key. This option is required when using `hash_hmac`headerarray\['alg' => 'HS256', 'typ'=> 'JWT'\]optionalСontains information about how the JWT signature should be calculatedprivate\_keystring - a PEM formatted key''requiredOpenSSLAsymmetricKey - a key, returned by openssl\_get\_privatekey(). This option is required when using `openssl` ### Algorithms [](#algorithms) MethodAlgorithmConstanthash\_hmacSHA256HS256hash\_hmacSHA384HS384hash\_hmacSHA512HS512opensslSHA256RS256opensslSHA384RS384opensslSHA512RS512 ### Methods [](#methods) NameArgumentsDescriptioncreateToken$options — as options of the JWT objectCreating access or refresh tokensverifyToken$token — access token $key — secret or public keyChecking tokens for validityjson$token — access tokenGetting payload and header data Creating a pair tokens with hash\_hmac -------------------------------------- [](#creating-a-pair-tokens-with-hash_hmac) ``` $secret_key = 'one unique secret key'; $jwt = new JWT([ 'payload' => [ 'user_id' => 1, 'expiresIn' => '15min' ], 'secret' => $secret_key ]); $access_token = $jwt->createToken(); $refresh_token = $jwt->createToken([ 'payload' => [ 'user_id' => 1, 'expiresIn' => '30d' ] ]); # Results /* access_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE2MzY4NDQ0ODQsImlhdCI6MTYzNjg0MzU4NH0.63f42f8dfa08a65435e033b5ce0ba59e2828efe2c086c4694d31cd31ca30d1b3 refresh_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE2Mzk0MzU1ODQsImlhdCI6MTYzNjg0MzU4NH0.87ba6ff9dcbe1c649a9ee0f24fc25ebeb919ccf3688139c2200a0e243b75e9cb */ ``` Creating a pair tokens with openssl ----------------------------------- [](#creating-a-pair-tokens-with-openssl) ``` $key_pair = openssl_pkey_new([ 'private_key_bits' => 2048, 'private_key_type' => OPENSSL_KEYTYPE_RSA ]); openssl_pkey_export($key_pair, $private_key_pem); $details = openssl_pkey_get_details($key_pair); $public_key_pem = $details['key']; $jwt = new JWT([ 'header' => [ 'alg' => 'RS256', 'typ' => 'JWT' ], 'payload' => [ 'user_id' => 1, 'expiresIn' => '15min' ], 'private_key' => $private_key_pem ]); $access_token = $jwt->createToken(); $refresh_token = $jwt->createToken([ 'payload' => [ 'user_id' => 1, 'expiresIn' => '30d' ] ]); # Results /* access_token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE2NTE5NjU5ODcsImlhdCI6MTY1MTk2NTA4N30.7b10d7aa75e49bb5f8e065e0aa06e7438b6539cb00629c0aa5ef53a213c1755f456aef546ea83e5bd6dbc1c31aab8fa2036268491772b9fbfdbdfffdac0648a09af6d488c7a307e28e0850746f184b57a5d15ccb2477996ac548ca72230cdd775ab0fc36f20250b89ff6b1e7e3ec3e215ac3483a7be539596109838bdb0b28f49b209d323da3d32c2adf2c11a902f4c82545d98fda30bebb99f8f1e3970e8fff87a831e2d5eb355f37ac9edb7cff130eef3386943d2a35250ecf7b3e017b1a370b17cff69356485fd9f489dd426bdf8530b3fefdb54ebca6990a605a90d41be2e2c5334af104010e87b43802f19979333f308b9910ee0708d9139133ee15a44a refresh_token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE2NTQ1NTcwODcsImlhdCI6MTY1MTk2NTA4N30.b3f6328ec2a0da05c388735dfcfa882829cdb7a5ffd8526ff7897a117ef24ce22342af58dc67d2144e62c7516aca10930484051f67b7ff4c25429f914b78aa4eb6d908e6443b524c6efa9bd8c75d4f411e1dbb0ea37e673f5ae043c175547df2adc9482ced24c2d46545028231d6d234f2806bb7ad3a969430ce73a0f8a2ef3483368835bb516d9a9ab891f49cbbdc7b02fa0944aabb98d0eae7e9476730952c3d4c569da313c8612b8bad681a40a97e8872a3a788005b75337497c08643d9d5a928783f560fac9b3497e67605f9409f118eab6322daf6ea6974669dbc8f8c63437a7fda1a86cdf47933b539f0fc133a557caf64c756bb1a25fd939b648c752d */ ``` Verifying a token with hash\_hmac --------------------------------- [](#verifying-a-token-with-hash_hmac) ``` $token = file_get_contents('./token.txt'); $secret_key = 'one unique secret key'; $jwt = new JWT; if ($jwt->verifyToken($token, $secret_key)) { print_r('Valid token!'); } else { print_r('Invalid token!'); } ``` Verifying a token with openssl ------------------------------ [](#verifying-a-token-with-openssl) ``` $token = file_get_contents('./token.txt'); $publicKey = file_get_contents('./public_key.pem'); $jwt = new JWT; if ($jwt->verifyToken($token, $publicKey)) { print_r('Valid token!'); } else { print_r('Invalid token!'); } ``` Getting token data ------------------ [](#getting-token-data) ``` $token = file_get_contents('./token.txt'); $jwt = new JWT; $tokenData = $jwt->json($token); /* Array ( [header] => Array ( [alg] => RS256 [typ] => JWT ) [payload] => Array ( [user_id] => 1 [exp] => 1651966671 [iat] => 1651965771 ) ) */ ``` ### Health Score 24 — LowBetter than 32% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity15 Limited adoption so far Community7 Small or concentrated contributor base Maturity46 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~29 days Total 7 Last Release 1471d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/fb5987d036524f43fb7a62cb52494e0af64a441ab3d68db0fea11b6a1110ac34?d=identicon)[dev.vusal96](/maintainers/dev.vusal96) --- Top Contributors [![DeveloperVusal](https://avatars.githubusercontent.com/u/54711323?v=4)](https://github.com/DeveloperVusal "DeveloperVusal (23 commits)") ### Embed Badge ![Health badge](/badges/vudev-jsonwebtoken/health.svg) ``` [![Health](https://phpackages.com/badges/vudev-jsonwebtoken/health.svg)](https://phpackages.com/packages/vudev-jsonwebtoken) ``` ### Alternatives [namshi/jose JSON Object Signing and Encryption library for PHP. 1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client OAuth 1.0 Client Library 99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 41721.2M118](/packages/league-oauth2-google)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)