PHPackages                             wirecore/cakephp\_jwt - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. wirecore/cakephp\_jwt

ActiveCakephp-plugin[Authentication &amp; Authorization](/categories/authentication)

wirecore/cakephp\_jwt
=====================

CakePHP plugin for authenticating users by JSON Web Tokens

0.2.4(3y ago)2539MITPHPCI failing

Since May 10Pushed 3y ago2 watchersCompare

[ Source](https://github.com/WireCore/CakePHP_JWT)[ Packagist](https://packagist.org/packages/wirecore/cakephp_jwt)[ Docs](https://github.com/WireCore/CakePHP-JWT-Plugin)[ RSS](/packages/wirecore-cakephp-jwt/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (10)Dependencies (3)Versions (8)Used By (0)

CakePHP\_JWT
============

[](#cakephp_jwt)

CakePHP\_JWT is a Plugin for CakePHP 4 that allows you to authenticate users by JSON Web Tokens

Installation
------------

[](#installation)

Use the package manager [composer](https://getcomposer.org) to install CakePHP\_JWT.

```
composer require wirecore/cakephp_jwt
```

Usage
-----

[](#usage)

First you need to load the plugin in the Application.php of your project.

```
$this->addPlugin('Wirecore/CakePHP_JWT');
```

After the plugin was loaded you need to load the JWT component of the plugin.

```
$this->loadComponent("Wirecore/CakePHP_JWT.Jwt");
```

This was all what you need. All actions are now authentication protected.

Optional you can set some component configuration.

```
$this->loadComponent("Wirecore/CakePHP_JWT.Jwt", [
    'tokenExpiration' => 900, // default is 900 seconds
    'headerParam' => 'Authorization', // default is Authorization
    'usersTable' => 'Users', // default is Users
    'unauthorizedExceptionText' => 'You are not authorized to access that location', // default is You are not authorized to access that location
    'encryptionKey' => '', // default is used the salt of your application
    'refreshTokenName' => 'refresh_token', // default is refresh_token
    'refreshTokenSecure' => false, // default is false
    'refreshTokenHttpOnly' => true, // default is true
    'hostAddPort' => false // if by generation the refresh token server path is not available, it used the host server variable. by enabling this option it add the current available port to the host
]);
```

### Methods

[](#methods)

To allow actions unauthenticated use this:

```
$this->Jwt->allowUnauthenticated(['index']);
```

The Plugin matches automaticly a user by the transferd JWT Token. To get this User use:

```
$this->Jwt->getIdentity();
```

To generate a new access token use this:

```
$this->Jwt->generateAccessToken($userId);
```

To generate a new refresh token use this:

```
$this->Jwt->generateRefreshToken($userId);
```

To set the refresh token cookie use this. The method generate a new refresh token.

```
$this->Jwt->setRefreshTokenCookie($userId);
```

To refresh access and refresh token use this method:

```
$this->Jwt->refreshTokens();
```

Best Practise
-------------

[](#best-practise)

Here is a example of a AuthController that you can use. You must change a bit things but the basic concept should be the same

```
public function initialize():void{
    parent::initialize();
    $this->Jwt->allowUnauthenticated(['login', 'refreshToken']);
}

public function login(){

    $response = $this->getResponse();
    $data = $this->request->getData();

    // Jwt->generateAccessToken($userId); // access token for 15 minute authentication
    $this->Jwt->setRefreshTokenCookie($userId); // refresh token for refreshing the access token

    $response = $response->withStatus(200);

    $this->set('token', $token);
    $this->viewBuilder()->setOption('serialize', 'token');
    $this->viewBuilder()->setClassName('Json');
    $this->setResponse($response);

}

public function refreshToken(){

    $response = $this->getResponse();

    // Jwt->refreshTokens(); // generate a new access token for 15 minutes and actualize the refresh token cookie

    $response = $response->withStatus(200);

    $this->set('token', $token);
    $this->viewBuilder()->setOption('serialize', 'token');
    $this->viewBuilder()->setClassName('Json');
    $this->setResponse($response);

}
```

Contributing
------------

[](#contributing)

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.

Development Setup
-----------------

[](#development-setup)

In the root folder you find a docker-compose file what you can use to develop the plugin. Follow the introduction at the installation section, and change the following lines in the composer.json of the cakephp installation.

```
"autoload": {
    "psr-4": {
        "App\\": "src/",
        "Wirecore\\CakePHP_JWT\\": "plugins/Wirecore/CakePHP_JWT/src/",
        "Wirecore\\CakePHP_JWT\\Test\\": "plugins/Wirecore/CakePHP_JWT/tests/"
    }
},
```

After adding the previous lines you need to run in the php-fpm container.

```
composer dumpautoload
```

In addition you find a .devcontainer folder in the project that is recommended for development in VS Code.

License
-------

[](#license)

[MIT](https://choosealicense.com/licenses/mit/)

###  Health Score

26

—

LowBetter than 43% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity15

Limited adoption so far

Community8

Small or concentrated contributor base

Maturity50

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~143 days

Recently: every ~116 days

Total

7

Last Release

1340d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/b0d694944b541b45bd279a5262c21cf530dfdb325f3eb7f95296e5caab785d3e?d=identicon)[wiifree](/maintainers/wiifree)

---

Top Contributors

[![wiifree](https://avatars.githubusercontent.com/u/3084668?v=4)](https://github.com/wiifree "wiifree (2 commits)")

---

Tags

jwtAuthenticationcakephpauthenticate

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/wirecore-cakephp-jwt/health.svg)

```
[![Health](https://phpackages.com/badges/wirecore-cakephp-jwt/health.svg)](https://phpackages.com/packages/wirecore-cakephp-jwt)
```

###  Alternatives

[admad/cakephp-jwt-auth

CakePHP plugin for authenticating using JSON Web Tokens

160680.3k8](/packages/admad-cakephp-jwt-auth)[cakedc/users

Users Plugin for CakePHP

524897.0k16](/packages/cakedc-users)[dereuromark/cakephp-tinyauth

A CakePHP plugin to handle user authentication and authorization the easy way.

129228.6k10](/packages/dereuromark-cakephp-tinyauth)[cakedc/auth

Auth objects for CakePHP

31630.0k2](/packages/cakedc-auth)[dmkit/phalcon-jwt-auth

A simple JWT middleware for Phalcon Micro to handle stateless authentication

3541.5k](/packages/dmkit-phalcon-jwt-auth)[xety/cake3-cookieauth

A simple Cake3 plugin to authenticate users with Cookies.

1954.7k2](/packages/xety-cake3-cookieauth)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)