{"id":13405388,"url":"https://github.com/adhocore/php-jwt","last_synced_at":"2025-05-14T19:05:58.910Z","repository":{"id":19881370,"uuid":"88168137","full_name":"adhocore/php-jwt","owner":"adhocore","description":"Ultra lightweight, dependency free and standalone JSON web token (JWT) library for PHP5.6 to PHP8.4+. This library makes JWT a cheese. It is a minimal JWT integration for PHP.","archived":false,"fork":false,"pushed_at":"2025-02-18T01:04:16.000Z","size":102,"stargazers_count":297,"open_issues_count":3,"forks_count":20,"subscribers_count":10,"default_branch":"main","last_synced_at":"2025-04-06T18:09:16.826Z","etag":null,"topics":["adhocore","api-auth","api-security","json-web-signature","json-web-token","json-web-token-php","jwt","jwt-auth","jwt-authentication","oauth2","php","php-jwt","php7","php8"],"latest_commit_sha":null,"homepage":"https://github.com/adhocore/php-jwt","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/adhocore.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"adhocore","custom":["https://paypal.me/ji10"]}},"created_at":"2017-04-13T13:32:50.000Z","updated_at":"2025-03-18T01:11:51.000Z","dependencies_parsed_at":"2024-06-18T12:16:27.654Z","dependency_job_id":null,"html_url":"https://github.com/adhocore/php-jwt","commit_stats":{"total_commits":103,"total_committers":10,"mean_commits":10.3,"dds":"0.15533980582524276","last_synced_commit":"ab0cd176de7c74215ceda9cff113df01b26b376c"},"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adhocore%2Fphp-jwt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adhocore%2Fphp-jwt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adhocore%2Fphp-jwt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/adhocore%2Fphp-jwt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/adhocore","download_url":"https://codeload.github.com/adhocore/php-jwt/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248775375,"owners_count":21159600,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["adhocore","api-auth","api-security","json-web-signature","json-web-token","json-web-token-php","jwt","jwt-auth","jwt-authentication","oauth2","php","php-jwt","php7","php8"],"created_at":"2024-07-30T19:02:00.660Z","updated_at":"2025-04-13T20:19:24.350Z","avatar_url":"https://github.com/adhocore.png","language":"PHP","readme":"## adhocore/jwt\n\nIf you are new to JWT or want to refresh your familiarity with it, please check [jwt.io](https://jwt.io/)\n\n[![Latest Version](https://img.shields.io/github/release/adhocore/php-jwt.svg?style=flat-square)](https://github.com/adhocore/php-jwt/releases)\n[![Build](https://github.com/adhocore/php-jwt/actions/workflows/build.yml/badge.svg)](https://github.com/adhocore/php-jwt/actions/workflows/build.yml)\n[![Scrutinizer CI](https://img.shields.io/scrutinizer/g/adhocore/php-jwt.svg?style=flat-square)](https://scrutinizer-ci.com/g/adhocore/php-jwt/?branch=master)\n[![Codecov branch](https://img.shields.io/codecov/c/github/adhocore/php-jwt/master.svg?style=flat-square)](https://codecov.io/gh/adhocore/php-jwt)\n[![StyleCI](https://styleci.io/repos/88168137/shield)](https://styleci.io/repos/88168137)\n[![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE)\n[![Tweet](https://img.shields.io/twitter/url/http/shields.io.svg?style=social)](https://twitter.com/intent/tweet?text=Lightweight+JSON+Web+Token+JWT+library+for+PHP7\u0026url=https://github.com/adhocore/php-jwt\u0026hashtags=php,jwt,auth)\n[![Support](https://img.shields.io/static/v1?label=Support\u0026message=%E2%9D%A4\u0026logo=GitHub)](https://github.com/sponsors/adhocore)\n\u003c!-- [![Donate 15](https://img.shields.io/badge/donate-paypal-blue.svg?style=flat-square\u0026label=donate+15)](https://www.paypal.me/ji10/15usd)\n[![Donate 25](https://img.shields.io/badge/donate-paypal-blue.svg?style=flat-square\u0026label=donate+25)](https://www.paypal.me/ji10/25usd)\n[![Donate 50](https://img.shields.io/badge/donate-paypal-blue.svg?style=flat-square\u0026label=donate+50)](https://www.paypal.me/ji10/50usd) --\u003e\n\n\n- Lightweight JSON Web Token (JWT) library for PHP7, PHP8 and beyond.\n- Zero dependency (no vendor bloat).\n- If you still use PHP5.6, use version [0.1.2](https://github.com/adhocore/php-jwt/releases/tag/0.1.2)\n\n## Installation\n```sh\n# PHP7.x, PHP8.x\ncomposer require adhocore/jwt\n\n# PHP5.6 (deprecated)\ncomposer require adhocore/jwt:0.1.2\n\n# For PHP5.4-5.5 (deprecated), use version 0.1.2 with a polyfill for https://php.net/hash_equals\n```\n\n## Features\n\n- Six algorithms supported:\n```\n'HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512'\n```\n- `kid` support.\n- Leeway support 0-120 seconds.\n- Timestamp spoofing for tests.\n- Passphrase support for `RS*` algos.\n\n## Usage\n\n```php\nuse Ahc\\Jwt\\JWT;\n\n// Instantiate with key, algo, maxAge and leeway.\n$jwt = new JWT('secret', 'HS256', 3600, 10);\n```\n\n\u003e Only the key is required. Defaults will be used for the rest:\n```php\n$jwt = new JWT('secret');\n// algo = HS256, maxAge = 3600, leeway = 0\n```\n\n\u003e For `RS*` algo, the key should be either a resource like below:\n```php\n$key = openssl_pkey_new([\n    'digest_alg' =\u003e 'sha256',\n    'private_key_bits' =\u003e 1024,\n    'private_key_type' =\u003e OPENSSL_KEYTYPE_RSA,\n]);\n```\n\n\u003e OR, a string with full path to the RSA private key like below:\n```php\n$key = '/path/to/rsa.key';\n\n// Then, instantiate JWT with this key and RS* as algo:\n$jwt = new JWT($key, 'RS384');\n```\n\n***Pro***\nYou dont need to specify pub key path, that is deduced from priv key.\n\n\u003e Generate JWT token from payload array:\n```php\n$token = $jwt-\u003eencode([\n    'uid'    =\u003e 1,\n    'aud'    =\u003e 'http://site.com',\n    'scopes' =\u003e ['user'],\n    'iss'    =\u003e 'http://api.mysite.com',\n]);\n```\n\n\u003e Retrieve the payload array:\n```php\n$payload = $jwt-\u003edecode($token);\n```\n\n\u003e Oneliner:\n```php\n$token   = (new JWT('topSecret', 'HS512', 1800))-\u003eencode(['uid' =\u003e 1, 'scopes' =\u003e ['user']]);\n$payload = (new JWT('topSecret', 'HS512', 1800))-\u003edecode($token);\n```\n\n***Pro***\n\n\u003e Can pass extra headers into encode() with second parameter:\n```php\n$token = $jwt-\u003eencode($payload, ['hdr' =\u003e 'hdr_value']);\n```\n\n#### Test mocking\n\n\u003e Spoof time() for testing token expiry:\n```php\n$jwt-\u003esetTestTimestamp(time() + 10000);\n\n// Throws Exception.\n$jwt-\u003eparse($token);\n```\n\n\u003e Call again without parameter to stop spoofing time():\n```php\n$jwt-\u003esetTestTimestamp();\n```\n\n#### Examples with `kid`\n\n```php\n$jwt = new JWT(['key1' =\u003e 'secret1', 'key2' =\u003e 'secret2']);\n\n// Use key2\n$token = $jwt-\u003eencode(['a' =\u003e 1, 'exp' =\u003e time() + 1000], ['kid' =\u003e 'key2']);\n\n$payload = $jwt-\u003edecode($token);\n\n$token = $jwt-\u003eencode(['a' =\u003e 1, 'exp' =\u003e time() + 1000], ['kid' =\u003e 'key3']);\n// -\u003e Exception with message Unknown key ID key3\n```\n\n## Stabillity\n\nThe library is now marked at version `1.*.*` as being stable in functionality and API.\n\n### Integration\n\n#### Phalcon\n\nCheck [adhocore/phalcon-ext](https://github.com/adhocore/phalcon-ext).\n\u003c!--\n#### Laravel/Lumen\n\nComing soon [laravel-jwt](https://github.com/adhocore/laravel-jwt).\n--\u003e\n### Consideration\n\nBe aware of some security related considerations as outlined [here](http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/) which can be valid for any JWT implementations.\n","funding_links":["https://github.com/sponsors/adhocore","https://paypal.me/ji10","https://www.paypal.me/ji10/15usd","https://www.paypal.me/ji10/25usd","https://www.paypal.me/ji10/50usd"],"categories":["PHP","Uncategorized","\u003ca name=\"php-sec\"\u003e\u003c/a\u003ePHP: Security"],"sub_categories":["Uncategorized"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadhocore%2Fphp-jwt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fadhocore%2Fphp-jwt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadhocore%2Fphp-jwt/lists"}