{"id":36279870,"url":"https://github.com/aliirfaan/laravel-simple-jwt","last_synced_at":"2026-01-11T09:02:45.694Z","repository":{"id":47164198,"uuid":"334963650","full_name":"aliirfaan/laravel-simple-jwt","owner":"aliirfaan","description":"This package allows you to generate Json Web Tokens. You can then verify the JWT code and grant access based on its validity. You can also use the optional refresh token flow for long lived sessions.","archived":false,"fork":false,"pushed_at":"2025-10-06T08:12:51.000Z","size":30,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-06T10:14:44.798Z","etag":null,"topics":["jsonwebtoken","jwt","jwt-token","laravel","php","refresh-token"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aliirfaan.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-02-01T13:46:17.000Z","updated_at":"2025-10-06T08:11:37.000Z","dependencies_parsed_at":"2025-02-28T13:40:27.774Z","dependency_job_id":"7620b845-c616-4cd0-a347-0268a7918896","html_url":"https://github.com/aliirfaan/laravel-simple-jwt","commit_stats":null,"previous_names":[],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/aliirfaan/laravel-simple-jwt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aliirfaan%2Flaravel-simple-jwt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aliirfaan%2Flaravel-simple-jwt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aliirfaan%2Flaravel-simple-jwt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aliirfaan%2Flaravel-simple-jwt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aliirfaan","download_url":"https://codeload.github.com/aliirfaan/laravel-simple-jwt/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aliirfaan%2Flaravel-simple-jwt/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28298875,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-11T08:21:30.231Z","status":"ssl_error","status_checked_at":"2026-01-11T08:21:26.882Z","response_time":60,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["jsonwebtoken","jwt","jwt-token","laravel","php","refresh-token"],"created_at":"2026-01-11T09:02:45.625Z","updated_at":"2026-01-11T09:02:45.687Z","avatar_url":"https://github.com/aliirfaan.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Laravel Simple JWT\n\nThis package allows you to generate JSON Web Tokens. You can then verify the JWT code and grant access based on its validity. You can also use the optional refresh token flow for long lived sessions. You can generate and verify JWT directly inside a controller or use the provided authentication guard.\n\n## JWT flow\n\n* User logs in and gets a JWT with custom claims\n* For each request consumer sends JWT\n* App verifies JWT and allow of disallow user based on validity\n\n## Refresh token flow\n\n* User logs in and gets a JWT with custom claims and also gets a refresh token with an expiry date\n* For each request consumer sends JWT, refresh token is extended and gets a later expiry date\n* If JWT expires, consumer sends refresh token\n* App checks if refresh token is expired\n* If refresh token is not expired, issue a JWT and extend refresh token\n\n## Features\n\n* Multiple JWT profiles. Each profile can have its own expiry, secret, etc...\n* Generate JWT with custom claim\n* Public claims can be included/overridden on generation\n* Verify JWT\n* Configuration for JWT expiry\n* Refresh token flow after JWT expires\n* Extend refresh token everytime the application is used so that user is not logged out \n* Blacklist user so that token is not refreshed\n* Authentication guard to authenticate users\n\n## Requirements\n\n* [Composer](https://getcomposer.org/)\n* [Laravel](http://laravel.com/)\n* [firebase/php-jwt](https://github.com/firebase/php-jwt)\n\n\n## Installation\n\nYou can install this package on an existing Laravel project with using composer:\n\n```bash\n $ composer require aliirfaan/laravel-simple-jwt\n```\n\nRegister the ServiceProvider by editing **config/app.php** file and adding to providers array:\n\n```php\n  aliirfaan\\LaravelSimpleJwt\\SimpleJwtServiceProvider::class,\n```\n\nNote: use the following for Laravel \u003c5.1 versions:\n\n```php\n 'aliirfaan\\LaravelSimpleJwt\\SimpleJwtServiceProvider',\n```\n\nPublish files with:\n\n```bash\n $ php artisan vendor:publish --provider=\"aliirfaan\\LaravelSimpleJwt\\SimpleJwtServiceProvider\"\n```\n\nor by using only `php artisan vendor:publish` and select the `aliirfaan\\LaravelSimpleJwt\\SimpleJwtServiceProvider` from the outputted list.\n\nApply the migrations:\n\n```bash\n $ php artisan migrate\n ```\n\n## Configuration\n\nThis package publishes an `simple-jwt.php` file inside your applications's `config` folder which contains the settings for this package. Most of the variables are bound to environment variables, but you are free to directly edit this file, or add the configuration keys to the `.env` file.\n\nThe configurations are encapsulated in a profiles array with a 'default' profile available. You can add new profiles by adding a new array key.\n\njwt_secret | String\nSecret key to use to encode JWT. You can generate one using an online service (https://mkjwk.org/) or package.\n\n```php\n'jwt_secret' =\u003e env('JWT_SECRET')\n```\n\njwt_algo | String\nName of supported hashing algorithm\n\n```php\n'jwt_algo' =\u003e env('JWT_ALGO', 'HS256')\n```\n\njwt_issuer | String\nName of authority issuing JWT, normally your application name\n\n```php\n'jwt_issuer' =\u003e env('JWT_ISSUER', config('app.name'))\n```\n\njwt_audience | String\nName of resource server that will accept the claim, normally application url\n\n```php\n'jwt_audience' =\u003e env('JWT_AUDIENCE', config('app.url'))\n```\n\njwt_does_expire | Bool (true or false)\nWhether the jwt expires\n\n```php\n'jwt_does_expire' =\u003e env('JWT_DOES_EXPIRE', true)\n```\n\njwt_ttl_seconds | Numeric\nNumber of seconds after which the JWT expires if jwt_does_expire is set to true\n\n```php\n'jwt_ttl_seconds' =\u003e env('JWT_TTL_SECONDS', 900)\n```\n\njwt_leeway_seconds | Numeric\nWhen checking nbf, iat or expiration times, we want to provide some extra leeway time to account for clock skew\n\n```php\n'jwt_leeway_seconds' =\u003e env('JWT_LEEWAY_SECONDS', 0)\n```\n\njwt_refresh_should_extend | Bool (true or false)\nWhether we should automatically extend the JWT refresh token\n\n```php\n'jwt_refresh_should_extend' =\u003e env('JWT_REFRESH_SHOULD_EXTEND', true)\n```\n\njwt_refresh_ttl_days | Numeric\nNumber of days to extend refresh token expiry\n\n```php\n'jwt_refresh_ttl_days' =\u003e env('JWT_REFRESH_TTL_DAYS', 90)\n```\n\n## Usage\n\n### New profile\n\n```php\n\u003c?php\n// simple-jwt.php\n\n'profiles' =\u003e [\n    // default jwt settings, you can add other profiles with the same format below\n    'default' =\u003e [\n        'jwt_secret' =\u003e env('DEFAULT_JWT_SECRET'),\n        'jwt_algo' =\u003e env('DEFAULT_JWT_ALGO', 'HS256'),\n        'jwt_issuer' =\u003e env('DEFAULT_JWT_ISSUER', config('app.name')),\n        'jwt_audience' =\u003e env('DEFAULT_JWT_AUDIENCE', config('app.url')),\n        'jwt_does_expire' =\u003e env('DEFAULT_JWT_DOES_EXPIRE', true),\n        'jwt_ttl_seconds' =\u003e env('DEFAULT_JWT_TTL_SECONDS', 900),\n        'jwt_leeway_seconds' =\u003e env('DEFAULT_JWT_LEEWAY_SECONDS', 0),\n        'jwt_refresh_should_extend' =\u003e env('DEFAULT_JWT_REFRESH_SHOULD_EXTEND', true),\n        'jwt_refresh_ttl_days' =\u003e env('DEFAULT_JWT_REFRESH_TTL_DAYS', 90),\n    ],\n    'custom_profile' =\u003e [\n        'jwt_secret' =\u003e env('CUSTOM_PROFILE_JWT_SECRET'),\n        'jwt_algo' =\u003e env('CUSTOM_PROFILE_JWT_ALGO', 'HS256'),\n        'jwt_issuer' =\u003e env('CUSTOM_PROFILE_JWT_ISSUER', config('app.name')),\n        'jwt_audience' =\u003e env('CUSTOM_PROFILE_JWT_AUDIENCE', config('app.url')),\n        'jwt_does_expire' =\u003e env('CUSTOM_PROFILE_JWT_DOES_EXPIRE', true),\n        'jwt_ttl_seconds' =\u003e env('CUSTOM_PROFILE_JWT_TTL_SECONDS', 900),\n        'jwt_leeway_seconds' =\u003e env('CUSTOM_PROFILE_JWT_LEEWAY_SECONDS', 0),\n        'jwt_refresh_should_extend' =\u003e env('CUSTOM_PROFILE_JWT_REFRESH_SHOULD_EXTEND', true),\n        'jwt_refresh_ttl_days' =\u003e env('CUSTOM_PROFILE_JWT_REFRESH_TTL_DAYS', 90),\n    ]\n]\n```\n\n```php\n\u003c?php\n\nnamespace App\\Http\\Controllers;\n\nuse Illuminate\\Http\\Request;\nuse aliirfaan\\LaravelSimpleJwt\\Services\\JwtHelperService; // jwt helper service\n\nclass JwtTestController extends Controller\n{\n     /**\n     * Include our service using dependency injection\n     */\n    public function index(Request $request, JwtHelperService $jwtHelperService)\n    {\n        // jwt flow\n\n        // payload\n        $tokenPayload = array(\n            'customer_id' =\u003e 1234,\n        );\n\n        // include or override claims if needed\n        // useful for including project specific claims like scope, locale, nbf, etc...\n        // https://www.iana.org/assignments/jwt/jwt.xhtml\n        $overrideClaims = array(\n            'iss' =\u003e 'custom_flow_issuer',\n            'iat' =\u003e time() + 3000\n        );\n\n        // jwt token\n        $profile = 'default';\n        $jwt = $jwtHelperService-\u003ecreateJwtToken($tokenPayload, $profile, $overrideClaims);\n        dd($jwt);\n\n        // verify jwt, you will normally do this in a middleware\n        $token = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJMYXJhdmVsX2Jsb2ciLCJhdWQiOiJodHRwOlwvXC9sb2NhbGhvc3RcL2Jsb2ciLCJpYXQiOjE2MTIxODAyMTEsImRhdGEiOnsiY3VzdG9tZXJfaWQiOjEyMzR9LCJleHAiOjE2MTIxODExMTF9.uqFln2iQVRvaYvKDTGEG29SrT1flj9JEvFBg2zO3whM';\n        $verifyJwt = $jwtHelperService-\u003everifyJwtToken($token);\n        if ($verifyJwt['errors'] == true) {\n\n        } else {\n            //get your token claims\n            $tokenClaims = (array) $verifyJwt['result'];\n            //dd($tokenClaims);\n        }\n\n        // refresh token flow. Using refresh flow is optional and depends on your use case\n        \n        $modelType = 'customer'; // your model type name you want, should be unique so that you can sent refresh tokens to multiple types of model \n        $modelId = 253; // your model id\n        $refreshToken = '798798-543543-5435432543'; // the refresh token sent by consumer/client, will be null for new logins\n        $deviceId = 1536-452; // your device id if you are using devic_id column\n\n        // when doing a refresh token\n        // actor already has a refresh token but access token expired\n        // grant new access token and extend refresh token\n        $grantType = 'refresh_token'\n        $refreshTokenResult = processRefreshToken($modelType, $modelId, $refreshToken, $grantType, $deviceId);\n\n        // when login in\n        $grantType = 'login'\n        $refreshTokenResult = processRefreshToken($modelType, $modelId, $refreshToken, $grantType, $deviceId);\n\n        dd($refreshTokenResult);\n    }\n}\n```\n### Middleware usage\n\nYou can verify the jwt in a route middleware like below. Do not forget to register you middleware.\n\n```php\n\u003c?php\n\nnamespace App\\Http\\Middleware;\n\nuse Closure;\nuse aliirfaan\\LaravelSimpleJwt\\Services\\JwtHelperService;\n\nclass SimpleJwtVerifyExample\n{\n    protected $jwtServiceInstance;\n\n    public function __construct(JwtHelperService $jwtHelperService)\n    {\n        $this-\u003ejwtHelperService = $jwtHelperService;\n    }\n\n    /**\n     * Handle an incoming request.\n     *\n     * @param  \\Illuminate\\Http\\Request  $request\n     * @param  \\Closure  $next\n     * @return mixed\n     */\n    public function handle($request, Closure $next)\n    {\n        try {\n\n            // get token from header bearer token\n            $token = $request-\u003ebearerToken();\n            \n            $verifyToken = $this-\u003ejwtHelperService-\u003everifyJwtToken($token);\n            if ($verifyToken['errors'] == true) {\n\n            }\n\n            // passed token validate, continue with request\n            $tokenClaims = (array) $verifyToken['result'];\n            $request-\u003eattributes-\u003eadd(['token_claims' =\u003e $tokenClaims]);\n\n        } catch (\\Exception $e) {\n            //\n        }\n\n        return $next($request);\n    }\n}\n```\n\n### Guard usage\n\nTo use the guard, add it in your auth config\n\n```php\nconfig\\auth.php\n```\n\n```php\n    'guards' =\u003e [\n        'api' =\u003e [\n            'driver' =\u003e 'simple-jwt-guard',\n            'provider' =\u003e 'user',\n            'profile' =\u003e 'default', // the jwt profile you want to use for the provider\n            'jwt_class' =\u003e null // if you have implemented your own jwt service that implements JwtServiceInterface\n        ]\n    ],\n```\n\n## License\n\nThe MIT License (MIT)\n\nCopyright (c) 2020\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faliirfaan%2Flaravel-simple-jwt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faliirfaan%2Flaravel-simple-jwt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faliirfaan%2Flaravel-simple-jwt/lists"}