{"id":23107930,"url":"https://github.com/andrewdyer/jwt-auth","last_synced_at":"2026-06-09T20:31:03.797Z","repository":{"id":56947992,"uuid":"241373639","full_name":"andrewdyer/jwt-auth","owner":"andrewdyer","description":"A simple framework-agnostic JSON Web Token authentication solution","archived":false,"fork":false,"pushed_at":"2024-11-06T18:10:43.000Z","size":125,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-12-10T11:49:58.681Z","etag":null,"topics":["jwt","jwt-auth","jwt-authentication","jwt-token","php"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/andrewdyer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-02-18T13:52:27.000Z","updated_at":"2022-08-22T20:53:55.000Z","dependencies_parsed_at":"2022-08-21T07:20:56.934Z","dependency_job_id":null,"html_url":"https://github.com/andrewdyer/jwt-auth","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andrewdyer%2Fjwt-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andrewdyer%2Fjwt-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andrewdyer%2Fjwt-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/andrewdyer%2Fjwt-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/andrewdyer","download_url":"https://codeload.github.com/andrewdyer/jwt-auth/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230047180,"owners_count":18164575,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["jwt","jwt-auth","jwt-authentication","jwt-token","php"],"created_at":"2024-12-17T01:16:27.781Z","updated_at":"2026-06-09T20:31:03.728Z","avatar_url":"https://github.com/andrewdyer.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# JWT-Auth \n\nA simple framework-agnostic JSON Web Token authentication solution.\n\n[![Latest Stable Version](http://poser.pugx.org/andrewdyer/jwt-auth/v?style=for-the-badge)](https://packagist.org/packages/andrewdyer/jwt-auth) [![Total Downloads](http://poser.pugx.org/andrewdyer/jwt-auth/downloads?style=for-the-badge)](https://packagist.org/packages/andrewdyer/jwt-auth) [![Latest Unstable Version](http://poser.pugx.org/andrewdyer/jwt-auth/v/unstable?style=for-the-badge)](https://packagist.org/packages/andrewdyer/jwt-auth) [![License](http://poser.pugx.org/andrewdyer/jwt-auth/license?style=for-the-badge)](https://packagist.org/packages/andrewdyer/jwt-auth) [![PHP Version Require](http://poser.pugx.org/andrewdyer/jwt-auth/require/php?style=for-the-badge)](https://packagist.org/packages/andrewdyer/jwt-auth)\n\n## Installation\n\n```bash\ncomposer require andrewdyer/jwt-auth\n```\n\n## Getting Started\n\n### Define the JWT Subject\n\nCreate a class (e.g., `User`) that implements the `JWTSubject` interface. This class must provide a method `getJWTIdentifier` to return the user’s unique identifier.\n\n```php\nnamespace App\\Models;\n\nuse Anddye\\JWTAuth\\Interfaces\\JWTSubject;\n\nclass User implements JWTSubject\n{\n    public function getJWTIdentifier(): int\n    {\n        return 1;\n    }\n}\n```\n\n\u003e **Note:** This example is simplified for demonstration purposes. In a real-world application, you would typically use a proper user model, such as one provided by your framework. Ensure the `getJWTIdentifier` method returns a unique user identifier appropriate for your system.\n\n### Create an Authentication Provider\n\nCreate an authentication provider class that implements `AuthProviderInterface`. This class will handle credential validation and user retrieval by ID.\n\n```php\nnamespace App\\Providers;\n\nuse Anddye\\JWTAuth\\Interfaces\\AuthProviderInterface;\nuse App\\Models\\User;\n\nclass AuthProvider implements AuthProviderInterface\n{\n    public function byCredentials(string $username, string $password)\n    {\n        if ($username === 'admin' \u0026\u0026 $password === 'secret') {\n            return new User();\n        }\n\n        return null;\n    }\n\n    public function byId(int $id)\n    {\n        if ($id === 1) {\n            return new User();\n        }\n\n        return null;\n    }\n}\n```\n\n\u003e **Note:** This example uses hardcoded credentials for demonstration purposes. In a real-world application, you should validate credentials securely by checking against a database and using hashed passwords (e.g., via libraries like `bcrypt` or `password_hash`). Ensure you follow best practices for secure authentication.\n\n### Create a JWT Provider\n\nCreate a JWT provider class that implements `JWTProviderInterface`. This class should handle encoding and decoding JWT tokens.\n\n```php\nnamespace App\\Providers;\n\nuse Anddye\\JWTAuth\\Interfaces\\JWTProviderInterface;\n\nclass JWTProvider implements JWTProviderInterface\n{\n    public function decode(string $token)\n    {\n        return json_decode(base64_decode($token), true);\n    }\n\n    public function encode(array $claims): string\n    {\n        return base64_encode(json_encode($claims));\n    }\n}\n```\n\n\u003e **Note:** This examples used `base64_encode` and `base64_decode` for simplicity. For real-world usage, consider using a proper JWT library such as [firebase/php-jwt](https://github.com/firebase/php-jwt) for better security.\n\n### Generate JWT Claims\n\nThe `ClaimsFactory` class helps create a JWT claims instance. The `build` method accepts an array of claims and returns an instance of `ClaimsInterface`.\n\n```php\nuse Anddye\\JWTAuth\\Factory\\ClaimsFactory;\n\n$claims = ClaimsFactory::build([\n    'iss' =\u003e 'https://example.com',     // Issuer of the JWT\n    'aud' =\u003e 'https://example.com',     // Audience of the JWT\n    'exp' =\u003e 1582243200,                // Expiration time (Unix timestamp)\n    'nbf' =\u003e 1582193571,                // Not before time (Unix timestamp)\n    'iat' =\u003e 1582193571,                // Issued at time (Unix timestamp)\n    'jti' =\u003e 'fVcx9BJHqh',              // Unique identifier\n]);\n```\n\n\u003e **Note:** This example uses hardcoded Unix timestamps for demonstration purposes. Consider using libraries like [nesbot/carbon](https://github.com/briannesbitt/carbon) or PHP's native `DateTime` class to generate timestamps dynamically. This helps improve readability and ensures accurate date handling.\n\n### Initialize the JWT Authenticator\n\nCreate a new instance of the `JWTAuth` class. This requires an instance of `AuthProviderInterface`, `JWTProviderInterface`, and `ClaimsInterface`.\n\n```php\nuse App\\Providers\\AuthProvider;\nuse App\\Providers\\JWTProvider;\nuse Anddye\\JWTAuth\\JWTAuth;\n\n$authProvider = new AuthProvider();\n\n$jwtProvider = new JWTProvider();\n\n$jwtAuth = new JWTAuth($authProvider, $jwtProvider, $claims);\n```\n\n## Usage\n\n### Attempt Authentication\n\nAuthenticate a user by providing their credentials. If successful, a JWT token will be returned.\n\n```php\n$token = $jwtAuth-\u003eattempt('admin', 'secret');\n\nif ($token) {\n    echo \"Token: \" . $token;\n} else {\n    echo \"Invalid credentials\";\n}\n```\n\n### Authenticate a Token\n\nValidate a JWT token and retrieve the associated user (subject).\n\n```php\n$subject = $jwtAuth-\u003eauthenticate('your-jwt-token-here');\n\nif ($subject) {\n    echo \"User authenticated!\";\n} else {\n    echo \"Invalid token\";\n}\n```\n\n## License\n\nLicensed under MIT. Totally free for private or commercial projects.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandrewdyer%2Fjwt-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fandrewdyer%2Fjwt-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fandrewdyer%2Fjwt-auth/lists"}