{"id":29622634,"url":"https://github.com/kakadu-dev/yii2-jwt-auth","last_synced_at":"2025-07-21T04:13:28.824Z","repository":{"id":57004031,"uuid":"154628215","full_name":"kakadu-dev/yii2-jwt-auth","owner":"kakadu-dev","description":" Extension provide JWT auth for Yii2","archived":false,"fork":false,"pushed_at":"2020-01-08T07:45:47.000Z","size":30,"stargazers_count":10,"open_issues_count":1,"forks_count":6,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-06-07T07:15:40.193Z","etag":null,"topics":["api","authentication","jwt","rest","yii2"],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kakadu-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-10-25T07:28:30.000Z","updated_at":"2025-01-19T10:37:52.000Z","dependencies_parsed_at":"2022-08-21T14:10:46.913Z","dependency_job_id":null,"html_url":"https://github.com/kakadu-dev/yii2-jwt-auth","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/kakadu-dev/yii2-jwt-auth","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kakadu-dev%2Fyii2-jwt-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kakadu-dev%2Fyii2-jwt-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kakadu-dev%2Fyii2-jwt-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kakadu-dev%2Fyii2-jwt-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kakadu-dev","download_url":"https://codeload.github.com/kakadu-dev/yii2-jwt-auth/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kakadu-dev%2Fyii2-jwt-auth/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266237603,"owners_count":23897422,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","authentication","jwt","rest","yii2"],"created_at":"2025-07-21T04:13:20.757Z","updated_at":"2025-07-21T04:13:28.819Z","avatar_url":"https://github.com/kakadu-dev.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# yii2-jwt-auth\n\nYii2 JWT Auth\n\n\n## Installation\n\nThe preferred way to install this extension is through [composer](http://getcomposer.org/download/).\n\nEither run\n\n```bash\nphp composer.phar require --prefer-dist kakadu-dev/yii2-jwt-auth \"@dev\"\n```\n\nor add\n\n```\n\"kakadu-dev/yii2-jwt-auth\": \"@dev\"\n```\n\nto the require section of your `composer.json` file.\n\n\n## Usage\n\nOnce the extension is installed, simply use it in your code by:\n\nAdd this package migration namespace, to you console config (console/config/main.php):\n\n```php\nreturn [\n    'components' =\u003e [\n        'migrate' =\u003e [\n            'class'               =\u003e yii\\console\\controllers\\MigrateController::class,\n            // set false if you use namespaces\n            'migrationPath'       =\u003e '@console/migrations',\n            'migrationNamespaces' =\u003e [\n                // ...\n                'Kakadu\\Yii2JwtAuth\\migrations',\n            ],\n        ],\n    ],\n];\n```\n\nConfigure api tokens component (e.g. common/config/main.php):\n\n```php\nreturn [\n    'components' =\u003e [\n        'apiTokens' =\u003e [\n            'class'           =\u003e \\Kakadu\\Yii2JwtAuth\\ApiTokenService::class,\n            'secretKey'       =\u003e '', // set in main-local.php or yii-params.domainSecretKey\n            'issuer'          =\u003e 'you-domain-name', // or yii-params.domain\n            'audience'        =\u003e ['you-domain-name', 'second-domain-name'], // or yii-params.domain\n            'audienceSecrets' =\u003e [\n                'you-domain-name'    =\u003e '', // or yii-params.domainSecretKey\n                'second-domain-name' =\u003e '', // or yii-params.secondDomainSecretKey\n            ],\n            'seamlessLogin'   =\u003e false,\n        ],\n    ],\n];\n```\n\nAll values in _secretKey_, _issuer_, _audience_, _audienceSecrets_ which contain _yii-params.param-name_ will be converted to Yii::$app-\u003eparams['param-name']\n\nTBD: add example for `yii-params.*` config (e.g. for `audienceSecrets`).\n\nNow, after user registration, create JWT tokens and add their in response headers. \nAlso add an action to update tokens.  \nE.g.:\n```php\nclass AuthController extends yii\\rest\\Controller\n{\n    public function actionSignUp()\n    {\n        // After create user $newUser\n        // Same actions for login url\n        $tokens = \\Yii::$app-\u003eapiTokens-\u003ecreate($newUser-\u003eid, ['someField' =\u003e 'someValue']);\n        \n        \\Kakadu\\Yii2JwtAuth\\JwtBearerAuth::addJwtToHeader(\\Yii::$app-\u003eresponse, $tokens);\n    }\n    \n    public function actionSignIn()\n    {\n        // After verify user login and password\n    \n        $tokens = \\Yii::$app-\u003eapiTokens-\u003ecreate($user-\u003eid, ['someField' =\u003e 'someValue']);\n        \n        \\Kakadu\\Yii2JwtAuth\\JwtBearerAuth::addJwtToHeader(\\Yii::$app-\u003eresponse, $tokens);\n    }\n    \n    /**\n     * Autologin, if access token expired and refresh token not expired.\n     * This action needed only if 'seamlessLogin' set to false.\n     */\n    public function actionRefreshTokens()\n    {\n        // Get from post or headers or ...\n        $accessToken = Yii::$app-\u003erequest-\u003epost('access_token');\n        $refreshToken = Yii::$app-\u003erequest-\u003epost('refresh_token');\n    \n        // Convert to jwt token model\n        $jwtAccessToken  = \\Yii::$app-\u003eapiTokens-\u003egetJwtToken($accessToken);\n        $jwtRefreshToken = \\Yii::$app-\u003eapiTokens-\u003egetJwtToken($refreshToken);\n    \n        // Renew\n        $newTokens = \\Yii::$app-\u003eapiTokens-\u003erenewJwtToken($jwtAccessToken, $jwtRefreshToken);\n        \n        \\Kakadu\\Yii2JwtAuth\\JwtBearerAuth::addJwtToHeader(\\Yii::$app-\u003eresponse, $newTokens);\n    }\n}\n```\n\nor use renew tokens action:\n```php\nuse Kakadu\\Yii2JwtAuth\\RefreshTokensAction;\n\nclass AuthController extends yii\\rest\\Controller\n{\n    /**\n     * @inheritdoc\n     */\n    public function behaviors(): array\n    {\n        return ArrayHelper::merge(parent::behaviors(), [\n            'authenticator' =\u003e [\n                'class'  =\u003e JwtBearerAuth::class,\n                'except' =\u003e ['renew-token'],\n            ],\n            'access'        =\u003e [\n                'class' =\u003e AccessControl::class,\n                'rules' =\u003e [\n                    [\n                        'allow'   =\u003e true,\n                        'actions' =\u003e ['renew-token'],\n                        'roles'   =\u003e ['?'],\n                    ],\n                ],\n            ],\n        ];\n    }\n            \n    /**\n     * @inheritdoc\n     */\n    public function actions(): array\n    {\n        return ArrayHelper::merge(parent::actions(), [\n            'renew-token' =\u003e RefreshTokensAction::class,\n        ]);\n    }\n}\n```\n\nAnd finally add Jwt Auth to secure controller:\n```php\nclass SecureController extends yii\\rest\\Controller\n{\n    /**\n     * @inheritdoc\n     */\n    public function behaviors(): array\n    {\n        return ArrayHelper::merge(parent::behaviors(), [\n            'authenticator' =\u003e [\n                'class' =\u003e \\Kakadu\\Yii2JwtAuth\\JwtBearerAuth::class,\n            ],\n            'access'        =\u003e [\n                'class' =\u003e AccessControl::class,\n                'rules' =\u003e [\n                   ...\n                ],\n            ],\n        ]);\n    }\n}\n```\n\n\n**Procedure:**\n\n- seamlessLogin is false\n    1. Register, get access and refresh token and save their on client side.\n    1. Use only access token for request to security endpoint.\n    1. After access token expired, you get 401 Unauthorized exception.\n    1. _Use expire access and not expire refresh token to get new tokens._ (/refresh-token  url)  \n    1. If refresh token expire, go to sign in  \n\n- seamlessLogin is true\n    1. Register, get access and refresh token and save their on client side.\n    1. Use only access token for request to security endpoint.\n    1. After access token expired, you get 401 Unauthorized exception.\n    1. _Repeat request use expire access and not expire refresh token to get new tokens._ (/same url)\n    1. If refresh token expire, go to sign in.\n\n\nThat's all. Check it.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkakadu-dev%2Fyii2-jwt-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkakadu-dev%2Fyii2-jwt-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkakadu-dev%2Fyii2-jwt-auth/lists"}