Want to take your software engineering career to the next level? Join the mailing list for career tips & advice Click here


A simple library to work with JSON Web Token and JSON Web Signature

Subscribe to updates I use jwt

Statistics on jwt

Number of watchers on Github 2181
Number of open issues 21
Average time to close an issue 12 days
Main language PHP
Average time to merge a PR 1 day
Open pull requests 12+
Closed pull requests 14+
Last commit over 2 years ago
Repo Created over 6 years ago
Repo Last Updated over 2 years ago
Size 617 KB
Organization / Authorlcobucci
Latest Release3.2.2
Page Updated
Do you use jwt? Leave a review!
View open issues (21)
View jwt activity
View on github
Fresh, new opensource launches 🚀🚀🚀
Software engineers: It's time to get promoted. Starting NOW! Subscribe to my mailing list and I will equip you with tools, tips and actionable advice to grow in your career.
Evaluating jwt for your project? Score Explanation
Commits Score (?)
Issues & PR Score (?)

The documentation of the stable version is on branch 3.2.


Gitter Total Downloads Latest Stable Version Unstable Version

Branch master Build Status Scrutinizer Code Quality Code Coverage SensioLabsInsight

A simple library to work with JSON Web Token and JSON Web Signature based on the RFC 7519.


Package is available on Packagist, you can install it using Composer.

composer require lcobucci/jwt


  • PHP 5.5+ (v3.2) and PHP 7.1 (v4.x)
  • OpenSSL Extension

Basic usage

Important: our next major release (v4) is currently not documented (that will be addressed on #37).

The documentation of the stable version is on branch 3.2.

Supported by Auth0 auth0

If you want to add secure token based authentication to your PHP projects, feel free to check out Auth0's PHP SDK and free plan at auth0.com/overview.

jwt open issues Ask a question     (View All Issues)
  • over 3 years Doubt in php token validation
  • over 3 years Provide a high level API to simplify usage
  • over 3 years Use a time provider to get the current system time
  • over 3 years Require PHP 5.6
  • over 3 years Update PHPECC to remove mcrypt dependency
  • over 3 years Create test for signature RSA failure exception
  • over 3 years Make sure there are no duplicated audiences while building token
  • over 3 years Extract the registered claim names to constants
  • over 3 years Use library specific exceptions
  • almost 4 years Improve the token interface
  • about 4 years Add information about how to extend the library
  • about 4 years Add some information on how create RSA/ECDSA keys
  • over 4 years Token Validation API
  • almost 5 years Ensure that claim content is json serializable
  • almost 5 years Use DateTime for date claims
  • almost 5 years Extract documentation from README.md
  • almost 5 years Extract ECDSA signers to lcobucci/jws-ecdsa
  • almost 5 years Extract RSA signers to lcobucci/jws-rsa
  • almost 5 years Extract HMAC signers to lcobucci/jws-hmac
  • almost 5 years Extract Signature abstraction to lcobucci/jws
  • almost 5 years Support JWK
  • almost 5 years Private/public claims validation
  • over 5 years Implement encrypted tokens
jwt open pull requests (View All Pulls)
  • Replaced Token->validate with Validator class handling token validation
  • Use DateTime for date claims
  • [WIP] Introducing a configuration object.
  • Allow arrays or audience claim and issuer validation.
  • [POC] Implementing a different path to the validator.
  • [WIP] Introducing a configuration object
  • #102 fix to allow keys with multiple headers
  • Key might also be hosted on a different protocol than file://
  • Create ClaimValue
  • [WIP] Create new validation API
  • Check if file_get_contents returns false - #206 #207
  • Add content check after key file reading
jwt questions on Stackoverflow (View All Questions)
  • JWT: Getting token manually
  • How to consume JWT access token and user claims using RestSharp
  • JWT Cookie is not stored right - Laravel
  • AZURE API ERROR:A security token validation error occured for the received JWT token
  • Basic Auth and JWT
  • Should JWT be stored in localStorage or cookie?
  • Is there a way to get JWT for WSO2 Identity Server password grant flow in a single call?
  • how to install php-jwt, how is composer helpful
  • How to increase security level of angularjs & JWT application
  • JWT bearer exchange for access token request using Spring Security OAuth2
  • ASP.NET 5 JWT Bearer Token Flow
  • Using Bearer/Jwt authorization without Identity
  • JWT Token in Symfony2
  • Django Rest Framework + JWT
  • Spring Security OAuth - Can it consume JWT tokens from Keycloak
  • JWT Auth vs Session Auth for API
  • JWT for stateless API, but session control for security
  • JWT (JSON Web Token) automatic prolongation of expiration
  • Passport + JWT + Socket.IO Authentication
  • How to pass JWT via Header and retrieve data through Server Side Views in Sails.js
  • Implement JWT token based REST API with Spring boot and Integrate Spring Social
  • Node.js - Express.js JWT always returns an invalid token error in browser response
  • JWT Token vulnerable in browser
  • User Authentication in Laravel 5 + AngularJs Without JWT
  • Authentication with JWT Laravel 5 without password
  • How to Generate JWT secrets
  • Sending JWT alongside html document in http response
  • Unknown Reason for JWT Tokens invalidation
  • Sending web storage stored JWT to server when refresh button hit
  • Lumen, authentication attempt always returns false (jwt or auth)
jwt list of languages used
jwt latest release notes
3.2.2 Release 3.2.2

This version fixes some small documentation issues.

Total issues resolved: 2

4.0.0-alpha1 Release 4.0.0-alpha1

Build Status

This is first alpha version of the major refactoring we've done. The API might still change a bit but we're pretty close to the final release.

Full changelog will be available on the stable version.

3.2.1 Release 3.2.1


  • #116 - Use DateTimeInteface on Token#isExpired();


  • #132 - Raise exception on RSA sign failure
Other projects in PHP