This package is not installable via Composer 1.x, please make sure you upgrade to Composer 2+. Read more about our Composer 1.x deprecation policy.
This package is abandoned and no longer maintained. No replacement package was suggested.

CakePHP plugin for generating various (secure) tokens

Installs: 83

Dependents: 0

Suggesters: 0

Security: 0

Stars: 2

Watchers: 1

Forks: 1

Open Issues: 0


dev-master / 1.0.x-dev 2019-08-11 19:31 UTC

This package is not auto-updated.

Last update: 2020-02-07 17:14:16 UTC


Build Status StyleCI Status Coverage Status Total Downloads License

CakePHP plugin for generating various (secure) tokens.

Abandoned repository


  • CakePHP 3.+

PHP 5.x users are strongly advised to install the paragonie/random_compat polyfill composer package to ensure generated tokens are truly secure.


  1. Install the plugin using composer:

    composer require alt3/cakephp-tokens:1.0.x-dev
  2. To enable the plugin either run the following command:

    bin/cake plugin load Alt3/CakeTokens

    or manually add the following line to your config/bootstrap.php file:

  3. Create the required table used to store the tokens by running:

    bin/cake migrations migrate --plugin Alt3/CakeTokens


Inside your controller:

use Alt3\Tokens\RandomBytesToken

public function test() {

  // create a token object
  $token = new RandomBytesToken();
  $token->setLifetime('+1 week');

  // save the token object
  $table = TableRegistry::get('Alt3/CakeTokens.Tokens');
  $entity = $table->newEntity($token->toArray());

  if ($table->save($entity)) {
    pr('Successfully saved token with id ' . $entity->id);

Visit alt3/tokens for more information about creating the token object and creating your own token-specific Adapters.


The TokensTable comes with the following methods:

  • setStatus($id, $status): set the status for token with id
  • deleteAllExpired(): deletes all tokens that have expires
  • deleteAllWithStatus($status): deletes all tokens matching given status

Custom Finders

The TokensTable comes with the following custom finders:

  • findValidToken: true when given token value (must be passed)exists, has status 0 and has not expired
  • findAllActive: returns all tokens with status 0


Before submitting a PR make sure: