flytachi/jwt

A modern, secure, and strictly-typed PHP library for encoding and decoding JSON Web Tokens (JWT) with JWK support.

Maintainers

Details

github.com/Flytachi/php-jwt

Homepage

Source

Issues

Installs: 3

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 0

Forks: 0

1.0.0 2025-08-27 09:50 UTC

Requires

Requires (Dev)

MIT ca674ae6d39426078c8460c6caf1db188691349b

  • Flytachi <jasur.rakhmatov03.woop@gmail.com>

securityAuthenticationauthtokenjwtJSON Web TokenJWKJWKS

This package is auto-updated.

Last update: 2025-08-27 09:53:57 UTC

README

Latest Version on Packagist PHP Version Require License: MIT

Flytachi JWT — A modern, secure, and strongly typed PHP library for encoding and decoding JSON Web Tokens (JWT). It is built with a focus on security, ease of use, and maximum standards compliance, including full support for JSON Web Key Sets (JWKS).

Key Features

  • Security-first: Uses strict typing and value objects to prevent errors. Signature verification is protected against (timing attacks).
  • Modern design: Written in modern PHP (requires PHP 8.1+) and follows best practices, including PSR standards.
  • Full JWKS support: Built-in JWK parser makes it easy to work with public key sets from any provider (Google, Apple, Auth0, Privy, etc.).
  • Support for all popular algorithms:
    • HMAC: HS256, HS384, HS512
    • RSA: RS256, RS384, RS512
    • ECDSA: ES256, ES384, ES512
  • Simple and clean API: Convenient static methods for encoding and decoding tokens.
  • Robust error handling: Uses specific exceptions (JWTException) so you can easily catch and handle any token-related issues.

Installation

You can install the library via Composer:

  composer require flytachi/jwt

Usage Examples

use Flytachi\Jwt\JWT;
use Flytachi\Jwt\Entity\JwtPayload;
use Flytachi\Jwt\Entity\PrivateKey;
use Flytachi\Jwt\Entity\PublicKey;

// encode
$jwtToken = JWT::encode(
    new JwtPayload([
        'iss' => 'https://domain.com',      // Issuer: who issued the token
        'sub' => 'user-12345',              // Subject: for whom the token is intended (user ID)
        'aud' => 'https://api.domain.com',  // Audience: what service is the token intended for?
        'iat' => time(),                    // Issued At: token issue time (Unix timestamp)
        'nbf' => time(),                    // Not Before: time from which the token becomes valid
        'exp' => time() + 3600,             // Expiration Time: time when the token expires (in 1 hour)
    ]),
    new PrivateKey('secret', 'HS256')
);

// decode
$payload = JWT::decode($jwtToken, [new PublicKey('secret', 'HS256')]);
$userId = $payload->getClaim('sub');

License

This project is licensed under the MIT License - see the LICENSE file for details.