This package is abandoned and no longer maintained. No replacement package was suggested.

Highly configurable JSON Web Token implementation for Laravel and Lumen.

0.1.0 2020-05-16 22:41 UTC


GitHub license Packagist Version Packagist GitHub issues GitHub pull requests Codecov Scrutinizer code quality

Highly configurable JSON Web Token implementation for Laravel and Lumen.

Guardian exposes an additional authentication guardian driver, which can be used like the standard session or token drivers.

Guardian follows the Semantic Versioning specification.

The master branch should not be considered stable prior to the 1.0.0 release.


Our company based its back-end on the Lumen Framework and we needed a stateless identification and authentication method. We chose to use the JSON Web Tokens which combines security and ease. While some libraries exist like tymondesigns/jwt-auth or laravel/passport, they did not meet our requirements. Indeed, we wanted to have control over the cryptographic algorithms of the keys as well as to be able to use several of them.

After careful consideration, we decided to develop our own JWT library for Lumen which was later ported to Laravel and shared open-source.



  • PHP >= 7.2
  • Laravel/Lumen 6 or 7


Simply add Guardian to your project dependencies.

composer require mathieu-bour/guardian

Depending on the algorithm you want to use, install the corresponding cryptographic library:

Algorithm Library Required PHP extensions
ECDSA web-token/jwt-signature-algorithm-ecdsa openssl
EdDSA web-token/jwt-signature-algorithm-eddsa sodium
HMAC web-token/jwt-signature-algorithm-hmac n/a
RSA web-token/jwt-signature-algorithm-rsa openssl, gmp

If you do not know which algorithm to choose, we recommend ECDSA with the ES512 algorithm and the P-521 curve.


Publish the default Guardian configuration:

php artisan vendor:publish --provider="Windy\Guardian\GuardianServiceProvider"


Copy the default Guardian configuration from vendor/mathieu-bour/guardian/config/guardian.php to config/guardian.php. Then, add the provider to your bootstrap/app.php and load the configuration with:



If you want to use the Guardian Facade, ensure that the application is loaded with Facades in your bootstrap/app.php.


Next steps


Here, we humbly refer to the alternatives to Guardian that we found interesting.


Passport is the official Laravel library which supports JWT authentication.

Laravel makes API authentication a breeze using Laravel Passport, which provides a full OAuth2 server implementation for your Laravel application in a matter of minutes.


jwt-auth is a worthwhile alternative to Guardian which provides a higher-level API, such as authenticating users directly from the request credentials via a Facade. jwt-auth also provides a way to blacklist the generated tokens whereas Guardian leaves the implementation to the developer. If you are looking for a simpler way to use JWT, we highly recommend that you take a look to this library!