A library to work with Firebase tokens

1.9.1 2019-09-12 19:54 UTC


A library to work with Google Firebase tokens. You can use it to create custom tokens and verify ID Tokens.

Achieve more with the Firebase Admin SDK for PHP 5.6 (which uses this library).

Current version Supported PHP version Monthly Downloads Total Downloads

Build Status


composer require nathanfeitoza/firebase-tokens-php-5.6

Simple usage

Create a custom token


use Kreait\Firebase\JWT\CustomTokenGenerator;

$clientEmail = '...';
$privateKey = '...';

$generator = CustomTokenGenerator::withClientEmailAndPrivateKey($clientEmail, $privateKey);
$token = $generator->createCustomToken('uid', ['first_claim' => 'first_value' /* ... */]);

echo $token;
// Output: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.e...

Verify an ID token


use Kreait\Firebase\JWT\Error\IdTokenVerificationFailed;
use Kreait\Firebase\JWT\IdTokenVerifier;

$projectId = '...';
$idToken = '...';

$verifier = IdTokenVerifier::createWithProjectId($projectId);

try {
    $token = $verifier->verifyIdToken($idToken);
} catch (IdTokenVerificationFailed $e) {
    echo $e->getMessage();
    // Example Output:
    // The value 'eyJhbGciOiJSUzI...' is not a verified ID token:
    // - The token is expired.

try {
    $token = $verifier->verifyIdTokenWithLeeway($idToken, $leewayInSeconds = 10000000);
} catch (IdTokenVerificationFailed $e) {
    print $e->getMessage();


Tokens returned from the Generator and Verifier are instances of Kreait\Firebase\JWT\Token.

$tokenHeaders = $token->getHeaders(); // array
$tokenPayload = token->getPayload(); // array
$tokenString = $token->toString();
$tokenString = (string) $token;

Advanced usage

Cache results from the Google Secure Token Store

In order to verify ID tokens, the verifier makes a call to fetch Firebase's currently available public keys. The keys are cached in memory by default.

If you want to cache the public keys more effectively, you can use an implementation of psr/simple-cache or psr/cache to wrap the

Example using the Symfony Cache Component

use Kreait\Firebase\JWT\IdTokenVerifier;
use Symfony\Component\Cache\Simple\FilesystemCache;

$cache = new FilesystemCache();

$verifier = IdTokenVerifier::createWithProjectIdAndCache($projectId, $cache);


The MIT License (MIT). Please see License File for more information.