Bridge to allow the use of web-token/jwt-framework with the Lexik JWT Authentication Bundle

Fund package maintenance!

Installs: 82 579

Dependents: 0

Suggesters: 2

Security: 0

Stars: 17

Watchers: 7

Forks: 11

Open Issues: 1



Build Status Scrutinizer Code Quality


Latest Stable Version Total Downloads Latest Unstable Version License

This Symfony Bundle provides a JWT Encoder for the LexikJWTAuthenticationBundle that uses the web-token/jwt-framework as JWT Creator/Loader.

The Release Process

The release process is described here.


This library needs at least:

  • PHP 7.2+
  • Symfony 4.3+.

Continuous Integration

It has been successfully tested using PHP 7.2 and PHP 7.3.

We also track bugs and code quality using Scrutinizer-CI and Sensio Insight.

Coding Standards are verified by StyleCI.

Code coverage is not performed, but Behavior driven development (BDD) is used to test this bundle.


Symfony Flex

The preferred way to install this bundle is to rely on Symfony Flex:

composer req "spomky-labs/lexik-jose-bridge:^3.0"

Manual Installation

If you do not use Symfony Flex, then use Composer and install the bundle manually.

composer require spomky-labs/lexik-jose-bridge

Then, add this bundle and the web-token/jwt-framework bundles into your kernel:


use Symfony\Component\Config\Loader\LoaderInterface;
use Symfony\Component\HttpKernel\Kernel;

class AppKernel extends Kernel
    public function registerBundles()
        $bundles = [
            new Jose\Bundle\JoseFramework\JoseFrameworkBundle(),
            new SpomkyLabs\LexikJoseBundle\SpomkyLabsLexikJoseBundle(),

        return $bundles;

Signature/Encryption Algorithms

This bundle only installs the RSA based signature algorithms (RS256, RS384 and RS512). If you need other signature algorithms (e.g EC based, HMAC) or if you want to use the encryption feature, you must install the corresponding packages:

  • Signature Algorithms
    • All: composer require web-token/signature-pack
    • HMAC: composer require web-token/jwt-signature-algorithm-hmac
    • ECDSA: composer require web-token/jwt-signature-algorithm-ecdsa
    • EdDSA: composer require web-token/jwt-signature-algorithm-eddsa
    • None: composer require web-token/jwt-signature-algorithm-none (not recommended)
    • Experimental: composer require web-token/jwt-signature-algorithm-experimental (not recommended)
  • Encryption Algorithms
    • All: composer require web-token/encryption-pack
    • Key Encryption:
      • ECDH-ES: composer require web-token/jwt-encryption-algorithm-ecdh-es
      • AES Key Wrapping: composer require web-token/jwt-encryption-algorithm-aeskw
      • RSA: composer require web-token/jwt-encryption-algorithm-rsa
      • AES GCM Key Wrapping: composer require web-token/jwt-encryption-algorithm-aesgcmkw
      • Direct: composer require web-token/jwt-encryption-algorithm-dir (not recommended)
      • PBES 2: composer require web-token/jwt-encryption-algorithm-pbes2 (not recommended)
    • Content Encryption:
      • AES GCM: composer require web-token/jwt-encryption-algorithm-aesgcm
      • AES CBC: composer require web-token/jwt-encryption-algorithm-aescbc
    • Experimental: composer require web-token/jwt-encryption-algorithm-experimental (not recommended)


This bundle needs to be configured. Please see this page to know how to configure it.

How to use

There is nothing to do. Just use your application as usual.


I bring solutions to your problems and answer your questions.

If you really love that project and the work I have done or if you want I prioritize your issues, then you can help me out for a couple of 🍻 or more!

Become a Patreon


Requests for new features, bug fixes and all other ideas to make this library useful are welcome. Please follow these best practices.


This software is release under MIT licence.