Yii auth JWT method

2.0.1 2023-09-19 05:16 UTC

This package is auto-updated.

Last update: 2024-02-06 14:44:22 UTC



Yii Auth JWT

Latest Stable Version Total Downloads Build status Scrutinizer Code Quality Code Coverage Mutation testing badge static analysis type-coverage

The package provides JWT authentication method for Yii Auth.


  • PHP 7.4 or higher.


The package could be installed with composer:

composer require yiisoft/auth-jwt

General usage

Configuring within Yii

  1. Set JWT parameters in your params.php config file:

    'yiisoft/auth-jwt' => [
        'algorithms' => [
            // your signature algorithms
        'serializers' => [
            // your token serializers
        'key' => [
            'secret' => 'your-secret',
            'file' => 'your-certificate-file',
  2. Setup definitions, required for \Yiisoft\Auth\Middleware\Authentication middleware in a config, for example, in config/web/auth.php:

    /** @var array $params */
    use Yiisoft\Auth\Jwt\TokenManagerInterface;
    use Yiisoft\Auth\Jwt\TokenManager;
    use Yiisoft\Auth\AuthenticationMethodInterface;
    use Yiisoft\Auth\Jwt\JwtMethod;
    return [
        KeyFactoryInterface::class => [
            'class' => FromSecret::class,
            '__construct()' => [
        AuthenticationMethodInterface::class => JwtMethod::class,

    Note: Don't forget to declare your implementations of \Yiisoft\Auth\IdentityInterface and \Yiisoft\Auth\IdentityRepositoryInterface.

  3. Use Yiisoft\Auth\Middleware\Authentication middleware. Read more about middlewares in the middleware guide.

Configuring independently

You can configure Authentication middleware manually:

/** @var \Yiisoft\Auth\IdentityRepositoryInterface $identityRepository */
$identityRepository = getIdentityRepository();

$tokenRepository = $container->get(\Yiisoft\Auth\Jwt\TokenRepositoryInterface::class);

$authenticationMethod = new \Yiisoft\Auth\Jwt\JwtMethod($identityRepository, $tokenRepository);

$middleware = new \Yiisoft\Auth\Middleware\Authentication(
    $responseFactory, // PSR-17 ResponseFactoryInterface.
    $failureHandler // Optional, \Yiisoft\Auth\Handler\AuthenticationFailureHandler by default.

Unit testing

The package is tested with PHPUnit. To run tests:


Mutation testing

The package tests are checked with Infection mutation framework with Infection Static Analysis Plugin. To run it:


Static analysis

The code is statically analyzed with Psalm. To run static analysis:



The Yii Auth JWT is free software. It is released under the terms of the BSD License. Please see LICENSE for more information.

Maintained by Yii Software.