z-trippete/jwt-verifier

Library for jwt token verifier

Maintainers

Details

github.com/z-trippete/jwt-verifier

Source

Issues

Installs: 6

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 0

Forks: 0

Open Issues: 0

pkg:composer/z-trippete/jwt-verifier

2.1.2 2026-02-27 11:31 UTC

Requires

MIT 6097298ed0f9a75d914b92ce34f71a3f1c9db7a1

This package is auto-updated.

Last update: 2026-02-27 11:32:10 UTC

README

A simple and lightweight php class to verify JWT tokens using JWKS (JSON Web Key Sets). Perfect for integrating with identity providers.

Features

  • JWKS Support: Automatically fetches public keys from a remote URL.
  • Smart Caching: Includes a flexible CacheManager to store JWKS data, reducing latency and avoiding rate-limiting from your Identity Provider.
  • Claim Validation: Verifies iss (Issuer), aud (Audience), and exp (Expiration).
  • Clear Exception Handling
    Provides dedicated exceptions for every failure scenario:
    • TokenFormatException – Thrown when the JWT structure is invalid or malformed.
    • TokenValidationException – Thrown when signature, issuer, or audience validation fails.
    • TokenExpireException – Thrown when the token is expired (exp claim).
    • OAuthProviderException – Thrown when the JWKS endpoint cannot be reached or the HTTP request fails.
    • JwksFormatException – Thrown when the JWKS response is malformed, missing keys, or the requested kid is not found.

Requirements

  • PHP 8.1 or higher

Dependencies

This package leverages the most reliable libraries in the PHP ecosystem:

  • lcobucci/jwt: For high-security JWT parsing and validation (v4.3+).
  • guzzlehttp/guzzle: For robust asynchronous HTTP requests to fetch JWKS keys.

Installation

Install the package via Composer:

composer require z-trippete/jwt-verifier