ociomercado / laravel-jwt
A simple Laravel package that implements a Provider, Middleware and Facade for JWT using lcobucci/jwt library to generate and check the tokens.
Installs: 20
Dependents: 0
Suggesters: 0
Security: 0
Stars: 4
Watchers: 1
Forks: 0
Open Issues: 0
pkg:composer/ociomercado/laravel-jwt
Requires
- illuminate/contracts: ^5.2
- illuminate/http: ^5.2
- illuminate/support: ^5.2
- lcobucci/jwt: 3.2
This package is not auto-updated.
Last update: 2025-10-12 02:05:00 UTC
README
A simple Laravel package that implements a Provider, Middleware and Facade for JWT using lcobucci/jwt library to generate and check the tokens.
Dependencies
This library requires:
- PHP 5.5+
- OpenSSL Extension
Installation
Using composer:
composer require ociomercado/laravel-jwt
Configuration
Provider
You need to update your config/app.php file and add the following code in the providers section:
'providers' => [ // Other providers OcioMercado\LaravelJWT\JWTServiceProvider::class, // Other providers ]
Alias
Also, you need to add the following in the aliases section:
'aliases' => [ // Other aliases 'JWT' => OcioMercado\LaravelJWT\Facades\JWTFacade::class, // Other aliases ]
Config file
Then you need to publish the configuration file so you customize the options:
php artisan vendor:publish
This will create the config file jwt.php in the /config folder. Don't forget to check it out and change the options as you need.
Using the library
Protecting routes
Now you can use the JWT middleware to protect your routes:
Route::get('/user', function (Request $request) { return 'Route secured!'; })->middleware('JWT');
The middleware checks if the request has a Authorization header or the parameter token sent via GET or POST.
The JWT class
/** * Creates and signs a new JWT. * * It signs the token with the configured type of key in the jwt.php file. * * @param string $jti A unique identifier for the token. * @param mixed[] $customClaims Optional data to append to the token. * * @return Lcobucci\JWT\Token */ public function createToken($jti = null, $customClaims = null)
/** * Validates and verifies a JWT. * * It verfies the token with the configured type of key in the jwt.php file. * * @return Lcobucci\JWT\Token Returns the token. * * @throws TokenNotFoundException When the token is not found. * @throws InvalidTokenException When the token is not valid. * @throws InvalidTokenSignException When the token sign is not valid. */ public function verifyToken($token)
/** * Gets the JWT string from the request headers or from the GET parameter. * * @return string Returns the token string. * * @throws TokenNotFoundException When the token is not found. */ public function getTokenString()
/** * Parses the JWT string. * * @return Lcobucci\JWT\Token Returns the token. * * @throws TokenNotFoundException When the token is not found. * @throws InvalidTokenException When the token is not valid. */ public function parseTokenString()
/** * Checks if the JWT has expired. * * @throws TokenNotFoundException When the token is not found. * @throws InvalidTokenException When the token is not valid. * @throws TokenExpiredException When the token has expired. */ public function tokenExpired()
/** * Checks if the JWT can be refreshed. * * @return boolean Returns true is the token can be refreshed, otherwise it returns false. * * @throws TokenNotFoundException When the token is not found. * @throws InvalidTokenException When the token is not valid. */ public function isRefreshableToken()
/** * Gets the JWT object. * * @return Lcobucci\JWT\Token Returns the token. * * @throws TokenNotFoundException When the token is not found. * @throws InvalidTokenException When the token is not valid. */ public function getToken()