JWT-Auth JWT Authentication Middleware

Important

This package is a replacement for tuupola/slim-jwt-auth with the updated version of firebase/php-jwt to resolve CVE-2021-46743 in the meantime. I plan to maintain compatibility with v1, and then in v2 I plan to diverge, adding new features and dropping support for older PHP versions.

This middleware implements JSON Web Token Authentication. It was originally developed for Slim but can be used with any framework using PSR-7 and PSR-15 style middleware. It has been tested with Slim Framework and Zend Expressive.

Heads up! You are reading the documentation for 3.x branch which is PHP 7.4 and up only. If you are using an older version of PHP see the 2.x branch. These two branches are not backwards compatible, see UPGRADING for instructions on how to upgrade.

Middleware does not implement an OAuth 2.0 authorization server nor does it provide ways to generate, issue or store authentication tokens. It only parses and authenticates a token when passed via header or cookie. This is useful for example when you want to use JSON Web Tokens as API keys.

For example implementation see Slim API Skeleton.

User Guide

• Breakinng Changes
  • Upgrade
• Overview
  • Install
  • Usage
  • Rules
  • Security
  • Authorization
  • Testing
  • Contributing
  • Security Issues
  • License
• Optional parameters
  • Path
  • Ignore
  • Header
  • Regexp
  • Cookie
  • Algorithm
  • Attribute
  • Logger
  • Before