Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Simplejwt
Assessments

Simplejwt Laravel Package

kelvinmo/simplejwt

SimpleJWT is a lightweight PHP 8+ library for JWT/JWS/JWE and JWK/COSE keys. Supports HS/RSA/ECDSA/EdDSA signatures, key management (RSA-OAEP, AES-KW, PBES2, ECDH-ES/X25519) and AES-GCM/CBC-HS encryption.

View on GitHub
Deep Wiki
Context7

Product Decisions This Supports

  • API Security & Authentication: Enables OAuth2, OpenID Connect, or custom JWT-based auth flows for Laravel applications (e.g., replacing firebase/php-jwt or lcobucci/jwt).
  • Microservices & Decoupling: Facilitates secure stateless communication between services via JWT/JWE (e.g., replacing REST sessions with tokens).
  • Compliance & Encryption: Supports RFC 7519/7515/7516 for audits (e.g., GDPR, HIPAA) by offering JWE encryption alongside JWS signatures.
  • Roadmap: Prioritize EdDSA/X25519 for post-quantum-resistant auth (e.g., future-proofing against cryptographic attacks).
  • Build vs. Buy: Buy over custom implementations to avoid reinventing JWT/JWE standards compliance (reduces tech debt).
  • Use Cases:
    • Mobile/Web Apps: Secure API tokens for SPAs/mobile clients.
    • Server-to-Server: Encrypted payloads (JWE) for sensitive data (e.g., PII).
    • Legacy System Integration: Replace SOAP/XML-WS-Security with JWTs.

When to Consider This Package

Adopt if:

  • Your Laravel app needs JWT/JWE with modern algorithms (EdDSA, X25519, AES-GCM).
  • You require key management (JWK sets, PEM/JSON keys) without external services (e.g., AWS KMS).
  • PHP 8.0+ is your baseline (avoids legacy compatibility issues).
  • You need multi-recipient JWTs/JWEs (e.g., distributed systems with shared secrets).

Look elsewhere if:

  • You’re on PHP <8.0 (requires extensions like gmp, sodium).
  • Your stack uses non-PHP (e.g., Node.js/Go; prefer native libraries).
  • You need OAuth2/OIDC libraries (e.g., league/oauth2-server for full auth flows).
  • Low-latency is critical (this library adds ~5–10ms for cryptographic ops vs. simpler HMAC).

How to Pitch It (Stakeholders)

For Executives: "SimpleJWT replaces manual JWT handling with a compliant, future-proof library supporting encryption (JWE) and signatures (JWS). It reduces security risks by adhering to RFC standards, enabling scalable auth for APIs/microservices. The EdDSA/X25519 support future-proofs against quantum threats, while JWE secures sensitive data in transit. Compared to alternatives, it’s actively maintained (PHP 8.5 compatible) and avoids vendor lock-in."

For Engineering: *"This package unifies JWT/JWE under one API, supporting:

  • Algorithms: HMAC, RSA, ECDSA, EdDSA, AES-GCM (no need for multiple libraries).
  • Key Formats: JWK (JSON), PEM, or raw secrets (flexible for dev/prod).
  • Performance: Optimized for PHP 8+ (e.g., sodium for EdDSA). Trade-offs: Slightly higher complexity than firebase/php-jwt but full JWE support and post-quantum readiness. Recommended for new projects or replacing ad-hoc JWT implementations."*
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
emuniq/filament-browser-notifications
syriable/filament-translator
hungnm28/livewire-form
wenprise/eloquent
crudly/encrypted
fadion/bouncy
cuci/prototurk-sdk
gos/pubsub-router-bundle
cuci/prototurk-sdk-symfony
clementtalleu/easyadmin-markdown-bundle
codeflextech/permission-manager
karnoweb/livewire-datepicker
sayedenam/sayed-dashboard
milito/query-filter
apiboxsym/user-bundle
apiboxsym/health-check-bundle
jayeshmepani/jpl-moshier-ephemeris-php
elnasnato/laraliveui
labrodev/rest-sdk
sampaui/sampaui