Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Jwt Authentication Bundle Laravel Package

lexik/jwt-authentication-bundle

JWT authentication bundle for Symfony APIs. Issues and validates JSON Web Tokens, supports PHP 8.2+ and Symfony 6.4–8, and offers extensive docs for setup, configuration, customization, testing, CORS, and programmatic token creation.

View on GitHub

Deep Wiki

Context7

v1.6.0

feature #188 Add JWTNotFoundEvent (chalasr)

v1.5.1

bug #159 Fix anonymous access by removing the AuthenticationCredentialsNotFoundException (chalasr)

v1.5.0

feature #157 Allow to set a custom response in case of authentication failure or invalid/not found token (chalasr)
feature #154 Add OpenSSLKeyLoader (chalasr)
feature #147 Made the public and private key paths not required… (ovidiumght)
bug #142 Add response message in case of invalid token (chalasr)

v1.4.3

feature #133 Always call for master request from request stack (stloyd)

v1.4.1

feature #126 Use requestStack instead of request (SmurfyFR)

v1.4.0

feature #117 Allow empty ttl (soyuka)
feature #113 Add symfony 3.0 support (Ener-Getick)
feature #110 Updated to newest namshi/jose. Dropped support for PHP 5.3 (TiS)
feature #103 added functional boot test (slashfan)
feature #96 Add custom authorization header name (pdoreau)

v1.3.1

bug #101 Fatal error on console cache:clear (ngandemer)

v1.3.0

feature #100 Add authentication_listener option (yelmontaser)

v1.2.0

bug #92 Fix authentication event propagation (mRoca)
feature #88 Add WWW-Authenticate response header on 401 (teohhanhui)
feature #76 Add cookie token extractor (tnucera)

v1.1.0

feature #73 add JWTEncodedEvent so JWT string is available after its creation (9orky)
feature #69 Added new event when token is authenticated (gamringer)

v1.0.9

bug #70 fixed deprecated errors for symfony 2.6 plus (slashfan)
feature #67 Move security details to parameters.yml.dist (Maltronic)

v1.0.8

feature #63 Improve JWTProvider (JJK801)

v1.0.6

feature #45 Adding AuthenticationException to the AuthenticationFailureEvent (ghost)
feature #43 Added identity field funcionality and its unit test. (victuxbb)
feature #40 Add flexibilty to the provider and manager (slashfan)

v1.0.5

feature #28 Improve response and dispatch event in AuthenticationFailureHandler (EmmanuelVella)

v1.0.4

feature #27 Added encoder / decoder service customization (#24) (slashfan)
feature #19 Add response in success event (EmmanuelVella)
feature #18 Improve json 401 exception (EmmanuelVella)

v1.0.2

feature #15 Added JWT Creator service (gfreeau)

v1.0.10

feature #71 Fixing a missing use statement for Reference (adetwiler)

v1.0.0

feature #10 Added ability to throw exceptions for handling later and to disable the catch-all entry point (gfreeau)
feature #9 Changed entry point to contain a message and return json (gfreeau)
bug #7 Jwt entry point fix #6 (jaugustin)
feature #5 Firewall config (slashfan)
feature #2 Symfony2.3+ compatibility (slashfan)

3.2.0

feature #1295 Allow to pass extra data when handling success authentication ([@VincentLanglet](https://github.com/VincentLanglet))
feature #1303 Add PHP 8.5 support ([@Chris8934](https://github.com/Chris8934))
feature #1300 Support Symfony 8.x & web-token suite 4.x ([@dt-thomas-durand](https://github.com/dt-thomas-durand))
feature #1278 Remove lcobucci/clock dependency ([@VincentLanglet](https://github.com/VincentLanglet))

3.1.1

bug #1267 Fix wrongly silenced signing failure ([@BackEndTea](https://github.com/BackEndTea))
bug #1259 fix issue #1258 JWTCookieProvider does set flags cookie flags when value is false ([@mustapayev](https://github.com/mustapayev))
bug #1225 Fix default values in WebToken services when encryption disabled ([@NeuralClone](https://github.com/NeuralClone))
bug #1238 chore: add testrun for PHP 8.4. Fix implicit nullable parameter ([@Chris8934](https://github.com/Chris8934), [@chalasr](https://github.com/chalasr))

3.1.0

bug #1226 feature: fix deprecation of Extension ([@Chris8934](https://github.com/Chris8934))

3.0.0

feature #1202 Remove support for Symfony <6.4 and PHP <8.2 ([@maxhelias](https://github.com/maxhelias))
feature \5b5400b Remove namshi/jose on 3.x ([@maxhelias](https://github.com/maxhelias))
feature #1056 Drop PHP <7.1 and Symfony <5.3 support ([@wouter-toppy](https://github.com/wouter-toppy))

2.9.0

feature #769 Added support for composed cookies (lukacovicadam)
bug #787 fix day saving transition php (flaugere)
bug #780 Add deprecation message argument to JWTFactory.php (chrBrd)
feature #786 Allow token creation from an existing payload (RicoLannez)
feature #677 chore/implement-against-key-loader-interface (TiMESPLiNTER)
feature #767 Added the possibility to choose if the cookie is "secure" or not (Mael-91)

2.8.0

feature #761 Expose payload in encode/decode exceptions (chalasr)
bug #755 Drop php 5.5 compat, Test against php 7.4 + symfony 5.1 and fix deprecations (acrobat)
bug #683 Handle ChainUserProvider (Gemorroj)

2.7.0

feature #753 Add set_cookies option to store JWT in secure cookies (chalasr)
feature #737 Enable to keep the modified payload after decode (cedriclombardot)

2.6.5

bug #689 Symfony 4.4/5.0 compatibility (Deuchnord)
bug #687 Authentication Exception Message from its key (arslan)
bug #675 Use late static binding on JWTUser (kaznovac)

2.6.4

bug #669 Fix dispatch signature on SF > 4.3 (Webonaute)
bug #650 Fixed AuthenticaionFailureHandler to utilize messages from custom exceptions (EresDev)

2.6.3

bug #644 Fix FC/BC layer for EventDispatcher (nicolas-grekas)

2.6.2

bug #637 Fix deprecations on symfony/event-dispatcher:4.3 (chalasr)
bug #620 Fix missing $config variable (Oliboy50)
bug #618 Use the JWTTokenManagerInterface (trsteel88)
bug #593 Make JWTManager::$userIdClaim nullable (chalasr)

2.6.1

bug #577 Fix argument order in JWTProvider service declaration (fjogeleit)

2.6.0

bug #574 fix clockSkew not taken into account in some case (mu4ddi3)
bug #554 Fix deprecations on Symfony 4.2 (chalasr)
feature #537 Customizable User ID Claim (Spomky)
feature #503 Allow setting the "exp" claim from event listeners (MaximeMaillet)

2.5.4

bug #542 Fix missing implemenets breaking JWT header alteration (tucksaun)

2.5.3

bug #525 Make openssl key loader service deprecated (Faecie)

2.5.2

bug #522 Fix clock skew + deprecation message (chalasr)

2.5.1

bug #515 Re-add namshi/jose as an hard requirement until 3.0 (chalasr)

2.5.0

feature #508 Replace namshi/jose by lcobucci/jwt (chalasr)
feature #485 Add a lexik:jwt:generate-token command (sroze)
feature #369 Fix HMAC support (chalasr)
feature #492 Clock skew (patrickjDE)
feature #433 Added setPayload to JWTDecodedEvent analogous to JWTCreatedEvent. (vgeyer)
feature #412 Make the token type case insensitive (greg0ire)
feature #404 CheckConfigCommand should not be container aware (chalasr)
feature #352 JWT header alteration (Spomky)
feature #344 Add an extension point on the PayloadAwareUserProviderInterface (sroze)

2.4.3

bug #408 Response classes shouldn't have the @internal PhpDoc tag (lashae)
bug #403 Switch to PSR-4 namespaces for PHPUnit (chalasr)
bug #399 Fix sf3.4 command autoregistration deprecation (ogizanagi)

2.4.2

bug #398 Fix Symfony 4 compatibility (benji07)
bug #383 Don't register lcobucci encoder if lcobucci/jwt is not installed (chalasr)

2.4.1

bug #356 Dont use DefinitionDecorator on Symfony 3.3+ (chalasr)

2.4.0

feature #330 Allow empty ttl for testing purpose (chalasr)
bug #328 Fix autowiring for upcoming Symfony 3.3 (chalasr)

2.3.0

bug #325 Move ttl is_numeric check from build time to runtime to allow use of %env()% (DrBenton)
feature #320 Allow for Response Body without JWT Token (Batch1211)
feature #317 Use symfony/phpunit-bridge for testing (chalasr)

2.21.0

feature #1218 Invalidate a JWT token ([@ldaspt](https://github.com/ldaspt))
feature #1170 Invalidate a JWT token ([@ldaspt](https://github.com/ldaspt))
feature #1207 Web-Token Framework simplified ([@Spomky](https://github.com/Spomky))
bug \60770f1 Fix CI & web-token encryption support ([@Spomky](https://github.com/Spomky))

2.20.3

bug #1184 Wrong type exception for AccessTokenLoader with certain configuration ([@athanasius-kircher](https://github.com/athanasius-kircher))
bug #1183 Fix for PHP <7.4 compatibility ([@fracsi](https://github.com/fracsi))

2.20.2

bug #1174 Fix for PHP <7.4 compatibility ([@fracsi](https://github.com/fracsi))

2.20.1

bug #1172 Removed constructor property promotion to fix compatibility with PHP 7.x ([@webhdx](https://github.com/webhdx))

2.20.0

feature #1041 WebToken support integration ([@Spomky](https://github.com/Spomky))
feature #1159 Added: JWT security scheme to openapi ([@Ninos](https://github.com/Ninos))
feature #1167 add support for partitioned cookies ([@EmilePerron](https://github.com/EmilePerron))
feature #1165 Support Symfony 7 ([@endroid](https://github.com/endroid), [@chalasr](https://github.com/chalasr))

2.2.0

feature #312 Ease sharing keys between parties (chalasr)
bug #311 Handle empty or null authorization header prefix (chteuchteu)
feature #303 Throw less missleading exception if SSL keys could not be loaded (phansys)

2.19.1

bug #1149 add description to authentication path ([@Altherius](https://github.com/Altherius))
bug #1144 Fix missing array claims BC break in 2.9.0 ([@ostrolucky](https://github.com/ostrolucky))

2.19.0

bug #1119 Fix API Platform integration ([@maxhelias](https://github.com/maxhelias))
bug #1120 Remove deprecation symfony 6.3 ([@maxhelias](https://github.com/maxhelias))
bug #1133 Fixed issue with option user_id_claim ([@koftikes](https://github.com/koftikes))
bug #1134 Fix ForwardCompatAuthenticatorTrait with OPCache preload ([@elavrom](https://github.com/elavrom))
feature #1125 Allow lcobucci/jwt v5 ([@maxhelias](https://github.com/maxhelias))

2.18.1

bug #1115 Fix compatibility with lcobucci v3.4 (maxhelias)

2.18.0

bug #1109 Replaced deprecated ValidAt() with LooseValidAt() (carcabot)
feature #1112 Better API Platform and json_login compatibility (alanpoulain)

2.17.0

bug #1110 Use the Security domain for translated messages (jderusse)
bug #1105 Fix creation of dynamic property (SpartakusMd)
feature #1098 Add API Platform compatibility (vincentchalamon)
bug #1096 Test under Symfony 6.2 / PHP 8.2 (chalasr)
feature #1092 allow environment variables for remove_token_from_body_when_cookies_used (usu)
bug #1067 Fixes TypeError in JWTManager (magikid)
feature #1072 Inject Clock in LcobucciJWSProvider (dbrumann)
bug #1069 Improve user_identity_field deprecation message (lobodol)
feature #1046 try to invalidate realpath cache if keypair loading failed (lobodol)

2.16.0

feature #1037 Deprecate user_identity_field config option (chalasr)
feature #1020 Add allow_no_expiration option to allow validating tokens without ttl (pluk77)
bug #1019 Fix lexik#944: Separate CompatFailureResponse from FailureResponse (GErpeldinger)
bug #1015 Fix ECDSA algo names in LcobucciJWSProvider (lovenunu)
feature #1007 Allow for creation of tokens without exp (pluk77)
bug #1001 Fix deprecations on Symfony 6.1 (chalasr)

## 2.15.1 (2022-04-06)

bug #999 Unify audience claim (aerrasti)
feature #995 Add Request object into AuthenticationFailureEvent (dmytro-shulyakov)

2.15.0

feature #995 Add Request object into AuthenticationFailureEvent (dmytro-shulyakov)
bug #982 Fix a type related depreciation with php 8.1 (RiffFred)
feature #973 Translate message errors (flohw)
bug #976 Fix authentication with integer as useridentifier (Floruzus)

2.14.4

bug #972 Typo-Fix in the ChainUserProvider (KhorneHoly)

2.14.3

feature #940 Add remove_token_from_body_when_cookies_used config option (TjorvenB)
feature #928 Add support of multiple public keys to verify tokens with a set of keys (alexandre-daubois)
feature #958 Allowing session cookie (split cookie) (JeremyPasco)
bug #969 Fix PHP 8.1 deprecation - avoid passing null to is_file() (chalasr)
bug #966 fix getIterator compatible with php 8.1 (eerison)

2.14.2

bug #961 Allow symfony/deprecations-contract v3.0 (bravik)
bug #951 Test instanceof Passport instead of more restrictive SelfValidatingPassport (TristanPouliquen)

2.14.1

bug #942 Fix Symfony 5.3 compatibility (chalasr)

2.14.0

feature #923 Add 3 new getter method to JWTTokenAuthenticator (fd6130)
bug #931 Only attempt split_cookie extraction if all of the cookies are present (carlobeltrame)
feature #925 Allow to set provider in jwt authenticator (fd6130)
feature #937 Symfony 6 Compatibility (mbabker)
bug #922 Fix error when trying to decode token using new authenticator system (fd6130)

2.13.0

feature #916 Allow to use custom authenticator by extending JWTAuthenticator (fd6130)
bug #914 Bundle breaks application if Symfony Console not installed (yivi)
feature #912 Added argument to AuthenticationSuccessHandler to stop token from being removed from response (naitsirch)
bug #905 Changed JWTAuthenticator::start method return type to more generic Response type (aurimasniekis)
feature #903 Implement AuthenticatorInterface::createToken() (Symfony 5.4) (chalasr)

2.12.6

bug 66ec1e0 Fix missing import (chalasr)

2.12.5

bug #897 Fix unexpected deprecation about Guard (bis) (chalasr)

2.12.4

bug #895 Fix unexpected deprecation about Guard (chalasr)

2.12.3

bug #887 JWTAuthenticator logic fix (ergnuor)

2.12.2

bug #886 Fix remaining deprecations on Symfony 5.3 (chalasr)

2.12.1

bug #884 Remove development files from releases (chalasr)

2.12.0

feature #872 Add new jwt authenticator for Symfony 5.3+ Security system (TristanPouliquen, chalasr)
bug #878 Handle misc. Symfony 5.3 deprecations, update CI config (mbabker)
bug #864 Remove development files from releases (phansys)

2.11.3

bug a175d6dab9 Prevent user enumeration via response content (chalasr)

2.11.2

bug #840 [Security] On Authentication failure, replace MessageData (mpiot)
bug #838 Fix wiring GenerateKeyPairCommand when key paths are null (chalasr)

2.11.1

bug #835 Fix #834: Re-add namshi/jose as required dependency until v3 (filisko)

2.11.0

bug #833 KeyLoaderInterface::getPassphrase() might return null and we need a string (drupol)
feature #832 Make AbstractKeyLoader::getSigningKey() and AbstractKeyLoader::getPublicKey public (drupol)
feature #817 Feat: add keypair generation command (bpolaszek)
feature #816 Remove support for lcobucci/jwt <3.4 & symfony/* <4.4 (chalasr)

2.10.7

bug a175d6dab9 Prevent user enumeration via response content (chalasr)

2.10.6

bug #827 Use named constructor for lcobucci/jwt Ecdsa signers (chalasr)
bug #826 Fix creating tokens when iat is already set in the payload (chalasr)

2.10.5

bug #815 Fix compatibility for lcobucci/jwt v3.x (bis) (chalasr)

2.10.4

bug #813 Fix undefined variable (chalasr)

2.10.3

bug #804 Fix ability to set extra standard claims in the input payload (bis) (chalasr)
bug #807 Fix compatibility with locbucci/jwt 3.2 (chalasr)

2.10.2

bug #801 Fix ability to set extra standard claims in the input payload (chalasr)
bug #796 Set Token on ExpiredTokenException (AdrienBr)

2.10.1

bug #797 Fix support for lcobucci/jwt v3.4 and 4.0 (chalasr)

2.10.0

feature #790 Fix Symfony 5.2 getProviderKey deprecation (ogizanagi)
feature #792 PHP 8 Support (chalasr)

2.1.1

bug #302 Return user object from User Provider refresh (MisterGlass)

2.1.0

feature #278 Add JWTUserProvider for loading users from the JWT itself (chalasr)
bug #287 Avoid override existing properties in failure response (kevin-lot)

2.0.3

bug #285 Avoid validating key paths before container compilation (chalasr)
feature #283 Ease creating tokens programatically (chalasr)
bug #282 Catch exception from lcobucci parser on invalid but correctly formatted token (chalasr)
feature #276 Added getProviderKey() to JWTUserToken (eXtreme)
#280 Travis: build on sf 3.2 + highest/lowest deps, fix build on hhvm (chalasr)
#269 Improve the structure of the documentation (chalasr)

2.0.2

feature #262 Add composer test script (chalasr)
bug #261 The security token must be authenticated no matter of the user's roles (chalasr)

2.0.1

feature #257 Set autowiring types on services with many alternatives

2.0.0

feature #249 Avoid setting exp claim from JWTManager (chalasr)
feature #246 Add a simple built-in encoder based on lcobucci/jwt (chalasr)
feature #240 Add iat check (chalasr)
feature #230 Introduce JWTExpiredEvent (chalasr)
feature #184 [Security] Deprecate current system in favor of a JWTTokenAuthenticator (Guard) (chalasr)
feature #218 Add more flexibility in token extractors configuration (chalasr)
feature #217 Refactor TokenExtractors loading for easy overriding (chalasr)
feature #202 Exceptions simplified (Spomky)
feature #201 Remove deprecated request injections (chalasr)
feature #196 Make *_key_path config options not mandatory (chalasr)
feature #177 Add JWTAuthenticationResponse (chalasr)
feature #162 [Encoder] Handle OpenSSL/phpseclib engines and algorithms (chalasr)
#175 Stop ensuring support for PHP versions smaller than 5.0 (chalasr)
#167 and #169 Stop ensuring support Symfony versions smaller than 2.8 (chalasr)

1.7.0

feature #200 Deprecate injection of Request instances (chalasr)

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

emuniq/filament-browser-notifications

syriable/filament-translator

hungnm28/livewire-form

wenprise/eloquent

crudly/encrypted

fadion/bouncy

cuci/prototurk-sdk

gos/pubsub-router-bundle

cuci/prototurk-sdk-symfony

clementtalleu/easyadmin-markdown-bundle

codeflextech/permission-manager

karnoweb/livewire-datepicker

sayedenam/sayed-dashboard

milito/query-filter

apiboxsym/user-bundle

apiboxsym/health-check-bundle

jayeshmepani/jpl-moshier-ephemeris-php

elnasnato/laraliveui

labrodev/rest-sdk

sampaui/sampaui