How do I install jwt-easy in a Laravel project?

Run `composer require web-token/jwt-easy` in your project directory. The package requires PHP 8.x and depends on `web-token/jwt-framework`, which will be installed automatically. No additional Laravel-specific setup is needed beyond Composer.

Does jwt-easy support Laravel’s built-in auth system (e.g., Sanctum or Passport)?

No, jwt-easy is designed for standalone JWT workflows. For hybrid setups (e.g., Sanctum + JWT), you’ll need to manually integrate middleware or guards. It’s best suited for APIs where JWT is the primary auth method.

What Laravel versions does jwt-easy officially support?

The package doesn’t enforce Laravel version constraints, but it’s tested against PHP 8.x. For Laravel 9/10 compatibility, ensure your `web-token/jwt-framework` dependency (v2+) aligns with Laravel’s PSR-15/PSR-11 container requirements.

How do I validate a JWT token in Laravel middleware?

Extend Laravel’s `Authenticate` middleware or create a custom `JwtMiddleware`. Use `JWT::validate($token)` to check signatures and claims. Example: `if (!$token || !JWT::validate($token)) { abort(401); }` in your route handler.

Can I use jwt-easy for token revocation? What’s the recommended approach?

jwt-easy doesn’t include built-in revocation. For production, store tokens in Redis and invalidate them on logout or expiration. Short-lived tokens (e.g., 15-minute TTL) reduce revocation complexity.

How does jwt-easy compare to lcobucci/jwt or firebase/php-jwt for Laravel?

jwt-easy prioritizes simplicity with fewer features (e.g., no multi-signature support). `lcobucci/jwt` offers more control and is actively maintained, while `firebase/php-jwt` is heavier. Choose jwt-easy for lightweight APIs; use alternatives for advanced use cases.

Are there any security risks with jwt-easy I should know about?

Misconfiguration risks include weak algorithms (e.g., HS256 without a strong key) or missing validation. Always use RS256/ES256 for public-key pairs and validate token claims. Avoid storing sensitive data in JWT payloads.

How do I add custom claims (e.g., user roles) to a JWT with jwt-easy?

Use `JWT::setClaim('role', 'admin')` before encoding. Custom claims are merged into the payload. Example: `$token = JWT::encode($payload, $key, 'HS256');` where `$payload` includes your claims array.

Will jwt-easy break if I upgrade Laravel or PHP?

Breaking changes are possible due to lack of semantic versioning. Monitor the `web-token/jwt-framework` repo for updates. Test thoroughly after major Laravel/PHP upgrades, especially if using middleware or guards.

Can I use jwt-easy in a non-Laravel PHP project?

Yes, jwt-easy is framework-agnostic. It works in any PHP 8.x app. For Laravel, it integrates via middleware/guards, but the core library is standalone. Check the [JWT Framework docs](https://web-token.spomky-labs.com/) for non-Laravel examples.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Jwt Easy Laravel Package

web-token/jwt-easy

Simple JWT helper for PHP apps: quickly encode, decode, and validate JSON Web Tokens with minimal setup. Designed for straightforward auth flows, with easy-to-use APIs for signing, verifying, and reading claims.

View on GitHub

Deep Wiki

Context7

Easy toolset to use the JWT Framework.

Frequently asked questions about Jwt Easy

How do I install jwt-easy in a Laravel project?: Run `composer require web-token/jwt-easy` in your project directory. The package requires PHP 8.x and depends on `web-token/jwt-framework`, which will be installed automatically. No additional Laravel-specific setup is needed beyond Composer.
Does jwt-easy support Laravel’s built-in auth system (e.g., Sanctum or Passport)?: No, jwt-easy is designed for standalone JWT workflows. For hybrid setups (e.g., Sanctum + JWT), you’ll need to manually integrate middleware or guards. It’s best suited for APIs where JWT is the primary auth method.
What Laravel versions does jwt-easy officially support?: The package doesn’t enforce Laravel version constraints, but it’s tested against PHP 8.x. For Laravel 9/10 compatibility, ensure your `web-token/jwt-framework` dependency (v2+) aligns with Laravel’s PSR-15/PSR-11 container requirements.
How do I validate a JWT token in Laravel middleware?: Extend Laravel’s `Authenticate` middleware or create a custom `JwtMiddleware`. Use `JWT::validate($token)` to check signatures and claims. Example: `if (!$token || !JWT::validate($token)) { abort(401); }` in your route handler.
Can I use jwt-easy for token revocation? What’s the recommended approach?: jwt-easy doesn’t include built-in revocation. For production, store tokens in Redis and invalidate them on logout or expiration. Short-lived tokens (e.g., 15-minute TTL) reduce revocation complexity.
How does jwt-easy compare to lcobucci/jwt or firebase/php-jwt for Laravel?: jwt-easy prioritizes simplicity with fewer features (e.g., no multi-signature support). `lcobucci/jwt` offers more control and is actively maintained, while `firebase/php-jwt` is heavier. Choose jwt-easy for lightweight APIs; use alternatives for advanced use cases.
Are there any security risks with jwt-easy I should know about?: Misconfiguration risks include weak algorithms (e.g., HS256 without a strong key) or missing validation. Always use RS256/ES256 for public-key pairs and validate token claims. Avoid storing sensitive data in JWT payloads.
How do I add custom claims (e.g., user roles) to a JWT with jwt-easy?: Use `JWT::setClaim('role', 'admin')` before encoding. Custom claims are merged into the payload. Example: `$token = JWT::encode($payload, $key, 'HS256');` where `$payload` includes your claims array.
Will jwt-easy break if I upgrade Laravel or PHP?: Breaking changes are possible due to lack of semantic versioning. Monitor the `web-token/jwt-framework` repo for updates. Test thoroughly after major Laravel/PHP upgrades, especially if using middleware or guards.
Can I use jwt-easy in a non-Laravel PHP project?: Yes, jwt-easy is framework-agnostic. It works in any PHP 8.x app. For Laravel, it integrates via middleware/guards, but the core library is standalone. Check the [JWT Framework docs](https://web-token.spomky-labs.com/) for non-Laravel examples.

Popularity trends

Recorded values over time (once-a-day snapshots). May 10, 2026 – Jun 8, 2026

GitHub · stars

GitHub · forks

GitHub · watchers

Packagist · monthly downloads

View on GitHub

Stars

Favorites

Forks

Score

0.3

Score breakdown

Sum of components, capped 0–100. Halved if archived.

Stars

input: 11

+0.1
Forks

input: 4

+0.1
Open issues + PRs

input: 1

+0.1
Releases

input: 0

+0.0
Recency

input: —

+0.0
Issue opportunity

input: 0

+0.0
Laravel News mentions

input: 0

+0.0
Dependents

input: 0

+0.0

Total 0.3

Opportunity

49.5

Opportunity score breakdown

Hidden gem signal × 0.65 + contribution need × 0.35, scaled by health factor.

Hidden gem

log(monthly_downloads / (stars + 1)) × 25

88.6
Contribution need

open_issues + open_prs: 1

0.0
Health factor

archived + recency + open issues

×0.85

Total 49.0

License

MIT

Watchers

Downloads

42K/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

milito/query-filter

apiboxsym/user-bundle

apiboxsym/health-check-bundle

jayeshmepani/jpl-moshier-ephemeris-php

elnasnato/laraliveui

labrodev/rest-sdk

sampaui/sampaui

babelqueue/php-sdk

facebook/capi-param-builder-php

babelqueue/symfony

hamzi/corewatch

minionfactory/raw-hydrator

hexters/coinpayment

rjcodes/rjcms

act-training/laravel-permissions-manager

alimarchal/laravel-chart-of-accounts

babenkoivan/elastic-scout-driver

mkwebdesign/filament-watchdog-v5

renatomarinho/laravel-page-speed

zedmagdy/filament-business-hours