PHP download

Download the PHP package horde/jwt without Composer

On this page you can find all versions of the php package horde/jwt. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download horde/jwt
More information about horde/jwt
Files in horde/jwt

Vendor horde
Package jwt
Short Description Horde RFC 7519 JSON Web Token (JWT) Library
License LGPL-2.1
Homepage http://www.horde.org/libraries/Horde_Jwt

Keywords auth claims RFC7519

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of horde/jwt

Informations about the package jwt

Horde\Jwt

A standalone, zero-framework-dependency PHP library for creating, signing and verifying JSON Web Tokens (RFC 7519).

Part of the Horde Project.

Features

HS256 (HMAC-SHA256) symmetric signing and verification
RS256 (RSA-SHA256) asymmetric signing and verification
ES256 (ECDSA P-256) asymmetric signing and verification
Configurable claim validation: exp, nbf, iss, aud with clock skew leeway
Typed key wrappers (PrivateKey, PublicKey) with PEM file/string loading
JWK public key serialization (RFC 7517) for RSA and EC keys
Clean SignerInterface / VerifierInterface abstractions for extending with additional algorithms
PHP 8.1+, strict types, no external dependencies beyond ext-openssl and ext-hash

Installation

Quick Example

See doc/USAGE.md for full documentation covering all algorithms, key management, verification options and error handling.

Heritage and Upgrading

This library extracts and generalizes JWT code that previously lived as special-case implementations in:

horde/core Horde\Core\Auth\Jwt\Hs256Generator, Rs256Generator, JwtVerifier, and related classes used for Horde session tokens
horde/components Horde\Components\Auth\Rs256JwtGenerator and GitHub App authentication wrappers

Those packages contained duplicated base64url encoding, key handling and signing logic, with use-case-specific interfaces (GitHub App IDs, Horde session conventions) that prevented reuse. horde/jwt replaces the algorithmic layer with a general-purpose design while adding ES256 support, typed key objects, JWK serialization and structured exceptions.

If you consumed the Core or Components JWT classes directly, see doc/UPGRADING.md for a class-by-class migration guide.

The framework-level services (JwtService, JwtServiceFactory, JwtAuthMiddleware, GitHubAppAuthenticationService) remain in their respective packages and will be updated to delegate to horde/jwt.

Relationship to horde/Oauth

horde/Oauth provides the OAuth protocol implementation for the Horde framework. horde/jwt handles the token format layer concerns such as creating and verifying JWTs. OAuth 2.0 and OpenID Connect build upon this foundation. The two libraries are complementary:

horde/jwt: token signing, verification, key management (this library)
horde/Oauth: OAuth 2.0 authorization flows, token endpoints, OIDC discovery and protocol-level concerns

horde/jwt has no dependency on horde/oauth or any other Horde package.

What This Library Is

A general-purpose JWT signing and verification library
A building block for OAuth 2.0, OpenID Connect, or any JWT-based protocol
Usable standalone, outside the Horde framework

What This Library Is Not

Not an OAuth 2.0 or OpenID Connect implementation (see horde/oauth)
Not a session management system (see Horde\Core\Auth\Jwt\JwtService)
Not an HTTP middleware or authentication framework
Not a JWKS endpoint server (it provides JWK serialization; serving JWKS over HTTP is an application concern)

Relevant RFCs

RFC 7519 - JSON Web Token (JWT)
RFC 7515 - JSON Web Signature (JWS)
RFC 7516 - JSON Web Encryption (JWE) (not implemented)
RFC 7517 - JSON Web Key (JWK)
RFC 7518 - JSON Web Algorithms (JWA)

Requirements

PHP 8.1 or later
ext-openssl
ext-hash

License

LGPL-2.1-only. See LICENSE for details.

All versions of jwt with dependencies

PHP Build Version

Package Version

Version v1.0.0beta2 Release 18. Apr 2026
create-project require 0 people chose require and
0 people chose create-project.

Download

Download latest version of jwt from vendor horde

Requires php Version ^8.1
ext-hash Version *
ext-openssl Version *

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package horde/jwt contains the following files

Loading the files please wait ...