Download the PHP package kz370/jwt-auth without Composer

On this page you can find all versions of the php package kz370/jwt-auth. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package jwt-auth

Laravel JWT Auth

Latest Version on Packagist Total Downloads PHP Version Laravel Version

A sophisticated, secure, and developer-friendly JWT authentication package for Laravel. Designed with a dual-token architecture (Access + Refresh tokens) and advanced security features like automatic rotation and replay attack detection.


🚀 Key Features


📦 Installation

Install the package via Composer:

1. Run Migrations

The package requires specific tables to manage token families and device sessions.

2. Publish Configuration (Optional)

Customize the TTL (Time-To-Live), signing algorithm, and other settings:

3. Generate JWT Secret

Generate a secure signing key for your tokens. This will be added to your .env file:


👨‍💻 User Model Setup

To enable session management and token relationships on your User model, add the HasJwtAuth trait:

This trait provides several helper methods:


🎭 Multi-Model & Multi-Guard Support

The package is not limited to the User model. You can use it with any Eloquent model (Admins, Customers, etc.) and even manage multiple guards simultaneously.

1. Custom Model

If you only use one model but it's not App\Models\User, update your config/jwt-auth.php:

2. Multiple Guards (e.g., User and Admin)

If you need separate authentication for different tables, define them in config/auth.php:

Then protect your routes accordingly:

How it works

The package uses a polymorphic relationship in the database. Instead of a simple user_id, the tokens table contains:

This design ensures that sessions are perfectly isolated, even if two different models share the same ID.

Note: Ensure every model used for authentication includes the HasJwtAuth trait.


⚙️ Configuration

Automatic Guard Registration

The package automatically registers a jwt authentication guard. To use it as your default for API routes, update your config/jwt-auth.php:


🛡 Middleware Usage

The package provides two middlewares out of the box to help you secure your routes.

1. jwt.auth

Protects routes that require a valid Access Token. It automatically validates the JWT and sets the authenticated user for the request.

2. jwt.refresh

Ensures that the request contains a refresh_token. Useful for specific refresh or logout endpoints.


⚡ Integration with Existing Auth

If you are migrating from Laravel Sanctum or Passport, you simply need to replace your token generation logic in your authentication controllers.

Find where you currently generate tokens (e.g., $user->createToken(...)) and replace it with the JwtAuth facade:

This ensures that users transitioning to this package correctly adopt the new dual-token system without leaving behind outdated logic.


🛠 Usage

Authentication (The Facade)

The JwtAuth facade is the primary entry point for all operations.

User Login (Credentials)

Token Refresh

Exchange a refresh token for a brand new pair of tokens (rotates the family).

Logout

Invalidates the current refresh token and session. Returns true on success, or false if the token is invalid/expired.


📱 Device & Session Management

Take full control of user sessions across multiple devices:


🔒 Security Design

Family IDs & Token Rotation

Every login starts a "Token Family". When you refresh, the old refresh token is revoked, and a new one is issued within the same family.

Replay Attack Protection

If a used refresh token is ever presented again (indicating it was stolen and replayed), the package detects this immediately and revokes every token in that family, forcing the legitimate user to re-authenticate and securing the account.


🖥 Console Commands

Command Description
php artisan jwt:secret Generates a 64-character secret key for JWT signing.
php artisan jwt:cleanup Removes expired and revoked tokens from the database.

Recommendation: Schedule the cleanup command to run daily:


📄 License

The MIT License (MIT). Please see License File for more information.


All versions of jwt-auth with dependencies

PHP Build Version
Package Version
Requires php Version ^8.1
illuminate/support Version ^10.0|^11.0|^12.0
illuminate/database Version ^10.0|^11.0|^12.0
illuminate/auth Version ^10.0|^11.0|^12.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package kz370/jwt-auth contains the following files

Loading the files please wait ...