# firebase/php-jwt

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/firebase-php-jwt).**

9,773 stars · 1,276 forks · PHP · bsd-3-clause · fork

## Links

- GitHub: https://github.com/firebase/php-jwt
- awesome-repositories: https://awesome-repositories.com/repository/firebase-php-jwt.md

## Description

This is a PHP library for implementing JSON Web Tokens to securely encode, decode, and verify identity claims between parties. It provides the core utilities necessary to create signed tokens and validate their authenticity to ensure data integrity.

The library includes a mechanism for caching remote JSON Web Key sets locally. This reduces network requests and optimizes the process of signature verification and key rotation.

Capabilities cover a range of cryptographic operations, including HMAC-based signature verification and RSA-based asymmetric signing. It handles Base64Url encoding for transport and provides stateless claim validation to verify tokens without database lookups.

## Tags

### Security & Cryptography

- [JSON Web Tokens](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities/authentication-session-flaws/json-web-tokens.md) — Provides a full implementation for creating and verifying signed JSON Web Tokens to secure identity claims.
- [Asymmetric Signing](https://awesome-repositories.com/f/security-cryptography/asymmetric-signing.md) — Employs RSA-based private and public key pairs to ensure the authenticity of identity tokens.
- [Signature Verification](https://awesome-repositories.com/f/security-cryptography/jwt-authentication/jwt-decoders/signature-verification.md) — Decodes tokens and validates their authenticity using secret keys or public key sets to prevent data tampering.
- [Verified Decoding](https://awesome-repositories.com/f/security-cryptography/jwt-authentication/jwt-decoders/verified-decoding.md) — Extracts claims and verifies signatures from tokens to ensure data authenticity and integrity. ([source](https://github.com/firebase/php-jwt#readme))
- [Signature Verification Tools](https://awesome-repositories.com/f/security-cryptography/signature-verification-tools.md) — Provides tools for validating HMAC-based digital signatures to ensure the integrity of identity claims.
- [Token Encoding](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities/authentication-session-flaws/json-web-tokens/token-encoding.md) — Creates signed tokens based on industry standards for the secure transmission of identity claims. ([source](https://github.com/firebase/php-jwt#readme))
- [Public Key Caching](https://awesome-repositories.com/f/security-cryptography/identity-key-management/remote-key-fetchers/public-key-caching.md) — Stores remote public keys locally to accelerate token verification and reduce network requests.
- [Key Resolution](https://awesome-repositories.com/f/security-cryptography/json-web-key-imports/key-resolution.md) — Processes JSON Web Key sets to resolve the correct public key for signature verification during key rotation.

### Part of an Awesome List

- [PHP Security Libraries](https://awesome-repositories.com/f/awesome-lists/security/php-security-libraries.md) — Provides a robust PHP library for encoding and decoding JSON Web Tokens to secure identity claims.

### Artificial Intelligence & ML

- [Stateless Session Authentication](https://awesome-repositories.com/f/artificial-intelligence-ml/agentic-systems-frameworks/agent-orchestration-multi-agent/security-and-auth/authentication-strategies/session-state/stateless-session-authentication.md) — Implements authentication where user identity is maintained in signed tokens instead of server-side sessions.

### Software Engineering & Architecture

- [Stateless Token Validation](https://awesome-repositories.com/f/software-engineering-architecture/stateless-architectures/stateless-token-validation.md) — Enables high-performance authorization by verifying token signatures and expiration timestamps locally without database lookups.