The package provides JWT authentication method for Yii Auth.

• PHP 7.4 or higher.

The package could be installed with composer:

composer require yiisoft/auth-jwt --prefer-dist

1. Set JWT parameters in your params.php config file:

   'yiisoft/auth-jwt' => [
       'algorithms' => [
           // your signature algorithms
       ],
       'serializers' => [
           // your token serializers
       ],
       'key' => [
           'secret' => 'your-secret',
           'file' => 'your-certificate-file',
       ],
   ],

2. Setup definitions, required for \Yiisoft\Auth\Middleware\Authentication middleware in a config, for example, in config/web/auth.php:

   <?php
   
   declare(strict_types=1);
   
   /** @var array $params */
   
   use Yiisoft\Auth\Jwt\TokenManagerInterface;
   use Yiisoft\Auth\Jwt\TokenManager;
   use Yiisoft\Auth\AuthenticationMethodInterface;
   use Yiisoft\Auth\Jwt\JwtMethod;
   
   return [
       KeyFactoryInterface::class => [
           'class' => FromSecret::class,
           '__construct()' => [
               $params['yiisoft/auth-jwt']['key']['secret']
           ],
       ],
       
       AuthenticationMethodInterface::class => JwtMethod::class,
   ];

   Note: Don't forget to declare your implementations of \Yiisoft\Auth\IdentityInterface and \Yiisoft\Auth\IdentityRepositoryInterface.

3. Use Yiisoft\Auth\Middleware\Authentication middleware. Read more about middlewares in the middleware guide.

You can configure Authentication middleware manually:

/** @var \Yiisoft\Auth\IdentityRepositoryInterface $identityRepository */
$identityRepository = getIdentityRepository();

$tokenRepository = $container->get(\Yiisoft\Auth\Jwt\TokenRepositoryInterface::class);

$authenticationMethod = new \Yiisoft\Auth\Jwt\JwtMethod($identityRepository, $tokenRepository);

$middleware = new \Yiisoft\Auth\Middleware\Authentication(
    $authenticationMethod,
    $responseFactory, // PSR-17 ResponseFactoryInterface.
    $failureHandler // Optional, \Yiisoft\Auth\Handler\AuthenticationFailureHandler by default.
);

The package is tested with PHPUnit. To run tests:

./vendor/bin/phpunit

The package tests are checked with Infection mutation framework with Infection Static Analysis Plugin. To run it:

./vendor/bin/roave-infection-static-analysis-plugin

The code is statically analyzed with Psalm. To run static analysis:

./vendor/bin/psalm

The Yii Auth JWT is free software. It is released under the terms of the BSD License. Please see LICENSE for more information.

Maintained by Yii Software.