Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Yii Auth JWT

Latest Stable Version Total Downloads Build status Scrutinizer Code Quality Code Coverage Mutation testing badge static analysis type-coverage

The package provides JWT authentication method for Yii Auth.


  • PHP 7.4 or higher.


The package could be installed with composer:

composer require yiisoft/auth-jwt --prefer-dist

General usage

Configuring within Yii

  1. Set JWT parameters in your params.php config file:

    'yiisoft/auth-jwt' => [
        'algorithms' => [
            // your signature algorithms
        'serializers' => [
            // your token serializers
        'key' => [
            'secret' => 'your-secret',
            'file' => 'your-certificate-file',
  2. Setup definitions, required for \Yiisoft\Auth\Middleware\Authentication middleware in a config, for example, in config/web/auth.php:

    /** @var array $params */
    use Yiisoft\Auth\Jwt\TokenManagerInterface;
    use Yiisoft\Auth\Jwt\TokenManager;
    use Yiisoft\Auth\AuthenticationMethodInterface;
    use Yiisoft\Auth\Jwt\JwtMethod;
    return [
        KeyFactoryInterface::class => [
            'class' => FromSecret::class,
            '__construct()' => [
        AuthenticationMethodInterface::class => JwtMethod::class,

    Note: Don't forget to declare your implementations of \Yiisoft\Auth\IdentityInterface and \Yiisoft\Auth\IdentityRepositoryInterface.

  3. Use Yiisoft\Auth\Middleware\Authentication middleware. Read more about middlewares in the middleware guide.

Configuring independently

You can configure Authentication middleware manually:

/** @var \Yiisoft\Auth\IdentityRepositoryInterface $identityRepository */
$identityRepository = getIdentityRepository();

$tokenRepository = $container->get(\Yiisoft\Auth\Jwt\TokenRepositoryInterface::class);

$authenticationMethod = new \Yiisoft\Auth\Jwt\JwtMethod($identityRepository, $tokenRepository);

$middleware = new \Yiisoft\Auth\Middleware\Authentication(
    $responseFactory, // PSR-17 ResponseFactoryInterface.
    $failureHandler // Optional, \Yiisoft\Auth\Handler\AuthenticationFailureHandler by default.

Unit testing

The package is tested with PHPUnit. To run tests:


Mutation testing

The package tests are checked with Infection mutation framework with Infection Static Analysis Plugin. To run it:


Static analysis

The code is statically analyzed with Psalm. To run static analysis:



The Yii Auth JWT is free software. It is released under the terms of the BSD License. Please see LICENSE for more information.

Maintained by Yii Software.