How to Implement the JWT with PHP?

In this tutorial, you will learn how to Implement The JWT (JSON Web Token) with PHP.

What is JWT (JSON Web Token)?

Implementing The JWT (JSON Web Token) with PHP

Download JWT for PHP

First, you need to download or clone JWT from

Or you can install this PHP-JWT package using Composer. To do this run the following command –

composer require firebase/php-jwt

After downloading the PHP-JWT ZIP file, extract this ZIP file.

Now inside the PHP-JWT folder, you can see some files and folders, but we don’t need all the files and folders, we only need the src folder.

So, copy the src folder and go to your localhost www directory or the htdocs folder, and here, create a new folder called php_jwt and then paste the src folder inside the php_jwt folder.

After completing the above steps, Now we need to create some files. But before going further let’s take a look at your php_jwt folder structure.

php_jwt folder structure

First, we will create the JwtHandler.php file. Basically this is a class where we handle all the JWT actions like encoding and decoding token.

require './src/JWT.php';
require './src/ExpiredException.php';
require './src/SignatureInvalidException.php';
require './src/BeforeValidException.php';

use \Firebase\JWT\JWT;

class JwtHandler {
    protected $jwt_secrect;
    protected $token;
    protected $issuedAt;
    protected $expire;
    protected $jwt;

    public function __construct()
        // set your default time-zone
        $this->issuedAt = time();
        // Token Validity (3600 second = 1hr)
        $this->expire = $this->issuedAt + 3600;

        // Set your secret or signature
        $this->jwt_secrect = "this_is_my_secrect";  

    public function _jwt_encode_data($iss,$data){

        $this->token = array(
            //Adding the identifier to the token (who issue the token)
            "iss" => $iss,
            "aud" => $iss,
            // Adding the current timestamp to the token, for identifying that when the token was issued.
            "iat" => $this->issuedAt,
            // Token expiration
            "exp" => $this->expire,
            // Payload
            "data"=> $data

        $this->jwt = JWT::encode($this->token, $this->jwt_secrect);
        return $this->jwt;

    public function _jwt_decode_data($jwt_token){
            $decode = JWT::decode($jwt_token, $this->jwt_secrect, array('HS256'));
            return $decode->data;
        catch(\Firebase\JWT\ExpiredException $e){
            return $e->getMessage();
        catch(\Firebase\JWT\SignatureInvalidException $e){
            return $e->getMessage();
        catch(\Firebase\JWT\BeforeValidException $e){
            return $e->getMessage();
        catch(\DomainException $e){
            return $e->getMessage();
        catch(\InvalidArgumentException $e){
            return $e->getMessage();
        catch(\UnexpectedValueException $e){
            return $e->getMessage();


Creating / Encoding JWT Tokens

require 'JwtHandler.php';
$jwt = new JwtHandler();

$token = $jwt->_jwt_encode_data(
    array("email"=>"[email protected]","id"=>21)

echo "<strong>Your Token is -</strong><br> $token";

Now open the URL on your browser – http://localhost/php_jwt/index.php

Browser Output
Your Token is –

Copy this token.

Decoding JWT Tokens

    require 'JwtHandler.php';
    $jwt = new JwtHandler();

    $data =  $jwt->_jwt_decode_data(trim($_GET['token']));


    echo "<br><hr>";
<form action="" method="GET">
    <label for="_token"><strong>Enter Token</strong></label>
    <input type="text" name="token" id="_token">
    <input type="submit" value="Docode">

Now open this URL on your Browser – http://localhost/php_jwt/decode.php and paste the token into the input box and then click on the decode button.

Browser Output
object(stdClass)#4 (2) {
  string(14) "[email protected]"

The token will expire after 1 hour because we have set the token expire-time to 1hr.


  1. HI, thanks for the information. Your way of coding is much more understandable than github information. Can you please leave information about how can web implement RS256 with JWTHandler?

    Thank you, I appriciate your help.

Leave a Reply