[ ROOT ]
$GENERATE-RANDOM.ORG
Developer Tools for Random Data Generation // v2.6.1
root@generate-random:~/jwt-tokens/php$ _

Generate JWT Tokens in PHP

Complete code tutorial with examples and best practices

PHP
JavaScript Python Java C# C++ Ruby Go

[ Code Example - Quick Summary ]

Language: PHP

What: Generate secure JWT (JSON Web Tokens) in PHP using the Firebase JWT library. JWTs are ideal for stateless authentication, API authorization, and secure data transmission between parties.

Try it: Use our interactive Jwt-tokens generator or integrate this code into your PHP application.

Generate secure JWT (JSON Web Tokens) in PHP using the Firebase JWT library. JWTs are ideal for stateless authentication, API authorization, and secure data transmission between parties. Looking for other languages? Check our code examples in JavaScript , Python , Java , C# , C++ , Ruby and Go or use our interactive web generator.

PHP Code Example

<?php
require 'vendor/autoload.php';
use Firebase\JWT\JWT;
use Firebase\JWT\Key;

// Secret key (store in environment variables)
$secret_key = "your-256-bit-secret-key";
$issuer = "https://yourdomain.com";
$audience = "https://yourdomain.com";

// Create token payload
$payload = [
    "iss" => $issuer,           // Issuer
    "aud" => $audience,         // Audience
    "iat" => time(),            // Issued at
    "nbf" => time(),            // Not before
    "exp" => time() + 3600,     // Expiration (1 hour)
    "data" => [
        "user_id" => 123,
        "username" => "john_doe",
        "role" => "admin"
    ]
];

// Generate JWT
$jwt = JWT::encode($payload, $secret_key, 'HS256');
echo $jwt;
// Output: "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3lvdXJkb21haW4uY29tIiwiYXVkIjoiaHR0cHM6Ly95b3VyZG9tYWluLmNvbSIsImlhdCI6MTY4MDAwMDAwMCwibmJmIjoxNjgwMDAwMDAwLCJleHAiOjE2ODAwMDM2MDAsImRhdGEiOnsidXNlcl9pZCI6MTIzLCJ1c2VybmFtZSI6ImpvaG5fZG9lIiwicm9sZSI6ImFkbWluIn19.signature"

// Decode and verify JWT
try {
    $decoded = JWT::decode($jwt, new Key($secret_key, 'HS256'));
    print_r($decoded->data);
} catch (Exception $e) {
    echo "Invalid token: " . $e->getMessage();
}

[EXPLANATION]

This implementation uses the popular Firebase JWT library for PHP. The token consists of three parts: header, payload, and signature, separated by dots. Use HS256 (HMAC-SHA256) for symmetric signing or RS256 (RSA) for asymmetric signing. Always store secret keys in environment variables, never hardcode them.

Expected Output

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL3lvdXJkb21haW4uY29tIiwiYXVkIjoiaHR0cHM6Ly95b3VyZG9tYWluLmNvbSIsImlhdCI6MTY4MDAwMDAwMCwibmJmIjoxNjgwMDAwMDAwLCJleHAiOjE2ODAwMDM2MDAsImRhdGEiOnsidXNlcl9pZCI6MTIzLCJ1c2VybmFtZSI6ImpvaG5fZG9lIiwicm9sZSI6ImFkbWluIn19.YVPuJ_EqJr8vOT5JkUqHxX9Rj3LmN4K8sQ2TpY6wZ1c

Common Use Cases

  • RESTful API authentication
  • Single Sign-On (SSO) systems
  • Microservices authorization
  • Mobile app authentication
  • OAuth 2.0 access tokens

Important Notes

  • Install: composer require firebase/php-jwt
  • Use HS256 for simple symmetric signing, RS256 for public/private key pairs
  • Always validate exp, nbf, and iss claims
  • Store secret keys in environment variables (minimum 256 bits)
  • Consider short expiration times (15-60 minutes) with refresh tokens

Try Our Interactive Generator

Don't want to write code? Use our free web-based Jwt-tokens generator with instant results.

TRY JWT-TOKENS GENERATOR →

Other Programming Languages

JAVASCRIPT $ view --lang=javascript

View Jwt-tokens generation code examples in JavaScript
PYTHON $ view --lang=python

View Jwt-tokens generation code examples in Python
JAVA $ view --lang=java

View Jwt-tokens generation code examples in Java
C# $ view --lang=csharp

View Jwt-tokens generation code examples in C#
C++ $ view --lang=cpp

View Jwt-tokens generation code examples in C++
RUBY $ view --lang=ruby

View Jwt-tokens generation code examples in Ruby
GO $ view --lang=go

View Jwt-tokens generation code examples in Go