Highly configurable JSON Web Token implementation for Laravel and Lumen.
Guardian exposes an additional authentication
guardian driver, which can be used like the standard
Guardian follows the Semantic Versioning specification.
master branch should not be considered stable prior to the 1.0.0 release.
Our company based its back-end on the Lumen Framework and we needed a stateless identification and authentication method.
We chose to use the JSON Web Tokens which combines security and ease.
While some libraries exist like tymondesigns/jwt-auth or laravel/passport, they did not meet our requirements.
Indeed, we wanted to have control over the cryptographic algorithms of the keys as well as to be able to use several of them.
After careful consideration, we decided to develop our own JWT library for Lumen which was later ported to Laravel and shared open-source.
Simply add Guardian to your project dependencies.
composer require mathieu-bour/guardian
Depending on the algorithm you want to use, install the corresponding cryptographic library:
|Algorithm||Library||Required PHP extensions|
If you do not know which algorithm to choose, we recommend
ECDSA with the
ES512 algorithm and the
Publish the default Guardian configuration:
php artisan vendor:publish --provider="Windy\Guardian\GuardianServiceProvider"
Copy the default Guardian configuration from
Then, add the provider to your
bootstrap/app.php and load the configuration with:
If you want to use the
Guardian Facade, ensure that the application is loaded with Facades in your
Here, we humbly refer to the alternatives to Guardian that we found interesting.
Passport is the official Laravel library which supports JWT authentication.
Laravel makes API authentication a breeze using Laravel Passport, which provides a full OAuth2 server implementation for your Laravel application in a matter of minutes.
jwt-auth is a worthwhile alternative to Guardian which provides a higher-level API, such as authenticating users directly from the request credentials via a Facade.
jwt-auth also provides a way to blacklist the generated tokens whereas Guardian leaves the implementation to the developer.
If you are looking for a simpler way to use JWT, we highly recommend that you take a look to this library!