Forest header image

Symfony Finland
Random things on PHP, Symfony and web development

Symfony and JWT (JSON Web Token)

JSON Web Tokens are a relatively new method for authentication. JWT for short is an open standard for passing claims between parties in web application environments. Instead of relying on a cookie, applications can rely on passing forward JSON Web Tokens.

In a nutshell in JWT when the client logs in the client gets a token back from the server, instead of a cookie. The token contains something called a claim. This is simply a JSON object, which includes what the developer considers necessary. This is the user ID as a minimum, but can contain other things such as username or security roles.

The client saves the token and on subsequent passes the token as a part request the header. The server then validates the token on the history on previous requests and returns the appropriate response based on whether the token validates or not.

The JWT technology is supported by a wide range of platforms and programming languages. The Symfony framework is one of these and the use of JWTs in real world applications was already mentioned in the case study for Namshi and Symfony2 in 2014 on

Since 2014 the popularity of JWT has grown tremendously and there are now a number of interesting articles describing the use of JWT with Symfony2, many of which use the LexikJWTAuthenticationBundle underneath:

Any new application should definitely consider using JWT instead of the classic cookie authentication method.

Written by Jani Tarvainen on Monday June 13, 2016
Permalink - Tags: symfony, jwt, javascript

« HTTP/2 server H2O hits version 2.0.0 - What is GraphQL and how does it differ from REST APIs? »