ModJWT: Working with JSON Web Token (JWT) on MODx

Just developing JSON Web Token (JWT) extra for MODX. Please take a look at

Demo page:



JWT for MODX is very interesting. It might be worth checking this too, though apparently its not production ready yet.


Although modJWT can be extended and used for session, but the main purpose of this extra is to provides basic mechanism for issuing or validating Token for restful API.

For example, if I have download files in different domain in the Cloud that need to be secured and protected, and I want to give access to MODx users in other server, this module serving this kind of stateless Token for security.

  • serverX-domainA: modx installation
  • serverY-domainB: videos, MP3s, documents, etc.

All files in serverY protected behind Auth-JWT mechanism, similar to Auth-Basic or Auth-Digest but using JWT.

To get those files, modJWT on serverX provides modx users a unique and one-time-use Token for each request to be able to login or pass Auth-JWT on serverY. The Token could be:

  • Stateless JSON Web Token, or
  • Stateful JSON Web Token

The list of Auth-JWT for web server can be found on website

1 Like

Very cool. I was just about to start building JWT into a custom app :slight_smile:


Hi, got to say your plugin rocks, it saved me lots of time, still missing one thing, where can I config the exp time for the token, I can see this in the code $this->config[‘expAge’] but im confused on where to set the expAge?

1 Like

Just add expAge as a property when you call the jwtEncode-snippet.

[[!jwtEncode? &expAge=`3600`]]


$token = $modx->runSnippet('jwtEncode', array('expAge'=>'3600'));