SMS based login service for Silex

dev-master / 1.0.x-dev 2015-11-22 02:38 UTC

This package is not auto-updated.

Last update: 2024-06-08 17:15:37 UTC


Latest Version on Packagist Software License Build Status Coverage Status Quality Score Total Downloads

Silex add on to provide SMS based login service. This is a 2-step process. First the user enters their mobile phone number, an SMS is sent to their phone that contains a login code. The user enters the code to validate the session and login.

This package is compliant with PSR-1, PSR-2 and PSR-4. If you notice compliance oversights, please send a patch via pull request.


Via Composer

$ composer require apiaryhq/silex-sms-login-provider


To use SMS login, register an SMS handler. This is a service that supports the SmsHandlerInterface. An inplementation is provided that uses Twilio to send SMS messages.

$accountSid = getenv('TWILIO_ACCOUNT_SID');
$authToken = getenv('TWILIO_AUTH_TOKEN');
$app->register(new TwilioSMSHandlerProvider(), [
    'sms.handler.from' => 'Daz',
    'sms.handler.twilio_sid' => $accountSid,
    'sms.handler.twilio_auth_token' => $authToken,

Use the provider to register services and controller:

$smsLoginProvider = new SmsLoginProvider();
$app->mount('', $smsLoginProvider);

Protect an area of the site with SMS login:

$app['security.firewalls'] = array(
    // Login page is accessible to all:
    'login' => array(
        'pattern' => '^/login$',
    // Everything else is secured:
    'secured_area' => array(
        'pattern' => '^.*$',
        'sms' => true,
        'logout' => ['logout_path' => '/logout'],
        'users' => $app->share(function($app) { return $app['user.manager']; }),

Note that the $app['user.manager'] must be an implementation of UserProviderInterface and also provide mobile phone numbers as usernames.

## Debug mode

If you don't want to send SMS messages during development you can activate the SMS debug mode. In this case the verification code is not sent to the the phone number, but is instead concatenated to the number for display on the verification form. Obviously, this should never be enabled on production or you'll have no security at all!

$app['sms.debug'] = true;

Change log

Please see CHANGELOG for more information what has changed recently.


$ composer test


Please see CONTRIBUTING and CONDUCT for details.


If you discover any security related issues, please email darren@apiaryhq.com instead of using the issue tracker.


Skeleton package from The PHP League.


The MIT License (MIT). Please see License File for more information.