authaction/authaction-php-sdk

AuthAction JWT verification SDK for PHP — Laravel, PSR-15, plain PHP

Maintainers

Package info

github.com/authaction/authaction-php-sdk

pkg:composer/authaction/authaction-php-sdk

Statistics

Installs: 7

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 0

Security

Advisories: 0

Aikido package health analysis

v0.1.0 2026-06-03 23:20 UTC

Requires

Requires (Dev)

Suggests

MIT fa9c5504159006fa12ec290ef33babd3db03113b

This package is auto-updated.

Last update: 2026-06-06 23:53:47 UTC

README

AuthAction JWT verification SDK for PHP 8.1+. Works with Laravel, PSR-15 frameworks (Slim, Mezzio), and plain PHP.

Installation

composer require authaction/authaction-php-sdk

Quick start

use AuthAction\AuthAction;

$aa = new AuthAction(
    domain:   $_ENV['AUTHACTION_DOMAIN'],
    audience: $_ENV['AUTHACTION_AUDIENCE'],
);

// Verify a raw token — throws TokenExpiredException / TokenInvalidException on failure
$payload = $aa->verifyToken($token);
echo $payload->sub;

// Verify from Authorization header — returns null on missing/invalid
$payload = $aa->verifyRequest($_SERVER['HTTP_AUTHORIZATION'] ?? null);

Laravel

// bootstrap/app.php
->withMiddleware(function (Middleware $middleware) {
    $middleware->alias(['auth.jwt' => \AuthAction\Middleware\LaravelMiddleware::class]);
})

// routes/api.php
Route::middleware('auth.jwt')->get('/me', function (Request $request) {
    $user = $request->get('authaction.user');
    return ['sub' => $user->sub];
});

Register AuthAction as a singleton in a ServiceProvider:

$this->app->singleton(AuthAction::class, fn () =>
    new AuthAction(config('authaction.domain'), config('authaction.audience'))
);

PSR-15 (Slim, Mezzio)

use AuthAction\Middleware\PsrMiddleware;
use Slim\Factory\AppFactory;

$app = AppFactory::create();
$app->add(new PsrMiddleware($verifier, $responseFactory));

$app->get('/protected', function (Request $request, Response $response) {
    $user = $request->getAttribute('authaction.user');
    $response->getBody()->write(json_encode(['sub' => $user->sub]));
    return $response;
});

Exceptions

use AuthAction\Exception\TokenExpiredException;
use AuthAction\Exception\TokenInvalidException;

try {
    $payload = $aa->verifyToken($token);
} catch (TokenExpiredException $e) {
    http_response_code(401);
    echo json_encode(['error' => 'Token has expired']);
} catch (TokenInvalidException $e) {
    http_response_code(401);
    echo json_encode(['error' => $e->getMessage()]);
}

Environment variables

AUTHACTION_DOMAIN=your-tenant.eu.authaction.com
AUTHACTION_AUDIENCE=https://api.your-app.com

License

MIT