gyselroth/micro-auth

Authentication implementation including support for LDAP and OpenID-connet

Maintainers

Details

github.com/gyselroth/micro-auth

Homepage

Source

Issues

Installs: 2 595

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 3

Forks: 2

Open Issues: 0

v1.0.0-alpha8 2022-12-16 11:13 UTC

Requires

Requires (Dev)

Suggests

  • ext-apc: Caching openid-connect discovery sheets
  • ext-ldap: required if you want to use LDAP

MIT 440ab34f7dfd24ca30093e1409e50bbfd4ddde78

  • Raffael Sahli <sahli.woop@gyselroth.net>

microldapopenid-connecthttp-basic

This package is not auto-updated.

Last update: 2024-05-03 18:11:44 UTC

README

Build Status Scrutinizer Code Quality Latest Stable Version GitHub release GitHub license

Description

This is a lightweight authentication library. It is adapter based and comes with support for LDAP and OpenID-connect. It can handle multiple adapter of the same or different types. This library contains no storage mechanism. If you wish to store the authentication you need to store the identity object in your sessesion storage.

Requirements

The library is only >= PHP7.1 compatible.

Download

The package is available at packagist: https://packagist.org/packages/gyselroth/micro-auth

To install the package via composer execute:

composer require gyselroth/micro-auth

Documentation

Simple example usage

Create authentication instance and inject an LDAP and OpenID-connect adapter:

use Micro\Auth;

$logger = new \My\Psr\Logger()
$auth = new Auth\Auth(\Psr\Log\LoggerInterface $logger);
$auth->injectAdapter(new Auth\Adapter\Basic\Ldap(new Auth\Ldap([
    'uri' => 'ldap://myldap.local:398',
    'binddn' => 'cn=admin,dc=test,dc=com',
    'bindpw' => '1234',
    'basedn' => 'dc=test,dc=com',
    'tls' => true
]), $logger, [
    'account_filter' => '(&(objectClass=posixAccount)(uid=%s))'
]), 'my_ldap_server');

$auth->injectAdapter(new Auth\Adapter\Oidc([
    'provider_url' => 'https://accounts.google.com',
    'identity_attribute' => 'email'
], $logger), 'google_oidc_server');

if($auth->requireOne()) {
    $identity = $auth->getIdentity();
    printf('Hello %s', $identity->getIdentifier());
} else {
    //Authentication failed
}

Define attribute map

So far so good but usually just authenticate is not enaugh, mostly you like to request user attributes of a given identity. Let us create an attribute map for our ldap server my_ldap_server.

use Micro\Auth;

$auth->injectAdapter(new Auth\Adapter\Basic\Ldap(new Auth\Ldap([
    'uri' => 'ldap://myldap.local:398',
    'binddn' => 'cn=admin,dc=test,dc=com',
    'bindpw' => '1234',
    'basedn' => 'dc=test,dc=com',
    'tls' => true
]), $logger, [
    'account_filter' => '(&(objectClass=posixAccount)(uid=%s))',
    'attribute_map' => [
        'firstname' => [
            'attr' => 'firstname',
            'type' => 'string',
        ],
        'lastname' => [
            'attr' => 'surname',
            'type' => 'string',
        ],
        'mail' => [
            'attr' => 'mail',
            'type' => 'string'
        ]
    ]
]), 'my_ldap_server');

if($auth->requireOne()) {
    $attributes = $auth->getIdentity()->getAttributes();
    var_dump($attributes);
} else {
    //Authentication failed
}

Given that, you can define an attribute map for each authentication adapter and map all attributes to the same attribute names you would like to use.