intervention/httpauth

HTTP Authentication Management for PHP

Maintainers

Details

github.com/Intervention/httpauth

Homepage

Source

Issues

Fund package maintenance!
Intervention
Ko Fi
paypal.me/interventionio

Installs: 9 358 235

Dependents: 5

Suggesters: 0

Security: 0

Stars: 84

Watchers: 4

Forks: 13

Open Issues: 0

5.0.1 2025-01-05 11:19 UTC

Requires

  • php: ^8.2

Requires (Dev)

MIT e4da42e65f36c85869481da61c1c5c26fbf7b8d7

httpAuthentication

This package is auto-updated.

Last update: 2025-05-05 14:22:35 UTC

README

HTTP Authentication Management

Latest Version Tests Monthly Downloads Support me on Ko-fi

Installation

You can easily install this library using Composer. Just request the package with the following command:

composer require intervention/httpauth

Documentation

Read the full documentation for this library.

Usage

The workflow is easy. Just create an instance of Authenticator::class in the first step and secure your resource in the second step.

1. Create Authenticator Instance

To create authenticator instances you can choose between different methods.

Create Instance by Using Static Factory Method

use Intervention\HttpAuth\Authenticator;

// create http basic auth
$auth = Authenticator::basic(
    'myUsername',
    'myPassword',
    'Secured Area',
);

// create http digest auth
$auth = Authenticator::digest(
    'myUsername',
    'myPassword',
    'Secured Area',
);

Create Instance by Using Class Constructor

use Intervention\HttpAuth\Authenticator;

// alternatively choose DigestVault::class
$vault = new BasicVault(
    'myUsername',
    'myPassword',
    'Secured Area',
);

$auth = new Authenticator($vault);

Create Instance by Static Factory Method

use Intervention\HttpAuth\Authenticator;

// alternatively choose DigestVault::class
$vault = new BasicVault(
    'myUsername',
    'myPassword',
    'Secured Area',
);

$auth = Authenticator::withVault($vault);

2. Ask User for Credentials

After you created a HTTP authentication instance, you have to call secure() to secure the resource. This results in a 401 HTTP response and the browser asking for credentials.

$auth->secure();

A character string can optionally be passed to the method. This is displayed if authentication fails. Output from template engines can also be used here.

$auth->secure('Sorry, you can not access this resource!');

Server Configuration

Apache

If you are using Apache and running PHP with CGI/FastCGI, check the server configuration to make sure the authorization headers are passed correctly to PHP:

https://support.deskpro.com/en/kb/articles/missing-authorization-headers-with-apache

Authors

This library is developed and maintained by Oliver Vogel

Thanks to the community of contributors who have helped to improve this project.

License

Intervention HttpAuth is licensed under the MIT License.