jasny / auth
Authentication, authorization and access control for Slim Framework and other PHP micro-frameworks
Installs: 13 830
Dependents: 1
Suggesters: 0
Security: 0
Stars: 109
Watchers: 13
Forks: 35
Open Issues: 0
Requires
- php: >=7.4.0
- improved/iterable: ^0.1.4
- jasny/immutable: ^2.1
- nesbot/carbon: ^2.27
- psr/event-dispatcher: ^1.0
- psr/http-factory: ^1.0
- psr/http-message: ^1.0
- psr/http-server-middleware: ^1.0
- psr/log: ^1.1
Requires (Dev)
- hashids/hashids: ^2.0 | ^3.0 | ^4.0
- jasny/php-code-quality: ~2.7.0
- lcobucci/jwt: ^3.4 | ^4.0
- phpunit/phpunit: ^9.0
Conflicts
- hashids/hashids: < 2.0
- lcobucci/jwt: < 3.4
- dev-master
- v2.x-dev
- v2.2.0
- v2.1.0
- v2.0.1
- v2.0.0
- v2.0.0-beta7
- v2.0.0-beta6
- v2.0.0-beta5
- v2.0.0-beta4
- v2.0.0-beta3
- v2.0.0-beta2
- v2.0.0-beta1
- v1.0.1
- v1.0.0
- v1.0.0-beta9
- v1.0.0-beta8
- v1.0.0-beta7
- v1.0.0-beta6
- v1.0.0-beta5
- v1.0.0-beta4
- v1.0.0-beta3
- v1.0.0-beta2
- v1.0.0-beta1
- dev-user-class
- dev-token_confirmation
- dev-jwt
- dev-hmac
This package is auto-updated.
Last update: 2024-04-12 18:24:36 UTC
README
Jasny Auth
Authentication, authorization and access control for Slim Framework and other PHP micro-frameworks.
Features
- Multiple authorization strategies, like groups (for acl) and levels.
- Authorization context (eg. "is the user an admin of this team?").
- PSR-14 events for login and logout.
- PSR-15 middleware for access control.
- Session invalidation, explicit or implicit (eg. after password change).
- Multi-factor authentication support.
- JWT and Bearer authentication support.
- Confirmation tokens for sign up confirmation and forgot-password.
- PSR-3 logging of interesting events.
- Customizable to meet the requirements of your application.
Installation
Install using composer
composer require jasny/auth
Usage
Auth is a composition class. It takes an authz, storage, and optionally a confirmation service.
use Jasny\Auth\Auth; use Jasny\Auth\Authz\Levels; $levels = new Levels(['user' => 1, 'moderator' => 10, 'admin' => 100]); $auth = new Auth($levels, new AuthStorage()); session_start(); $auth->initialize(); // Later... if (!$auth->is('admin')) { http_response_code(403); echo "Access denied"; exit(); }
The Auth service isn't usable until it's initialized. This should be done after the session is started.
session_start(); $auth->initialize();
Documentation
- Home
- Setup
- Authentication
- Authorization
- Sessions
- Middleware (for access control)
- MFA (Multi-factor authentication)
- TOTP (aka Google authenticator)
- Confirmation
- Random token
- Hashids
- Examples
- Logging