nevstokes / split-tokens
Implementation of split tokens for use with token-based authentication systems
Requires
- php: >=7.2
Requires (Dev)
- codedungeon/phpunit-result-printer: ^0.26 || ^0.27
- friendsofphp/php-cs-fixer: ^2.15
- infection/infection: ^0.13
- johnkary/phpunit-speedtrap: ^3.1
- phpstan/extension-installer: ^1.0
- phpstan/phpstan: ^0.11
- phpstan/phpstan-phpunit: ^0.11
- phpunit/phpunit: ^8.3
- roave/security-advisories: dev-master
- symfony/var-dumper: ^4.3
- dev-master / 0.1.x-dev
- dev-dependabot/composer/example/twig/twig-2.15.3
- dev-dependabot/composer/example/symfony/http-kernel-4.4.13
- dev-dependabot/composer/codedungeon/phpunit-result-printer-tw-0.26or-tw-0.27or-tw-0.31
- dev-dependabot/composer/example/symfony/security-core-4.4.23
- dev-dependabot/composer/example/symfony/security-guard-4.4.23
- dev-dependabot/composer/johnkary/phpunit-speedtrap-tw-3.1or-tw-4.0
- dev-dependabot/add-v2-config-file
This package is auto-updated.
Last update: 2024-04-29 04:09:34 UTC
README
An implementation of a secure split token approach to authentication as outlined by Paragon Initiative Enterprises.
Getting Started
This library will generate and validate authentication tokens. It provides sample repositories for storing and retrieving these tokens but not for getting them into the hands of your users.
Dependencies
- PHP >= 7.2
Use
Add the library to your project:
composer require nevstokes/split-tokens
Generate
A repository needs to be given for token persistence; two are included in this library: RedisUserTokenRepository and DoctrineUserTokenRepository. A signing key is also required in order to create a HMAC for the token. If you're using tokens for multiple purposes then you should choose distinct signing keys.
$generator = new TokenGenerator($userTokenRepository, $signingKey);
To generate a token for a user with a default TTL (one hour):
$token = $generator->generate($userIdentifier);
You can set a custom TTL with the optional second argument (specified as integer seconds):
$token = $generator->generate($userIdentifier, $ttl);
Validate
Use the same signing key as was used to generate a token to validate it:
$validator = new TokenValidator($userTokenRepository, $signingKey); $validity = $validator->validate($token);
See the example directory for a fully runnable demonstration, which can be started with the following command:
make -C example run
Versioning
The project uses SemVer. Notable changes are recorded in the CHANGELOG.md file. For the versions available, see the tags on this repository.
Authors
- Nev Stokes - Initial work
Contributing
Please read CONTRIBUTING.md for details on the code of conduct, and the process for submitting pull requests.
License
This project is licensed under the MIT License - see the LICENSE file for details
Built With
- Composer - Dependency Management
- PHPUnit, Infection, PHPStan and PHP CS Fixer - QA Tools
Acknowledgments
- Paragon Initiative Enterprises for the concept.
- Billie Thompson for a great README template.