philipbrown / signature-php
HMAC-SHA authentication
Installs: 91 968
Dependents: 3
Suggesters: 0
Security: 0
Stars: 67
Watchers: 12
Forks: 22
Open Issues: 2
Requires
- php: >=5.4
Requires (Dev)
- phpunit/phpunit: ~4.0
README
A PHP 5.4+ port of the Signature ruby gem
Installation
Add philipbrown/signature-php
as a requirement to composer.json
:
$ composer require philipbrown/signature-php
What is HMAC-SHA authentication?
HMAC-SHA authentication allows you to implement very simple key / secret authentication for your API using hashed signatures.
Making a request
use PhilipBrown\Signature\Token; use PhilipBrown\Signature\Request; $data = ['name' => 'Philip Brown']; $token = new Token('abc123', 'qwerty'); $request = new Request('POST', 'users', $data); $auth = $request->sign($token); $http->post('users', array_merge($auth, $data));
Authenticating a response
use PhilipBrown\Signature\Auth; use PhilipBrown\Signature\Token; use PhilipBrown\Signature\Guards\CheckKey; use PhilipBrown\Signature\Guards\CheckVersion; use PhilipBrown\Signature\Guards\CheckTimestamp; use PhilipBrown\Signature\Guards\CheckSignature; use PhilipBrown\Signature\Exceptions\SignatureException; $auth = new Auth('POST', 'users', $_POST, [ new CheckKey, new CheckVersion, new CheckTimestamp, new CheckSignature ]); $token = new Token('abc123', 'qwerty'); try { $auth->attempt($token); } catch (SignatureException $e) { // return 4xx }
Changing the default HTTP request prefix
By default, this package uses auth_*
in requests. You can change this behaviour when signing and and authenticating requests:
// default, the HTTP request uses auth_version, auth_key, auth_timestamp and auth_signature $request->sign($token); // the HTTP request now uses x-version, x-key, x-timestamp and x-signature $request->sign($token, 'x-');
If you changed the default, you will need to authenticate the request accordingly:
$auth->attempt($token, 'x-');