timtegeler / guardian
Requires
- guzzlehttp/psr7: ^1.3
- http-interop/http-middleware: ^0.4.1
Requires (Dev)
- phpunit/phpunit: ^5.7
- satooshi/php-coveralls: dev-master
This package is not auto-updated.
Last update: 2024-04-27 22:21:24 UTC
README
Guardian provides an adapter between an authentication backend and your PSR-15 middleware stack
- Compatible to the PSR-15 middleware interface
- Adaptable to your authentication backend with a simple interface
<?php // create a new authentication backend which implements the AuthenticationInterface $authenticationBackend = new AuthenticationBackend(); // using e.g. mindplay-dk/middleman as a dispatcher for the middleware stack $response = (new Dispatcher( [ // inject Guardian with the authentication backend instance new Guardian($authenticationBackend), // ... more middlwares e.g. a router new Router() ] ))->dispatch($request);
Authentication Backend
The focus of Guardian is on the adaptation of an authentication backend with a PSR-15 middleware stack.
This means that Guardian itself is not capable of providing authentication e.g. Basic access authentication. But Guardian ships with a simple interface that can be implemented by the authentication backend. The interface consists of two methods.
<?php interface AuthenticationInterface { /** * @param ServerRequestInterface $request * @return bool */ public function authenticate(ServerRequestInterface $request); /** * @return ResponseInterface */ public function getAuthenticationFailedResponse(); }
authenticate
The authenticate
method receives the current request as a parameter and must return a boolean
(which stands for access approved
respectively access denied
) .
getAuthenticationFailedResponse
The getAuthenticationFailedResponse
method must return a ResponseInterface
instance. It's called by Guardian in case of access denied
to return a ResponseInterface
instance to the middleware pipeline. The fact that the authentication backend is in charge to provide a proper ResponseInterface
instance is due to the need of custom properties.
E.g. an authentication backend, which supports the Basic access authentication, "should return a response whose header contains a HTTP 401 Unauthorized status and a WWW-Authenticate field. The WWW-Authenticate field for basic authentication (used most often) is constructed as following: WWW-Authenticate: Basic realm="User Visible Realm"
" [WIKI]