zooxsmart / los-api-auth
Auth Middleware for apis
Fund package maintenance!
Lansoweb
Requires
- php: ^8.2
- mezzio/mezzio-problem-details: ^1.13
- psr/container: ^1.0 || ^2.0
- psr/http-message: ^1.0 || ^2.0
- psr/http-server-middleware: ^1.0 || ^2.0
Requires (Dev)
- doctrine/coding-standard: ^12.0.0
- laminas/laminas-diactoros: ^3.3
- phpstan/phpstan: ^1.10
- phpunit/phpunit: ^10.3
- squizlabs/php_codesniffer: ^3.7.2
- vimeo/psalm: ^5.17
This package is auto-updated.
Last update: 2024-11-19 14:41:00 UTC
README
This library provides a PHP middleware for api authentication.
Installation
composer require los/api-auth
Usage
Using PSR-11 containers, use the provided factories and define factories for each requirement:
return [ \Los\ApiAuth\ApiAuth::class => \Los\ApiAuth\ApiAuthFactory::class, \Los\ApiAuth\Strategy\Strategy::class => \Los\ApiAuth\Strategy\XApiKeyHeader::class, \Los\ApiAuth\Authenticator\Authenticator::class => \Los\ApiAuth\Authenticator\ArrayAuthenticatorFactory::class, \Los\ApiAuth\Output\Output::class => \Los\ApiAuth\Output\ProblemDetailsOutputFactory::class, ];
Then add the middleware to you pipeline:
$app->pipe(\Los\ApiAuth\ApiAuth::class);
If successful, the middleware will register a new Request attribute Los\ApiAuth\Authenticator\Authenticator
with the identity found, so you can know which identity is authorized in the request.
If using laminas, you can create a config/autoload/api-auth.global.php:
<?php declare(strict_types=1); use Los\ApiAuth\ApiAuth; use Los\ApiAuth\ApiAuthFactory; use Los\ApiAuth\Authenticator\ArrayAuthenticatorFactory; use Los\ApiAuth\Authenticator\Authenticator; use Los\ApiAuth\Output\Output; use Los\ApiAuth\Output\ProblemDetailsOutputFactory; use Los\ApiAuth\Strategy\BasicAuthorizationHeader; use Los\ApiAuth\Strategy\Strategy; return [ 'dependencies' => [ 'invokables' => [ Strategy::class => BasicAuthorizationHeader::class, ], 'factories' => [ ApiAuth::class => ApiAuthFactory::class, Authenticator::class => ArrayAuthenticatorFactory::class, Output::class => ProblemDetailsOutputFactory::class, ], ], 'api-auth' => [ 'ignorePaths' => ['/health'], 'identities' => ['707cd425-0a60-4d36-b2e8-c9fd7fc0f194' => '208bfbc5-e705-46b1-aec0-2b0e1b4156ad'], ], ];
Strategies
Included:
- XApiKeyHeader: extracts the identity from the X-Api-Key header
- CustomHeader: extracts the identity from a custom header
- AuthorizationHeader: extracts the identity and credential from the Authorization header
- Aggregate: you can add as many strategies as you want, and it will return the first which succeeds
- Strategy interface to implement your own strategies
Authenticator
Included:
- ArrayAuthenticator: validates the identity/credential against a simple array. The default is
['api-auth']['identities']
- Authenticator interface to implement your own, e.g. database
Output
Included:
- ProblemDetailOutput: the json response output will be generated using the mezzio/problem-details package, which needs to be required in your composer.json
- ExceptionOutput: it will just throw the exception, and you can handle it in other middleware
- Output interface to implement your own, e.g. HTML, XML