Download the PHP package brightleaf-digital/asana-client without Composer

On this page you can find all versions of the php package brightleaf-digital/asana-client. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of brightleaf-digital/asana-client

Informations about the package asana-client

Brightleaf Digital Asana API Client for PHP

CI

A modern, maintained PHP client library for the Asana API.

Common development commands

Motivation

This library was created because the official Asana PHP library is no longer maintained, is outdated, and uses a library with a known security vulnerability. After searching for alternatives, I couldn't find any third-party libraries that appeared to be actively maintained.

Status

This is my first library of this kind, and I am still developing my skills as a junior developer. Any reviews, comments, contributions, or suggestions are highly welcome - especially since my only peer review so far has been from AI. I would particularly appreciate help with:

OAuth Scopes

This library now supports Asana's new OAuth permission scopes. These scopes provide more granular control over what actions an app can perform following the principle of least privilege and should enhance user trust and so increase app adoption.

Important Notes:

For more information about the new OAuth scopes and implementation details, refer to Asana's announcement and its linked documentation.

Features

API Coverage

This library may not support all parts of the Asana API. I've focused primarily on the endpoints relevant to my own work, generally supporting all methods for those endpoints. Contributions to expand coverage to additional endpoints are welcome!

Design Decisions

Installation

then use Composer's autoload:

Basic Usage

To get started you need an Asana app configured with a proper redirect URL. You get the client ID and secret from the app. Remember to store them securely! Please read the official documentation if you aren't sure how to set up an app.

Using Personal Access Token (PAT)

Using OAuth 2.0

Token Management and Storage Options

The handleCallback() method returns an array that contains the token itself, which expires in an hour; the timestamp of expiry; a refresh token you can use to get a new access token; and some additional metadata.

This library provides flexibility in how you manage and store tokens. By default, the saveToken, loadToken and retrieveToken methods offer a simple way for beginners to securely save tokens for future use. However, advanced users have full control over token handling and can store their tokens wherever and however they see fit.

Built-In Token Storage

⚠️ IMPORTANT SECURITY WARNING: The CryptoUtils class are designed for local development environments only and are not recommended for production use. For production applications, please use a vetted security library or a secure credential management service.

The library provides several methods to manage and persist OAuth tokens. These methods are useful for developers looking for a quick and simple way to handle token storage without having to implement custom logic from scratch. They are intended for development settings to provide developers with an easy way to store tokens and explore the library. In production environments more secure methods should be used.

  1. saveToken: Encrypts and stores the current token securely to file storage (default: token.json in the working directory). This ensures sensitive fields like access_token and refresh_token are safely stored in encrypted form.
  2. loadToken: Reads the encrypted token from storage, decrypts it, and initializes the client for further use. If no token is available or decryption fails, the process gracefully returns with a failure.
  3. retrieveToken: Similar to loadToken, this static method provides a convenient way to securely load and decrypt a stored token outside the context of an instantiated client.

The password you supply to the CryptoUtils::encrypt and decrypt methods should be a regular string password or passphrase, not a pre-generated encryption key or binary blob. You can use a strong passphrase (e.g., 'my-long-dev-password') or store a more complex string (like one from a password manager) in your .env file. This value is run through PBKDF2 key derivation with a salt and never used directly as a raw encryption key.

The library's default methods use encryption to protect sensitive fields during storage, ensuring that tokens are not left exposed in plaintext. Developers still need to safeguard passwords and token files to maintain security.

Automatic Token Refresh Support

One major improvement in the library is the ability to automatically handle token refreshes and trigger callbacks when a token is refreshed. This ensures that tokens remain valid without manual intervention, and any changes to the token (after refreshing) are propagated to persistent storage.

Flexible Token Handling for Advanced Users

While the library provides the saveToken, loadToken, and retrieveToken methods for built-in token handling, advanced users can (and should) bypass these methods entirely and manage tokens themselves.

  1. Retrieve tokens directly using $client->getAccessToken() or upon refresh with $asanaClient->onTokenRefresh().
  2. Encrypt tokens using production grade libraries.
  3. Store tokens using external methods or third-party services (e.g., databases, cloud secrets management services, etc.).

Security Best Practices

When using token storage methods:

  1. The token storage file (token.json by default) should have restricted access permissions (e.g., chmod 600).
  2. If possible, store sensitive credential files (like token.json) in secure locations outside your project directory or source control.
  3. While your password is meant to be a human-memorable password or passphrase, not a random key or binary blob you still should keep it safe as an environment variable outside version control.

Summary of Token Management Methods

Method Description Primary Use Case
saveToken Encrypts and saves the current token to a file. Beginner-friendly token storage.
loadToken Decrypts and loads the token from storage into the client. Quick token initialization.
retrieveToken Static utility to securely load and decrypt tokens for external use. Advanced workflows requiring raw tokens.
onTokenRefresh Register a callback to handle token updates after an automatic refresh. Keeping persistent storage up-to-date.
getAccessToken Directly retrieves the current token in its raw array format for manual handling or storage. Custom storage workflows.

If loadToken() or retrieveToken() fails (e.g., corrupt/missing token file, incorrect password), they return false or throw an exception. Use this behavior to handle missing tokens gracefully and re-run your OAuth flows if needed.

Examples

More examples are available in the examples folder, including:

Documentation Gaps

If you find something that isn't clear from either this library's documentation or the official Asana API documentation, the Asana developer forum is a valuable resource. There are often details or workarounds discussed there that aren't covered in the official documentation.

For example, creating a task in a specific section isn't documented in the API reference but can be found in forum discussions. If you discover such gaps:

  1. Check the Asana Developer Forum
  2. Open an issue in this repository
  3. Feel free to link to relevant forum or Stack Overflow posts

📘 Project Planning and Improvements

This library is actively developed with long-term maintainability in mind.
For design decisions, planned features, and deferred items, see the following documentation:

Have an idea or want to help implement one of these? Open a GitHub issue or submit a pull request.

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

All versions of asana-client with dependencies

PHP Build Version
Package Version
Requires php Version ^7.4 || ^8.0
league/oauth2-client Version ^2.8.1
guzzlehttp/guzzle Version ^7.9.3
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package brightleaf-digital/asana-client contains the following files

Loading the files please wait ....