Download the PHP package componenta/auth without Composer

On this page you can find all versions of the php package componenta/auth. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package auth

Componenta Auth

Authentication contracts and HTTP-oriented authentication building blocks for Componenta applications.

Use this package when an application needs more than one authentication mechanism: password login, bearer/JWT tokens, session authentication, remember-me cookies, OTP, magic links, password reset, or auth lifecycle events. The package is strategy-based: each mechanism decides whether it supports a payload, attempts authentication, and returns either an authenticated identity or a denial reason.

Installation

The package declares Componenta\Auth\ConfigProvider in extra.componenta.config-providers. When componenta/composer-plugin is installed, the provider is added to the generated provider list automatically.

Requirements

Related Packages

Package Why it matters here
componenta/session Stores browser session state and session ids for session authentication.
componenta/app-http Wires authentication middleware into HTTP applications that use PSR-7 requests and PSR-15 middleware.
componenta/event Handles login, denial, logout, session regeneration, and session termination events.
componenta/policy Uses the authenticated identity as the actor for authorization.
componenta/di Builds strategies, token managers, middleware, and listeners from the container.

Core Flow

Authenticator iterates over registered strategies in order. Unsupported strategies are skipped. Supporting strategies are attempted until one returns an IdentityInterface. If every supporting strategy denies the payload, the last denial is returned. If no strategy supports the payload, NoStrategyFoundException is thrown.

AuthenticationResult has two public properties:

Property Meaning
$subject Either the authenticated IdentityInterface or a DeniedReasonInterface.
$transportPayload Optional object that must be persisted to the response transport, for example a rotated session or remember-me cookie payload.

There is no separate boolean success flag. Consumers decide success by checking whether $result->subject is an IdentityInterface.

Strategy Contract

Strategies must be deterministic for a given payload and context. They should not throw for normal authentication failure; return a denial result instead.

Payloads And HTTP Extraction

HTTP strategies are separated from payload extraction. A payload extractor reads a PSR-7 request and produces a strategy-specific payload object:

This separation keeps strategies testable and lets applications define their own request shape without changing authentication logic.

Sessions

Session support includes session contracts, session collection, session attributes, ID generation, device detection, and database-backed session management.

Use session authentication when the browser already has a session id and the application can resolve it to a user:

Session lifecycle events are available for login/logout, regeneration, and termination flows.

Tokens

The package includes token helpers for:

Token managers own persistence and invalidation. Token handlers own signing/parsing and denial reasons such as expired, invalid, already used, or compromised tokens.

Events

EventingAuthenticator decorates authentication attempts with events:

Listeners are resolved through EventListenerProviderInterface. Use events for audit logs, session cleanup, remember-me token rotation, notifications, and metrics.

HTTP Middleware

The HTTP layer provides:

The package does not prescribe route layout. Applications decide which routes are public and which routes require authentication.

AuthenticationMiddleware writes the result to PSR-7 request attributes:

Attribute key Value
Componenta\Identity\IdentityInterface::class Present when authentication succeeds.
Componenta\Auth\DeniedReasonInterface::class Present when a supporting strategy denies the request.

If a strategy returns $transportPayload, the middleware requires a PayloadStorageInterface; otherwise it throws a LogicException because it cannot persist cookies or other response-side transport data.

DI Registration

ConfigProvider registers factories, aliases, listeners, token handlers, session managers, middleware, and default configuration keys used by the Componenta application runtime. Only the strategies and adapters wired by the application are active.

The main configuration keys are defined by ConfigKey:

Key Purpose
ConfigKey::AUTH Root authentication configuration.
ConfigKey::STRATEGIES Ordered authentication strategies.
ConfigKey::SESSION Session authentication and session manager options.
ConfigKey::REMEMBER_ME Remember-me token options.
ConfigKey::JWT JWT access/refresh token options.
ConfigKey::MAGIC_LINK Magic-link request and verification options.
ConfigKey::PASSWORD_RESET Password reset token options.
ConfigKey::DENIED HTTP response factory for denied authentication.
ConfigKey::LISTENERS Authentication event listeners.

Failure Model

Normal authentication failure is represented by DeniedReasonInterface, not an exception. Exceptions are reserved for infrastructure or programming errors: unsupported payloads, invalid payload extraction, storage failures, invalid token configuration, or transport failures.


All versions of auth with dependencies

PHP Build Version
Package Version
Requires php Version ^8.4
componenta/arrayable Version ^1.0
componenta/clock Version ^1.0
componenta/config Version ^1.0
componenta/cqrs Version ^1.0
componenta/di Version ^1.0
componenta/identity Version ^1.0
componenta/password Version ^1.0
cycle/database Version ^2.15
lcobucci/jwt Version ^5.6
psr/clock Version ^1.0
psr/container Version ^2.0
psr/http-message Version ^2.0
psr/http-server-middleware Version ^1.0
psr/log Version ^3.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package componenta/auth contains the following files

Loading the files please wait ...