Download the PHP package crazedsanity/authtoken without Composer
On this page you can find all versions of the php package crazedsanity/authtoken. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download crazedsanity/authtoken
More information about crazedsanity/authtoken
Files in crazedsanity/authtoken
Package authtoken
Short Description Library for creating and manipulating authentication/authorization tokens, for things like password hashes and API keys.
License MIT
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package authtoken
AuthToken 
This system is built to handle either authentication or authorization, or both. A common usage for this system is for storing temporary tokens for changing passwords: a user requests that their password get changed, so they are sent an email with a link containing some weird complicated hash. This is the system that handles the logic of creating the tokens and storing them in the database, along with handling automatic expiration.
What Are Tokens For?
Imagine you've got a web application, and there's authentication involved. You're going to create a "simple" system wherein a user can click something and generate a "lost password" request. Since you want to be user-friend and security-conscious, your system generates an email with a link for them to follow. With CS Auth Token, you can create one that:
- only works for the specified user's account
- expires after a single (successful) use
- expires after a given period of time
- is cryptographically secure
How Do I Use It?
I could explain it, but really, it's easier just to show you:
The email might look something like:
The code to handle verification looks like:
Expiration Possibilities
Currently, there are a number of ways that a token can be expired:
- a given number of maximum uses (e.g. 1 use)
- an specific date of expiration (e.g. 15 minutes from when it was created)
- a limited number of uses + a specific expiration date (e.g. 1 use in the next 15 minutes)
- no specific expiration (the token will never be automatically removed)
Some things these tokens could be used for (they're just ideas):
- token API calls
- 1000 uses until token expires
- 30 days until token expires
- limit of 1000 uses during the next 30 days
- sessions:
- 1000 page views before need to login again
- must expire before a certain date
- 1000 page views OR until a certain date (whichever comes first)
- licensing (requires something to keep token from being destroyed, depending upon implementation)
- 5 allowed licenses for 1 year
- unlimited users for 1 year
- 5 users, no expiration
- unlimited users for 1 year
