PHP download

Download the PHP package descope/descope-php without Composer

On this page you can find all versions of the php package descope/descope-php. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download descope/descope-php
More information about descope/descope-php
Files in descope/descope-php

Vendor descope
Package descope-php
Short Description Descope SDK for PHP
License MIT
Homepage https://github.com/descope/php-sdk

Keywords Authentication drag-and-drop

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of descope/descope-php

Informations about the package descope-php

by Descope

Overview

The Descope SDK for PHP provides convenient access to Descope authentication. You can read more on the Descope Website.

Getting started

Requirements

PHP 7.3+

Installation

Install the package with Composer:

You'll need to set up a .env file in the root directory with your Descope Project ID, which you can get from the Console like this:

Using the SDK

In order to use the SDK you will need to initialize a DescopeSDK object with your Descope Project ID you defined in your .env file, like this:

Debug/Verbose Logging

The SDK supports optional debug/verbose logging to help troubleshoot API request issues. Debug logging is disabled by default to keep your application logs clean in production.

When enabled, the SDK will log detailed error information to PHP's error log (via error_log()) when API requests fail, including:

HTTP status codes
Error response bodies
Request exceptions

You can enable debug logging in three ways:

Via Config Array (recommended):
Via Environment Variable:

Then initialize the SDK normally (it will automatically detect the environment variable):
Via .env file:

Note: Debug logging uses PHP's error_log() function, so logs will appear in your configured PHP error log location (typically defined by error_log in php.ini or your server configuration).

Error Handling

When an API request fails (e.g. 4xx/5xx response, network error), the SDK throws exceptions instead of returning error arrays.

Success: Methods return the decoded JSON response (or void where applicable).
Failure: The SDK throws:
- Descope\SDK\Exception\AuthException — for most request failures (bad request, unauthorized, server errors, etc.). The exception includes the HTTP status code, error type, and message (from the API when available).
- Descope\SDK\Exception\RateLimitException — for HTTP 429 (rate limit) responses.

You can catch these and react accordingly:

The original Guzzle RequestException is available via $e->getPrevious() for logging or debugging.

Caching Mechanism

The Descope PHP SDK uses a caching mechanism to store frequently accessed data, such as JSON Web Key Sets (JWKs) for session token validation. By default, the SDK uses APCu for caching, provided it is enabled and configured in your environment. If APCu is not available, and no other caching mechanism is provided, caching is disabled.

By using the CacheInterface, you can integrate the Descope PHP SDK with any caching mechanism that suits your application, ensuring optimal performance in both small and large-scale deployments.

Custom Caching with `CacheInterface`

The SDK allows you to provide a custom caching mechanism by implementing the CacheInterface. This interface defines three methods that any cache implementation should support:

get(string $key): Retrieve a value by key.
set(string $key, $value, int $ttl = 3600): bool: Store a value with a specified time-to-live (TTL).
delete(string $key): bool: Remove a value by key.

You can provide your custom caching implementation by creating a class that implements CacheInterface. Here's an example using Laravel's cache system:

To use the Laravel cache in the SDK:

Once you've configured your caching, you're ready to use the SDK. This SDK will easily allow you integrate Descope functionality with the following built-in functions:

Authentication Methods

Passwords

Sign Up

Sign In

Send Reset Password

Update Password

Replace Password

Get Password Policy

SSO

SSO Sign In

Exchange Token

Session Management

DescopeSDK->verify($sessionToken) - will validate the session token and return either TRUE or FALSE, depending on if the JWT is valid and expired.
DescopeSDK->refreshSession($refreshToken) - will refresh your session and return a new session token, with the refresh token.
DescopeSDK->verifyAndRefreshSession($sessionToken, $refreshToken) - will validate the session token and return either TRUE or FALSE, and will refresh your session and return a new session token.
DescopeSDK->logout($refreshToken) - will invalidate the refresh token and log the user out of the current session.
DescopeSDK->logoutAll($refreshToken) - will invalidate all refresh tokens associated with a given project, thereby signing out of all sessions across multiple applications.

DescopeSDK->getClaims($sessionToken) - will return all of the claims from the JWT in an array format.
DescopeSDK->getUserDetails($refreshToken) - will return all of the user information (email, phone, verification status, etc.) using a provided refresh token.

User Management Functions

Each of these functions have code examples on how to use them.

Some of these values may be incorrect for your environment, they exist purely as an example for your own implementation.

Create User

Update User

Invite User

Batch Invite

Delete User

Search All Users

Add Tenant

Remove Tenant

Set Tenant Roles

Add Tenant Roles

Remove Tenant Roles

Set Temporary Password

Set Active Password

Password Management

The SDK provides several classes for handling different types of passwords and password hashes. Here's how to use them:

Cleartext Passwords

For cleartext (plain text) passwords:

Hashed Passwords

The SDK supports multiple hash types. Here's how to use each:

BCrypt

SHA

MD5

PBKDF2

Django

Firebase

Outbound Apps

The SDK also supports Outbound Apps management via management->outboundApps. This allows you to fetch and manage user tokens for third-party outbound applications configured in Descope.

Fetch outbound app user token

Delete outbound app user tokens (by appId and/or userId)

Delete outbound app token by token id

Unit Testing

The PHP directory includes unit testing using PHPUnit. You can insert values for session token and refresh tokens in the src/tests/DescopeSDKTest.php file, and run to validate whether or not the functions are operating properly.

To run the tests, run this command:

Running the PHP Sample App

In the sample/static/descope.js, replace the projectId with your Descope Project ID, which you can find in the Descope Console.

If you haven't already, make sure you run the composer command listed above, to install the necessary SDK packages.

Then, run this command from the root directory, to start the sample app:

The app should now be accessible at http://localhost:3000/ from your web browser.

This sample app showcases a Descope Flow using the WebJS SDK and PHP sessions to retain user information across multiple pages. It also showcases initializing the SDK and using it to validate the session token from formData sent from login.php.

Feedback

Contributing

We appreciate feedback and contribution to this repository!

Raise an issue

To provide feedback or report a bug, please raise an issue on our issue tracker.

This project is licensed under the MIT license. See the LICENSE file for more info.

All versions of descope-php with dependencies

PHP Build Version

Package Version

Version 0.6.2 Release 19. Mar 2026
create-project require 0 people chose require and
0 people chose create-project.

Download

Download latest version of descope-php from vendor descope

Requires php Version ^7.3 || ^8.0
guzzlehttp/guzzle Version 7.9.2 as 7.9.3
paragonie/constant_time_encoding Version 2.8.2
vlucas/phpdotenv Version ^5.6.1

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package descope/descope-php contains the following files

Loading the files please wait ...