PHP download

Download the PHP package firehed/auth without Composer

On this page you can find all versions of the php package firehed/auth. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download firehed/auth
More information about firehed/auth
Files in firehed/auth

Vendor firehed
Package auth
Short Description Authentication toolset
License MIT

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of firehed/auth

Informations about the package auth

Auth

Auth is a library designed to take the complexity out of multi-factor and high-security authentication in PHP projects. Data is stored in JWTs which are tamper-resistant, permitting authentication information to be stored completely client-side without the need for a database[^db].

By implementing a single interface, your existing PHP app can flexibly support MFA without being tied to a specific provider or implementation. Thanks to being based on open standards, the authentication data can be used with any framework, and even ported to other programming languages.

A simple example

Installation

Installation is supported through Composer:

composer require firehed/auth

For more information, please visit the Composer website

API

setEncodedToken(string $token): self

Restore an authentication session from an encoded JWT. This method will be mostly used on logged-in pages.

setUser(Firehed\Auth\Authable $user): self

Start an authentication session for a new user. This method will be mostly used during the start of a login flow.

setLoader(callable $loader): self

Provide a callback that will return a Firehed\Auth\Authable object provided a unique identifier. This will be used alongside setEncodedToken to allow getUser to function on restored sessions.

It must have the following signature:

setRequiredLevel(Firehed\Auth\Level $level): self

Provide the authentication level required for getUser to return a user. This defaults to Level::LOGIN.

getEncodedToken(): string

Get a JWT containing the authentication data for the current user. This does not contain sensitive data, and is tamper-resistant thanks to signing. You SHOULD store the encoded token client-side, so long as transmission is done securely (this applies to any session identifier). Note that this does include the user's own ID.

getUser(): Firehed\Auth\Authable

Get the authenticated user. If the user is insufficiently authenticated, this will throw an exception, preventing accidental access.

enterHighSecurity(Firehed\Auth\Factors\Factor $factor): self

Use the provided factor to start a high-security session. It will last until the expiration time on the factor. If no expiration time is set, it will only last until the end of the request.

exitHighSecurity(): void

Exit high-security mode regardless of the time remaining.

validateFactor(Firehed\Auth\Factors\Factor $factor): self

Authenticate the user with the provided factor.

expireFactor(Firehed\Auth\Factors\FactorType $type): self

Remove the authentication data provided by the specified factor type. Most commonly, this will be used to log the user out.

setKeys(Firehed\JWT\KeyContainer $keys): self

Provides a KeyContainer that's used internally for JWT handling. This allows key rotation to be seamless and nearly-automatic

Core concepts

Authentication: the act of verifying identity
Factor: a method of authentication. There are three different factors:
- Inherence: something a user is, such as a fingerprint
- Knowledge: something a user knows, such as a passphrase
- Possession: something a user has, such as a OTP token
High-security mode: conceptually similar to sudo, this is a way to protect especially-sensitive actions (password change, credit card management, etc.) by requiring a fresh authentication.
Levels: there are four authentication levels that a page can require:
- ANONYMOUS: Users are not authenticated at all, nor will one be returned by getUser
- PARTIAL: Allows validation methods to be called on a partially- authencitaed user, although getUser() will return null. This SHOULD NOT be used outside of an autentication upgrade flow; i.e. providing their OTP code or token. Use getPartiallyAuthenticatedUser() to get at the underlying user, which SHOULD be used ONLY for modifying the user's new factor registration (e.g. TOTP code provided didn't match)
- LOGIN: Users require all of their factors to be present
- HISEC: In addition to all factors being present, one must have been explicitly re-verified via the enterHighSecurity API

Examples

(new examples coming soon)

[^db]: Of course, you will still need to securely store password hashes, OTP shared secrets, etc. What you will not need to do is muck around with existing session storage and handling.

All versions of auth with dependencies

PHP Build Version

Package Version

Version 0.2.2 Release 12. Mar 2016
create-project require 0 people choosed require and
0 people choosed create-project.

Download

Download latest version of auth from vendor firehed

Requires firehed/common Version ^1.0
firehed/jwt Version ^2.0
firehed/security Version ^1.0
php Version >=7

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package firehed/auth contains the following files

Loading the files please wait ....