Download the PHP package ingenerator/tokenista without Composer
On this page you can find all versions of the php package ingenerator/tokenista. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download ingenerator/tokenista
More information about ingenerator/tokenista
Files in ingenerator/tokenista
Package tokenista
Short Description Simple signed and expiring token generator and validator - for password reset, CSRF, authentication, whatever
License BSD-3-Clause
Homepage https://github.com/ingenerator/tokenista
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package tokenista
Tokenista - generate and validate signed tokens
Tokenista is a lightweight library for generating and validating signed tokens that can be used for password reset links, authentication, CSRF or anything else you may require. It aims to be secure (though you should always review all security related code) and to have minimum external dependencies.
Installation
Add tokenista to your composer.json and run composer update to install it.
Basic Usage
Tokenista generates tokens as a single string of the form {random}-{expirytime}-{signature}, base64 encoded so suitable for inclusion in most places.
Verifying additional values
You may want to use Tokenista's signing mechanism to verify that some additional data has not been tampered with. For example, you could use this to include email address or other confirmation information in a URL rather than having to store a record of the mapping between token and user server side.
Rotating secrets
It's good practice to occasionally rotate secrets - but without invalidating signatures
that haven't yet expired. This is easily done - add an old_secrets config option with
any previous secrets that should still be valid. Tokenista will start using the new
secret to produce new tokens while still accepting tokens signed with an older value.
Once your maximum token expiry liftime has passed you can then remove the old secret from your list and Tokenista will stop accepting it.
Testing and developing
tokenista has a full suite of PHPUnit unit tests - run them with ./vendor/bin/phpunit.
Contributions will only be accepted if they are accompanied by well structured unit tests. Installing with composer should
get you everything you need to work on the project.
License
tokenista is copyright 2014 inGenerator Ltd and released under the BSD license.
All versions of tokenista with dependencies
ext-openssl Version *
lib-openssl Version *