Download the PHP package jardissupport/auth without Composer
On this page you can find all versions of the php package jardissupport/auth. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download jardissupport/auth
More information about jardissupport/auth
Files in jardissupport/auth
Package auth
Short Description Token management, session handling, and security utilities for authentication and authorization
License MIT
Homepage https://docs.jardis.io/en/support/auth
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package auth
Jardis Auth
Part of the Jardis Business Platform — Enterprise-grade PHP components for Domain-Driven Design
Authentication and authorization without framework coupling. Opaque tokens, session management, password hashing, and role-based access control — designed for DDD applications. No HTTP layer, no JWT, no external dependencies. Pure support package.
Why This Package?
- Four classes to learn —
SessionManager,PasswordHasher,Guard,PasswordAuthenticator. Everything else is data - Opaque tokens — server-side state, SHA-256 hashed storage, no JWT complexity
- Token rotation — automatic refresh with old-token revocation
- RBAC as Value Objects — policies are immutable, defined in code, not in a database
- Zero external dependencies — uses PHP built-ins:
password_hash,random_bytes,hash_hmac,hash_equals
Installation
Quick Start
Create a Session
Verify & Refresh Tokens
Hash & Verify Passwords
Authorize with RBAC
Authenticate with Password
Invalidate Sessions
Token Store
The package defines TokenStoreInterface — you implement it in your infrastructure layer:
An InMemoryTokenStore is included in tests/Support/ for testing.
Password Hashing
Error Handling
| Exception | When |
|---|---|
AuthenticationException |
Authentication failed (base class) |
TokenExpiredException |
Token has expired |
TokenRevokedException |
Token was revoked |
InvalidCredentialException |
Invalid credentials provided |
UnauthorizedException |
Insufficient permissions (RBAC) |
Architecture
The user sees four orchestrators. Internally, each delegates to invokable handlers:
Each handler is an invokable object (__invoke) — independently testable, replaceable, composable. The orchestrators contain no business logic, only delegation.
Test Structure
Tests mirror the src/ directory:
Contracts
Defined in jardissupport/contract — implement these in your infrastructure:
| Interface | Purpose |
|---|---|
TokenStoreInterface |
Token persistence: store, find, revoke, deleteExpired |
PasswordHasherInterface |
Hash, verify, needsRehash |
GuardInterface |
Permission check + authorize |
AuthenticatorInterface |
Authenticate credentials, return AuthResult |
Foundation Integration
Auth is a support package — no service hook in DomainApp. Integration happens in your bounded context:
- TokenStore: Implement in infrastructure (database, Redis)
- Policy: Define as value object in application layer
- Guard: Instantiate in application layer, inject Policy
ENV Variables (optional)
What This Package Does NOT Do
- No JWT — opaque tokens only. JWT comes in v2 at the earliest
- No OAuth2/OIDC — no authorization server, no PKCE
- No HTTP layer — no cookies, no middleware, no
session_start() - No user management — no user model, no registration flow
- No rate limiting — brute-force protection is infrastructure concern
- No token persistence — only the interface. You implement the store
- No event dispatching — events are returned to the caller, not dispatched internally
Development
Documentation
Full documentation, guides, and API reference:
docs.jardis.io/en/support/auth
License
MIT License — free for any use, including commercial.
KI-gestützte Entwicklung
Dieses Package liefert einen Skill für Claude Code, Cursor, Continue und Aider mit. Installation im Konsumentenprojekt:
Mehr Details: https://docs.jardis.io/skills
All versions of auth with dependencies
ext-sodium Version *
ext-mbstring Version *
jardissupport/contract Version ^1.0