Download the PHP package logonbox/authenticator without Composer
On this page you can find all versions of the php package logonbox/authenticator. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download logonbox/authenticator
More information about logonbox/authenticator
Files in logonbox/authenticator
Package authenticator
Short Description An API for using LogonBox Authenticator credentials in your own PHP applications
License Apache-2.0
Informations about the package authenticator
LogonBox Authenticator API for PHP
Use this API to integrate LogonBox Authenticator into your own PHP application authentication flows.
The LogonBox Authenticator uses an authentication mechanism similar to SSH private key authentication where users keys are published in an authorized keys listing on the credential server. This API will read the trusted public keys and then submit an authentication request payload to the credential server for signing by the corresponding private key.
As part of the signing operation, the user must authorize the request within the LogonBox Authenticator app. Once authorized the payload is signed by the private key, which is held exclusively within the secure storage of the app.
To authenticate the user, the API verifies the signature returned to obtain the authentication result.
About LogonBox Authenticator
Safeguard your people, passwords and apps with LogonBox's 2-Factor Authentication app for Android and iOS.
Other Languages
Usage
Direct Signing
If you are using a different protocol and cannot redirect the user via a web browser, or want to provide your own user interface, you can perform authentication exclusively through the API.
Server Redirect
If you are logging a user into a web application, you can create a request, and redirect the user to a URL on the credential server where they are prompted to authorize the request on their device. This eliminates the need for you to create your own user interface and provides a modern, clean authentication flow.
When authentication completes, the server redirects back to your web application with an authentication response which you pass into the API for verification.
login.php (This HTML response will ask you to provide id of user whose key will be used for authentication)
start.php (This file will use user id submitted by end user to start the authentication process, this also sets up redirect url to which authenticating server will redirect to)
authenticator-finish.php (This file will receive the signed response from authenticating server which is verified)
Debugging
A simple Logger interface is used that will output using echo
by default. You can enable this after you have created the client object.
This should be sufficient for testing. To integrate logging into your wider application just provide an implementation of LoggerService
to the constructor
of AuthenticatorClient
.
Minimum Requirements
Current stable release tested with PHP 7.3.33
.