Download the PHP package meta-tech/pws-auth without Composer
On this page you can find all versions of the php package meta-tech/pws-auth. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download meta-tech/pws-auth
More information about meta-tech/pws-auth
Files in meta-tech/pws-auth
Package pws-auth
Short Description PwsAuth is an authentication protocol throught http header designed to web services
License MIT
Homepage https://github.com/meta-tech/pws-auth
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package pws-auth
PwsAuth
PwsAuth is an authentication protocol throught http header designed to web services
Request Headers
Request headers must be define as follow :
Pws-Authorization : $type $token
Pws-Ident : $userkeyThe $token can be either a loginToken or a sessionToken
The $token is divided in four part
- a datetime formatted with the
Authenticator::DATE_FORMATformat - an obfuscate part 's token builded by date, common salt & the third token 's part
- a loginToken representing a user signed token for a specific login at given date OR a session token representing the session id
- noise data to be removed
The complete token is valid only if obfuscate part can be rebuild.
This simple mecanism ensure that sessionId is valid and can be safety load
Authenticator 's configuration comes with a hash.session.index and hash.noise.length values
wich can be redefined to move the session token part into the complete token
<< hash.session.index >> << hash.noise.length >>
|-----------------------------------------------------------<<-^->>---------------------------------------------<<-^->>--------|
|- type ||-- date ---|------------ obfuscate token ---------<<-^->>-------------- session token ----------------<<-^->> noise -|
| || 1 | 2 | 3 | 4 |
PwsAuth2 242003031711e1a6104135f04c6c01e6cd5952ecafbb53c928603b0gb64tqo609qse6ovd7lhdvk4fnaqk7cdl26e4d4qh7jb41eu5f1zb5y79m8pgu3Requirements
PHP >= 5.4
Install
The package can be installed using Composer .
Or add the package to your composer.json.
Authenticator instanciation
ClientSide
A request header can be generated via the generateHeader($login, $key, $sessid=null) method.
The third parameter determine wich kind of token will be generated
for a client usage, see MetaTech\Ws\Client
ServerSide
The Token can be retriew via the getToken method
loginToken is validate by the check(Token $token = null, $login) method
loginToken must match a public url with method POST and a couple of login/password
On successfull login, the session id must be transmit to the client.
sessionToken is valid only if the session can effectively be loaded, and the
user key match the given Pws-Ident value
for a server usage, see MetaTech\Silex\Ws\Authentication and meta-tech/pws-server .
Configuration
Configuration must be the same on server and client sides
Hash definition is a convenient way to obfuscate your tokens
config/pwsauth.yml
Notes
A valid $userkey alone is useless
A valid $sessionId alone is useless
License
The project is released under the MIT license, see the LICENSE file.
