Download the PHP package olipayne/guzzle-web-bot-auth-middleware without Composer

On this page you can find all versions of the php package olipayne/guzzle-web-bot-auth-middleware. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of olipayne/guzzle-web-bot-auth-middleware

Informations about the package guzzle-web-bot-auth-middleware

Latest Stable Version Total Downloads License GitHub Actions Workflow Status

Guzzle Web Bot Auth Middleware (Ed25519 Edition)

A PHP Guzzle middleware for signing HTTP requests using HTTP Message Signatures (RFC 9421), specifically tailored for the web-bot-auth profile as discussed by Cloudflare. This version uses Ed25519 signatures via the libsodium PHP extension.

Requirements

Installation

Install the package via Composer:

Prerequisites & Setup (Ed25519)

To use this middleware, you need an Ed25519 private key, its corresponding public key (in JWK format hosted publicly), and a keyid (JWK Thumbprint of the public key). The middleware uses alg: "ed25519" in the Signature-Input header.

Easiest Setup: All-in-One Ed25519 Key Generation Script

This package includes a utility script to generate everything you need for Ed25519:

  1. Make the script executable (if you haven't already):

  2. Run the script from your project's root directory (or any directory where you want the key files to be saved):

    (Path might vary based on your setup. If installed as a library, it's in vendor/olipayne/guzzle-web-bot-auth-middleware/bin/.)

    The script will:

    • Create ed25519_private.key (containing the base64 encoded Ed25519 private key - KEEP THIS SAFE AND SECRET!).
    • Create ed25519_public.key (containing the base64 encoded Ed25519 public key, for your reference).
    • Output the Base64 Encoded Ed25519 Private Key: You'll pass this (or the path to ed25519_private.key) to the middleware.
    • Output the JWK Thumbprint (kid): This is the keyid for the middleware.
    • Output the Full Ed25519 JWK: This is the JSON structure of your public key to host publicly.

    Example output snippet:

  3. Host Your Public Key Data for Signature-Agent The Signature-Agent header in your requests points to metadata that allows a verifier to discover your signing key.

    A common path in existing deployments is https://your-bot.example.com/.well-known/jwks.json. The current HTTP Message Signatures directory draft recommends https://your-bot.example.com/.well-known/http-message-signatures-directory.

    If you expose a direct JWKSet URL, the content should be:

    Ensure this URL is publicly accessible.

Using an Existing Ed25519 Public Key

If you already have a base64 encoded Ed25519 public key and need its JWK and kid:

  1. Make the generate-jwk.php script executable:

  2. Run it with your base64 encoded Ed25519 public key string or the path to a file containing it:

    This will output the kid and the full JWK for your existing public key.

  3. You will need your corresponding Ed25519 private key (base64 encoded) to configure the middleware.
  4. Host the public JWK as described in Step 3 of the "Easiest Setup".

Usage

Provide the base64 encoded Ed25519 private key (or the path to the file like ed25519_private.key), your keyid, and your signatureAgent URL to the middleware.

Covered Components & Algorithm

How it Works

The middleware uses sodium_crypto_sign_detached for Ed25519 signatures. The Signature-Input header includes an alg="ed25519" parameter. The JWK for the public key uses kty: "OKP" (Octet Key Pair) and crv: "Ed25519".

Contributing

Contributions are welcome! Please feel free to submit pull requests or open issues.

Testing

Static analysis and style checks:

Optional live integration test:

Releases

See RELEASE.md for the tag-based release and Packagist publishing process.

License

This package is open-sourced software licensed under the MIT license.

All versions of guzzle-web-bot-auth-middleware with dependencies

PHP Build Version
Package Version
Requires php Version ^7.4 || ^8.0
guzzlehttp/guzzle Version ^7.0
ext-sodium Version *
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package olipayne/guzzle-web-bot-auth-middleware contains the following files

Loading the files please wait ...