Download the PHP package rollerworks/split-token without Composer

On this page you can find all versions of the php package rollerworks/split-token. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package split-token

Rollerworks SplitToken Component

SplitToken provides a Token-Based Authentication Protocol without Side-Channels.

This technique is based of Split Tokens: Token-Based Authentication Protocols without Side-Channels. Which was first proposed by Paragon Initiative Enterprises.

SplitToken-Based Authentication is best used for password resetting or one-time single-logon.

While possible, this technique is not recommended as a replacement for OAuth or Json Web Tokens.

Introduction

Unlike traditional Token-Based Authentication Protocols a SplitToken consists of two parts: The selector (used in the query) and the verifier (not used in the query).

The full token is provided to the user or recipient and functions as a combined identifier (selector) and password (verifier).

Caution: You NEVER store the full token as-is! You only store the selector, and a (cryptographic) hash of the verifier.

Installation

To install this package, add rollerworks/split-token to your composer.json:

Now, [Composer][composer] will automatically download all required files, and install them for you.

Requirements

PHP 8.1 with the sodium extension enabled (default since PHP 8).

Basic Usage

Once a result is found using the selector, the stored verifier-hash is used to compute a matching hash of the provided verifier. And the values are compared in constant-time to protect against side-channel attacks.

See also:

Error Handling

Because of security reasons, a SplitToken only throws generic runtime exceptions for wrong usage, but no detailed exceptions about invalid input.

In the case of an error the memory allocation of the verifier and full token is zeroed to prevent leakage during a core dump or unhandled exception.

Versioning

For transparency and insight into the release cycle, and for striving to maintain backward compatibility, this package is maintained under the Semantic Versioning guidelines as much as possible.

Releases will be numbered with the following format:

<major>.<minor>.<patch>

And constructed with the following guidelines:

For more information on SemVer, please visit http://semver.org/.

Who is behind this library?

This library is brought to you by Sebastiaan Stok.

The Split Token idea was first proposed by Paragon Initiative Enterprises.

License

The Source Code of this package is subject to the terms of the Mozilla Public License, version 2.0 (MPLv2.0 License).

Which can be safely used with any other license including MIT and GNU GPL.


All versions of split-token with dependencies

PHP Build Version
Package Version
Requires php Version >=8.2
paragonie/constant_time_encoding Version ^2.6
paragonie/hidden-string Version ^2.0
psr/clock Version ^1.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package rollerworks/split-token contains the following files

Loading the files please wait ....