PHP download

Download the PHP package taproot/authentication without Composer

On this page you can find all versions of the php package taproot/authentication. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download taproot/authentication
More information about taproot/authentication
Files in taproot/authentication

Vendor taproot
Package authentication
Short Description Makes adding indieauth login (client app) and token generation (server app) to your Silex/Symfony app as easy as it should be.
License MIT

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Example code of taproot/authentication

Informations about the package authentication

Abandoned!

taproot/authentication is deprecated and no longer maintained. Future development will happen in the newer, more compatible and better tested taproot/indieauth

taproot/authentication

A library for quickly adding full-blown indieauth/web sign-in support to Silex/Symfony applications. Built on top of indieweb/indieauth-client.

Installation

Install using Composer:

./composer.phar require taproot/authentication:~0.1

Usage

taproot/authentication exposes two functions, which, given your Silex $app, set up pre/post request handlers and return a route collection which you can mount wherever you like.

Both functions require several services on $app:

url_generator: a Symfony Routing UrlGeneratorInterface instance, e.g. one provided by a UrlGeneratorServiceProvider in Silex.
encryption: an object implementing two methods, string encrypt(mixed $data) and mixed decrypt(string $token) capable of encrypting and decrypting arbitrary data. Usually an instance of [Illuminate\Encryption\Encrypter](https://github.com/illuminate/encryption)

Both functions will optionally make use of the following services, but do not require them to function:

logger: a PSR-3-compatible logging interface

Taproot\Authentication\client()

client() implements the logic and routes required for users to log into your app using their domains, and optionally grant it permissions (e.g. to use micropub to post new content to their website).

It returns a RouteCollection ready to be mounted wherever you want, containing the following routes:

/login/ (indieauth.login) — POST to this URL with required “me” and optional “next” parameters to start the login process
/authorize/ (indieauth.authorize) — the URL redirected to by the user’s authorization server after successful authorization. Checks details and sets remember-me cookie
/logout/ (indieauth.logout) — POST to this URL (with optional “next” parameter) whilst logged in to log out, i.e. remove the remmeber-me cookies.

After a successful login, client() sets a remember-me cookie on the user’s browser from which they can be identified in future requests. By default the contents of the cookie is just the array containing their information, encrypted, but if you wish to use another form of storage you can pass data -> cookie and cookie -> data functions to client(), e.g.:

If the pre-request handler finds the remember-me cookie on a request, it turns it into an array of information about the current user and adds it to $request->attributes under indieauth.client.token.

This array will always have a me property which is the URL the user signed in as. Additionally, depending on how the user signed in, whether or not they have a micropub endpoint, and what permissions they have granted you, it may have other properties.

This is how you would typically use the token in a controller:

To programatically log a user out, call $app['indieauth']->logoutResponse($response) before sending the response.

client() doesn’t require any services other than the ones detailed above, but defaults can be overridden by the following services:

indieauth.url: if a user tries to log in but an authorization server can’t be found, fall back to using this server. Defaults to 'https://indieauth.com'
indieauth.cookiename: the name of the cookie used to remember the current user. _random will be appended to this for the random state persistance. Defaults to 'indieauth_token'.
indieauth.cookielifetime: the lifetime, in seconds, for indieauth remember-me cookies to last. Defaults to 60 days.
indieauth.loginredirecturl: if no “next” POST parameter is given on login attempts, redirect to this URL. If unset, redirects to $request->getHttpHost()
indieauth.clientid: the string to use to identify this indieauth app. If unset, defaults to $request->getHttpHost()
indieauth.securecookie: bool, whether or not to set the auth process and token cookies to HTTPS-only. Defaults to true, turn off only for development.

Taproot\Authentication\server()

server() creates event handlers and routes implementing a token provider and resource server (i.e. micropub endpoint which client apps can make posts to on behalf of users).

The token endpoint only supports a single user logging in. Their URL must be defined in $app['owner']['url']. It’s suggested to use $app['owner'] as a place for storing information about the site owner, and for authorization purposes e.g.

It returns a RouteCollection ready to be mounted wherever you want, with the following route:

/token/ (indieauth.token) — clients POST to this URL with a bunch of details, including encrypted state, to gain an access token.

During the authorization process, the server creates an access token for the client app, granting them certain permissions (scope). Then, when client apps make requests with the access token, a pre-request listener picks them up and annotates the $request object with information about the user and client “logged in”.

Here’s how it would typically be used in a controller — for example, a micropub endpoint:

Much like client(), by default server() maps between access tokens and their data without saving them to persistant storage — the access token is simply an encrypted form of the array, which is then decrypted. This is very simple, but there are advantages to storing access token data persistently — for example, listing authorized apps and allowign them to be revoked.

You may define your own token -> data and data -> token functions in exactly the same way as with client():

Questions with answers

Can an app be both a client and a server?

Yes it can! In fact before this code was separated into client and server code when it was packaged up, the two shared the same route collection and before/after listeners. Simply mount + set up both route collections.

Can this be used outside of Silex?

It works best with silex but with some small modifications might be easily adapted to any project using Symfony HTTP Kernel — if you’re interested in getting this working, raise an issue.

Alternatively, take a look at indieweb/indieauth-client, Aaron Parecki’s excellent library of which taproot/authentication is merely a thin wrapper.

Contributions + Testing

Contributions (especially bug reports and security reviews) are greatly welcome! Please raise an issue here, or ping barnabywalters on the indiewebcamp IRC channel.

As of version 0.1.0, there’s only the stub of a test suite — I plan to write comprehensive functional tests using a mock app, but such things take time, and the code is already in daily use on waterpigs.co.uk.

Changelog

v0.1.0 2014-04-09

Initial extraction from Taproot
Split messy code into well-defined client app and resource server portions
Initial documentation
Stubbed test suite

All versions of authentication with dependencies

PHP Build Version

Package Version

Version v0.2.0 Release 21. Apr 2021
create-project require 0 people choosed require and
0 people choosed create-project.

Download

Download latest version of authentication from vendor taproot

Requires indieauth/client Version *
guzzle/guzzle Version *
psr/log Version *
symfony/routing Version ~2.3|3.0.*

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package taproot/authentication contains the following files

Loading the files please wait ....