PHP library provides functionality for generating Time-based One Time Passwords (TOTP) and HMAC-based One Time Passwords (HOTP), commonly used in two-factor authentication (2FA) systems.

Go to Download

fshangala/auth2-ation

0 Favers
13 Downloads

Authentication and authorization system for laravel and lumen

Go to Download

kak/authclient

0 Favers
14 Downloads

Auth clients for Yii2

Go to Download

sixpark-source/oauth2

0 Favers
22 Downloads

6park auth2.0 demo

Go to Download

laravelrotebal/nova-oauth2-login

0 Favers
161 Downloads

Some classes for fix working auth2 with nova

Go to Download

grim-reapper/xero

0 Favers
7 Downloads

XERO Auth2 integration

Go to Download

# Authentication Requests made to our APIs must be authenticated, there are two ways to do this: 1. Authenticating using your API apiUsername and apiPassword - `Basic Auth` 2. Authenticating using an Auth Token - `Bearer Token` ## Method 1: Basic Auth Basic Authentication is a method for an HTTP user agent (e.g., a web browser) to provide a apiUsername and apiPassword when making a request. When employing Basic Authentication, users include an encoded string in the Authorization header of each request they make. The string is used by the request’s recipient to verify users’ identity and rights to access a resource. The Authorization header follows this format: > Authorization: Basic base64(apiUsername:apiPassword) So if your apiUsername and apiPassword are `onfon` and `!@pas123`, the combination is `onfon:!@pas123`, and when base64 encoded, this becomes `b25mb246IUBwYXMxMjM=`. So requests made by this user would be sent with the following header: > Authorization: Basic b25mb246IUBwYXMxMjM= | Description | | ---------------------------------------------------------------------------------------------- | | **apiUsername** `String` `Required` Your onfon account apiUsername, retrieved from portal | | **apiPassword** `String` `Required` Your onfon account apiPassword, retrieved from portal | ## Method 2: Bearer Tokens This authentication stategy allows you to authenticate using JSON Web Token ``JWT` that will expire after given duration. Each Access Token is a `JWT`, an encoded JSON object with three parts: the `header`, the `payload`, and the `signature`. The following is an example Access Token generated for Conversations > Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c ### Getting the token To generate the token, make a `POST` request to `/v1/authorization` endpoint with your `apiUsername` and `apiPassword` This request should be made from your server and not on the client side such as browser or mobile environment. You will receive a JSON similar to below: `{ "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c", "validDurationSeconds": 3600}` You can use the token received to make API calls. The token will be valid for value of `validDurationSeconds`, before which you should generate a new token. #### Request Body ``` { "apiUsername": "root", "apiPassword": "hakty11" } ``` #### Response Body ``` { "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c", "validDurationSeconds": 3600 } ``` #### Example Curl ``` curl --location --request POST 'https://apis.onfonmedia.co.ke/v1/authorization' \ --data-raw '{ "apiUsername": "correctapiUsername", "apiPassword": "correctapiPassword" } ``` #### Making an API call You will be required to pass the token in `Authorization` header prefixed by `Bearer` when calling other endpoints. Example `Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c`

Go to Download