Jasny Auth
Authentication, authorization and access control for PHP.
Features
- Multiple authorization strategies, like groups (for acl) and levels.
- Authorization context (eg. "is the user an admin of this team?").
- PSR-14 events for login and logout.
- PSR-15 middleware for access control.
- Session invalidation, explicit or implicit (eg. after password change).
- Multi-factor authentication support.
- JWT and Bearer authentication support.
- Confirmation tokens for sign up confirmation and forgot-password.
- PSR-3 logging of interesting events.
- Customizable to meet the requirements of your application.
Installation
Install using composer
composer require jasny/auth
Usage
Auth
is a composition class. It takes an authz, storage, and optionally a confirmation service.
use Jasny\Auth\Auth;
use Jasny\Auth\Authz\Levels;
$levels = new Levels(['user' => 1, 'moderator' => 10, 'admin' => 100]);
$auth = new Auth($levels, new AuthStorage());
session_start();
$auth->initialize();
// Later...
if (!$auth->is('admin')) {
http_response_code(403);
echo "Access denied";
exit();
}
The Auth
service isn't usable until it's initialized. This should be done after the session is started.
session_start();
$auth->initialize();
Documentation
- Home
- Setup
- Authentication
- Authorization
- Sessions
- Middleware (for access control)
- MFA (Multi-factor authentication)
- TOTP (aka Google authenticator)
- Confirmation
- Random token
- Hashids
- Examples
- Logging