Skip to content

Library to manage HTTP authentication (Basic & Digest) with PHP

License

Notifications You must be signed in to change notification settings

Intervention/httpauth

Repository files navigation

Intervention HttpAuth

HTTP Authentication Management

Latest Version Tests Monthly Downloads Support me on Ko-fi

Installation

You can easily install this library using Composer. Just request the package with the following command:

composer require intervention/httpauth

Documentation

Read the full documentation for this library.

Usage

The workflow is easy. Just create an instance of Authenticator::class in the first step and secure your resource in the second step.

1. Create Authenticator Instance

To create authenticator instances you can choose between different methods.

Create Instance by Using Static Factory Method

use Intervention\HttpAuth\Authenticator;

// create http basic auth
$auth = Authenticator::basic(
    'myUsername',
    'myPassword',
    'Secured Area',
);

// create http digest auth
$auth = Authenticator::digest(
    'myUsername',
    'myPassword',
    'Secured Area',
);

Create Instance by Using Class Constructor

use Intervention\HttpAuth\Authenticator;

// alternatively choose DigestVault::class
$vault = new BasicVault(
    'myUsername',
    'myPassword',
    'Secured Area',
);

$auth = new Authenticator($vault);

Create Instance by Static Factory Method

use Intervention\HttpAuth\Authenticator;

// alternatively choose DigestVault::class
$vault = new BasicVault(
    'myUsername',
    'myPassword',
    'Secured Area',
);

$auth = Authenticator::withVault($vault);

2. Ask User for Credentials

After you created a HTTP authentication instance, you have to call secure() to secure the resource. This results in a 401 HTTP response and the browser asking for credentials.

$auth->secure();

A character string can optionally be passed to the method. This is displayed if authentication fails. Output from template engines can also be used here.

$auth->secure('Sorry, you can not access this resource!');

Server Configuration

Apache

If you are using Apache and running PHP with CGI/FastCGI, check the server configuration to make sure the authorization headers are passed correctly to PHP:

https://support.deskpro.com/en/kb/articles/missing-authorization-headers-with-apache

Authors

This library is developed and maintained by Oliver Vogel

Thanks to the community of contributors who have helped to improve this project.

License

Intervention HttpAuth is licensed under the MIT License.