PHPackages                             aura/auth - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. aura/auth

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

aura/auth
=========

Provides a unified interface to authenticate a user with local or remote authentication systems.

4.0.3(4y ago)134243.0k↓45.2%29[4 issues](https://github.com/auraphp/Aura.Auth/issues)[1 PRs](https://github.com/auraphp/Aura.Auth/pulls)12BSD-2-ClausePHPPHP &gt;=7.2.0CI failing

Since Oct 5Pushed 5mo ago16 watchersCompare

[ Source](https://github.com/auraphp/Aura.Auth)[ Packagist](https://packagist.org/packages/aura/auth)[ Docs](https://github.com/auraphp/Aura.Auth)[ RSS](/packages/aura-auth/feed)WikiDiscussions 4.x Synced 3d ago

READMEChangelog (7)Dependencies (3)Versions (11)Used By (12)

Aura.Auth
=========

[](#auraauth)

Provides authentication functionality and session tracking using various adapters; currently supported adapters are:

- Apache htpasswd files
- SQL tables via the [PDO](http://php.net/pdo) extension
- IMAP/POP/NNTP via the [imap](http://php.net/imap) extension
- LDAP and Active Directory via the [ldap](http://php.net/ldap) extension
- OAuth via customized adapters

Note that the purpose of this package is only to authenticate user credentials. It does not currently, and probably will not in the future, handle user account creation and management. That is more properly the domain of application-level functionality, or at least a separate Aura bundle.

Foreword
--------

[](#foreword)

### Installation

[](#installation)

This library requires PHP 7.2 or later, and has no userland dependencies.

It is installable and autoloadable via Composer as [aura/auth](https://packagist.org/packages/aura/auth).

Alternatively, [download a release](https://github.com/auraphp/Aura.Auth/releases) or clone this repository, then require or include its *autoload.php* file.

### Quality

[](#quality)

[![Scrutinizer Code Quality](https://camo.githubusercontent.com/5efec33bd7081c49c867ab630b762b5fbf58bc915bd1d87f3bae17490df33902/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f617572617068702f417572612e417574682f6261646765732f7175616c6974792d73636f72652e706e673f623d646576656c6f702d32)](https://scrutinizer-ci.com/g/auraphp/Aura.Auth/?branch=develop-2)[![Code Coverage](https://camo.githubusercontent.com/1128ef8d399430c700c043c1c727e65dee3897bc3386c228c81f812c2f0e03e0/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f617572617068702f417572612e417574682f6261646765732f636f7665726167652e706e673f623d646576656c6f702d32)](https://scrutinizer-ci.com/g/auraphp/Aura.Auth/?branch=develop-2)[![Build Status](https://camo.githubusercontent.com/2b68933c2368d298f9b5f92df44a7dba89061fd9be2e3321ac1d3c79097f9f82/68747470733a2f2f7472617669732d63692e6f72672f617572617068702f417572612e417574682e706e673f6272616e63683d646576656c6f702d32)](https://travis-ci.org/auraphp/Aura.Auth)

To run the unit tests at the command line, issue `composer install` and then `vendor/bin/phpunit` at the package root. This requires [Composer](http://getcomposer.org/) to be available as `composer`.

This library attempts to comply with [PSR-1](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-1-basic-coding-standard.md), [PSR-2](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-2-coding-style-guide.md), and [PSR-4](https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-4-autoloader.md). If you notice compliance oversights, please send a patch via pull request.

### Community

[](#community)

To ask questions, provide feedback, or otherwise communicate with the Aura community, please join our [Google Group](http://groups.google.com/group/auraphp), follow [@auraphp on Twitter](http://twitter.com/auraphp), or chat with us on #auraphp on Freenode.

Getting Started
---------------

[](#getting-started)

### Instantiation

[](#instantiation)

To track authentication state and related information, create an *Auth* object using the *AuthFactory*.

```

```

You can retrieve authentication information using the following methods on the *Auth* instance:

- `getUserName()`: returns the authenticated username string
- `getUserData()`: returns the array of optional arbitrary user data
- `getFirstActive()`: returns the Unix time of first activity (login)
- `getLastActive()`: return the Unix time of most-recent activity (generally that of the current request)
- `getStatus()`: returns the current authentication status constant. These constants are:

    - `Status::ANON` -- anonymous/unauthenticated
    - `Status::IDLE` -- the authenticated session has been idle for too long
    - `Status::EXPIRED` -- the authenticated session has lasted for too long in total
    - `Status::VALID` -- authenticated and valid
- `isAnon()`, `isIdle()`, `isExpired()`, `isValid()`: these return true or false, based on the current authentication status.

You can also use the `set*()` variations of the `get*()` methods above to force the *Auth* object to whatever values you like. However, because the values are stored in a `$_SESSION` segment, the values will not be retained if a session is not running.

To retain values in a session, you can start a session by force with `session_start()` on your own. Alternatively, it would be better to use one of the Aura.Auth package services to handle authentication and session-state management for you.

### Services

[](#services)

This package comes with three services for dealing with authentication phases:

- *LoginService* to log in and start (or resume) a session,
- *LogoutService* to log out and remove the username and user data in the session (note that this **does not** destroy the session), and
- *ResumeService* to resume a previously-started session.

You can create each by using the *AuthFactory*. For now, we will look at how to force login and logout; later, we will show how to have the service use a credential adapter.

#### Forcing Login

[](#forcing-login)

You can force the *Auth* object to a logged-in state by calling the *LoginService* `forceLogin()` method with a user name and optional arbitrary user data.

```
