PHPackages authlib/authlib - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. authlib/authlib ActiveLibrary[Authentication & Authorization](/categories/authentication) authlib/authlib =============== A PHP authentication library with JWT support and JWKS validation 01PHP Since Dec 19Pushed 5mo agoCompare [ Source](https://github.com/aganguly0706/authlib)[ Packagist](https://packagist.org/packages/authlib/authlib)[ RSS](/packages/authlib-authlib/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) AuthLib - Role-Based Access Control (RBAC) Authorization Library ================================================================ [](#authlib---role-based-access-control-rbac-authorization-library) [![PHP Version](https://camo.githubusercontent.com/c9f64f714c636ba27a3bba6dfd52f98426832db1262747efa54b212d16943651/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7068702d253545382e322d626c7565)](https://www.php.net/)[![License](https://camo.githubusercontent.com/8bb50fd2278f18fc326bf71f6e88ca8f884f72f179d3e555e20ed30157190d0d/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d677265656e2e737667)](LICENSE)[![Build Status](https://camo.githubusercontent.com/b0c6c6845a74cb65a7f0a32bdcfd8fbf80eeb40026c4029af424ab371c94b8bd/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6275696c642d70617373696e672d627269676874677265656e)](https://github.com/authlib/rbac-authorization) A comprehensive PHP authorization library implementing Role-Based Access Control (RBAC) with Active Directory group integration, JWT token validation, and fine-grained permission management. What This Library Does ---------------------- [](#what-this-library-does) AuthLib provides a complete RBAC solution that follows this authorization flow: ``` Active Directory Groups → Roles → Permissions → Function-Level Access ``` ### Core Features [](#core-features) - **RBAC Implementation**: Complete role-based access control with hierarchical permissions - **AD Group Integration**: Maps Active Directory groups to application roles automatically - **JWT/OIDC Support**: Full OpenID Connect integration with PingFederate and other providers - **SAML 2.0 Support**: Complete SAML assertion validation with signature verification and claims extraction - **Permission Caching**: High-performance PSR-6 compliant caching for authorization decisions - **Audit Logging**: Comprehensive audit trails using PSR-3 compatible loggers (Monolog) - **Policy Enforcement**: Fine-grained policy engines (time-based, IP-based, resource ownership) - **Database Agnostic**: PDO-based repository with MySQL optimization - **Framework Integration**: Ready-to-use middleware for Laravel, Slim, and plain PHP ### Authorization Flow [](#authorization-flow) 1. **Authentication**: User authenticates via OIDC/JWT with PingFederate 2. **Group Extraction**: JWT claims contain AD group memberships 3. **Role Mapping**: Groups are mapped to application roles in the database 4. **Permission Resolution**: Roles grant specific permissions to users 5. **Function-Level Control**: Permissions control access to specific application functions 6. **Policy Enforcement**: Additional policies (time, IP, ownership) can further restrict access 7. **Audit Logging**: All authorization decisions are logged for compliance Installation ------------ [](#installation) Install via Composer: ``` composer require authlib/rbac-authorization ``` ### Requirements [](#requirements) - PHP 8.2 or higher - PDO extension with MySQL/PostgreSQL driver - OpenSSL extension (for JWT validation) Quick Start ----------- [](#quick-start) ### 1. Database Setup [](#1-database-setup) Run the included migrations to set up the RBAC tables: ``` # Create database tables php vendor/bin/authlib migrate # Seed with sample data (optional) php vendor/bin/authlib seed ``` Or run the SQL manually: ``` -- Run the migration file mysql -u your_user -p your_database