PHPackages                             bacon/bacon-authentication - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. bacon/bacon-authentication

AbandonedArchivedLibrary[Authentication &amp; Authorization](/categories/authentication)

bacon/bacon-authentication
==========================

General purpose authentication module

96223[3 issues](https://github.com/Bacon/BaconAuthentication/issues)[1 PRs](https://github.com/Bacon/BaconAuthentication/pulls)PHP

Since Jun 5Pushed 9y ago1 watchersCompare

[ Source](https://github.com/Bacon/BaconAuthentication)[ Packagist](https://packagist.org/packages/bacon/bacon-authentication)[ RSS](/packages/bacon-bacon-authentication/feed)WikiDiscussions master Synced yesterday

READMEChangelogDependenciesVersions (1)Used By (0)

BaconAuthentication
===================

[](#baconauthentication)

Master: [![Build Status](https://camo.githubusercontent.com/c8ec68f824a152ab088a9c3522953bb44259439c9d30188e5a75e3452c70d129/68747470733a2f2f6170692e7472617669732d63692e6f72672f4261636f6e2f4261636f6e41757468656e7469636174696f6e2e706e673f6272616e63683d6d6173746572)](http://travis-ci.org/Bacon/BaconAuthentication)[![Coverage Status](https://camo.githubusercontent.com/388c6fa7bb86572c2024522301d24efbf0c7b04e36cd3b6f1b7326dfc521352b/68747470733a2f2f636f766572616c6c732e696f2f7265706f732f4261636f6e2f4261636f6e41757468656e7469636174696f6e2f62616467652e706e673f6272616e63683d6d6173746572)](https://coveralls.io/r/Bacon/BaconAuthentication)

Introduction
------------

[](#introduction)

BaconAuthentication is a general purpose authentication module for Zend Framework 2. It comes with a pluggable authentication service which allows to not only create simple username/password authentication, but also to easily integrate third-party authentication (like OpenID or OAuth), as well as two-factor authentication.

Installation
------------

[](#installation)

1. Add Baconauthentication to your composer.json. Either use a stable tag for this or dev-master:

    ```
    "require": {
        "bacon/bacon-authentication": "dev-master"
    }
    ```
2. Tell composer to download BaconAuthentication:

    ```
    $ php composer.phar update
    ```

Theory of operation
-------------------

[](#theory-of-operation)

BaconAuthentication comes with an authentication service interface (`BaconAuthentication\AuthenticationServiceInterface`), which defines two methods. The first one being `authenticate($request, $response)`, which tries to authenticate the current request. This method is used for both processing current input from the user (e.g. a login form), as well as retreiving the currently authenticated subject. The return value of this method will always be a [Result object](#the-result-object).

The other method is `resetCredentials()`, which will simply remove all persisted information and thus make the authenticated subject anonymous again.

### The Result object

[](#the-result-object)

The Result object `BaconAuthentication\Result\Result` implements the `BaconAuthentication\Result\ResultInterface`. It comes with the following four methods to distinguish between different states:

- `isSuccess()`: True when authentication was successful.
- `isFailure()`: True when authentication failed.
- `isChallenge()`: True when a challenge was generated. In this case you should return the response object back to ZF2.
- `getPayload()`: Returns the payload of the result. In case of a success, it will be the identifier of the authenticated subject. In the case of failure, it will contain an [Error object](#the-error-object).

### The Error object

[](#the-error-object)

The Error object is used to carry error information. It contains two methods:

- `getScope()`: Returns the scope of the error, which usually is the plugin name which generated the error.
- `getMessage()`: Returns the actual error message.

Pluggable authentication service
--------------------------------

[](#pluggable-authentication-service)

A simple but yet powerful implementation of the authentication service interface is shipped with BaconAuthentication. It allows you to add plug-ins to the service which each fulfill specific tasks. These plug-ins are defined by the following interfaces, all located in the `BaconAuthentication\Plugin`namespace:

- `AuthenticationPluginInterface`: Receives credentials and tries to authenticate them.
- `ChallengePluginInterface`: Creates a challenge when no authentication was possible.
- `EventAwarePluginInterface`: Attaches itself to one or more events to fulfill its tasks.
- `ExtractionPluginInterface`: Extracts credentials from a request, which are the passed to all authentication plug-ins.
- `ResetPluginInterface`: Resets persisted authentication information.

Each plug-in may implement one or more of these interfaces. To add a plug-in to the service, pass it to the `addPlugin($plugin, $priority = 1)` method. By changing the priority, you can force earlier or later execution than of this specific plug-in. For more information about the specific plug-in interfaces, please refer to their respective in-line documentation.

Beside those interfaces, BaconAuthentication also comes with the following pre-defined plug-ins:

- [HttpBasicAuth](#http-basic-auth-plug-in)
- [HttpPost](#http-post-plug-in)
- [Session](#session-plug-in)

### HTTP Basic Auth plug-in

[](#http-basic-auth-plug-in)

The basic auth plug-in takes care of extracting credentials from the HTTP headers, as well as triggering the credentials dialog when no credentials where passed. This one should only be used in very simple applications and also used with care, as there is no way for the application to let the browser forget the credentials.

### HTTP POST plug-in

[](#http-post-plug-in)

The HTTP POST plug-in is responsible for extracting identity and password from a POST request. Beside usual extraction, it also accepts an InputFilter to validate and filter the incoming data. It also takes a login form URL, which it will redirect to if no authentication information are available.

### Session plug-in

[](#session-plug-in)

The session plug-in is responsible for storing a retrieved identifier in the session and return it early in the authentication process. This one is a must-have for most HTTP-based applications.

###  Health Score

24

—

LowBetter than 31% of packages

Maintenance13

Infrequent updates — may be unmaintained

Popularity21

Limited adoption so far

Community11

Small or concentrated contributor base

Maturity41

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 95.5% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

### Community

Maintainers

![](https://www.gravatar.com/avatar/0490627b04e8600f8227138bac3d4aea04c22eecfa119e73b47c362363904847?d=identicon)[DASPRiD](/maintainers/DASPRiD)

---

Top Contributors

[![DASPRiD](https://avatars.githubusercontent.com/u/233300?v=4)](https://github.com/DASPRiD "DASPRiD (21 commits)")[![dereckson](https://avatars.githubusercontent.com/u/135563?v=4)](https://github.com/dereckson "dereckson (1 commits)")

### Embed Badge

![Health badge](/badges/bacon-bacon-authentication/health.svg)

```
[![Health](https://phpackages.com/badges/bacon-bacon-authentication/health.svg)](https://phpackages.com/packages/bacon-bacon-authentication)
```

###  Alternatives

[kartik-v/yii2-password

Useful password strength validation utilities for Yii Framework 2.0

791.3M17](/packages/kartik-v-yii2-password)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
