PHPackages bemit/auth-middleware - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. bemit/auth-middleware ActiveLibrary[Authentication & Authorization](/categories/authentication) bemit/auth-middleware ===================== Custom PSR Middleware for multi project auth & auth with Auth0. 0.1.3(4y ago)0428MITPHPPHP >=8.1 Since Jun 12Pushed 4y ago1 watchersCompare [ Source](https://github.com/bemit/auth-middleware)[ Packagist](https://packagist.org/packages/bemit/auth-middleware)[ Docs](https://bemit.eu)[ RSS](/packages/bemit-auth-middleware/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (7)Versions (9)Used By (0) Auth0 Service and Middleware ============================ [](#auth0-service-and-middleware) [![Latest Stable Version](https://camo.githubusercontent.com/fc0228dbd35f4680ddbaa9cc2511d372bc379b4c6502fb96e7a55dc40f5be108/687474703a2f2f706f7365722e707567782e6f72672f62656d69742f617574682d6d6964646c65776172652f76)](https://packagist.org/packages/bemit/auth-middleware) [![License](https://camo.githubusercontent.com/850db3b3e00a398cf18deceeb2efd50f10ed4d3216b97af44745436c13e40d98/687474703a2f2f706f7365722e707567782e6f72672f62656d69742f617574682d6d6964646c65776172652f6c6963656e7365)](https://packagist.org/packages/bemit/auth-middleware) Some custom auth middleware to support multi tenants (a tenant is a `project` then) and multiple "providing services" against which a user in a project is identified and maybe authorized. Build with / around [auth0](https://auth0.com) and some (not published) custom identity provider. Requires `psr/http-client`, `psr/http-factory` and `psr/log` implementations. Made for stateless PHP APIs, not for PHP session auth. Uses one Auth0 SPA Application which produces/verifies the access token, and an optional Auth0 Server Application which is used to auth against the Auth0 Management API. ``` composer require bemit/auth-middleware ``` `Bemit\AuthMiddleware\Auth0Service` ----------------------------------- [](#bemitauthmiddlewareauth0service) Provides the Auth0 management API client, if not used, doesn't need to be configured. - for constructor check [example dependencies definition](#dependencies) - `management(): Management` `Bemit\AuthMiddleware\AuthService` ---------------------------------- [](#bemitauthmiddlewareauthservice) Provides the verifier for client access tokens. - for constructor check [example dependencies definition](#dependencies) - `validate(string $token, ?string $audience = null): ?ValidateResult` to verify a token - the token must be pure, e.g. without `Bearer ` - if `audience` is specified, this audience is used to verify the token, it must be in `allowed_audiences` - `isAudienceAllowed(string $audience): bool` `Bemit\AuthMiddleware\AuthMiddleware` ------------------------------------- [](#bemitauthmiddlewareauthmiddleware) A PSR Middleware that extracts the access token and maybe an audience from headers, verifies it and adds the validation result to the request attributes. If e.g. the audience is not allowed, returns `401` with a JSON response containing the reason. **No special handling** when the token is invalid, check inside your request handler and throw/response accordingly. **Catches throws** of `NotAuthorizedException` and responds with `401`, with `{error: string, reason: string}`, where `reason` is the optional exception message. - `__construct(AuthService $auth, Psr\Http\Message\ResponseFactoryInterface $response, Psr\Http\Message\StreamFactoryInterface $stream)` - `process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface` Uses headers: - `AUDIENCE` to optionally specify a custom audience id - `AUTHORIZATION` the access token in `Bearer THE_TOKEN_A1234` format Adding attributes when authenticated: - `auth_token_data` as [`Bemit\AuthMiddleware\TokenData`](https://github.com/bemit/auth-middleware/blob/master/src/ValidateResult/TokenData.php) - `auth_user_data` as [`Bemit\AuthMiddleware\UserData`](https://github.com/bemit/auth-middleware/blob/master/src/ValidateResult/UserData.php) - `auth_project` as [`Bemit\AuthMiddleware\ProjectData`](https://github.com/bemit/auth-middleware/blob/master/src/ValidateResult/ProjectsData.php) - `auth_id` as `string` with the `sub` (user-id) `Bemit\AuthMiddleware\RequestHandlerAuthorizeChecker` ----------------------------------------------------- [](#bemitauthmiddlewarerequesthandlerauthorizechecker) `trait` for PSR request handler to easily validate if access should be granted, throws `Bemit\AuthMiddleware\NotAuthorizedException` when some authorize check fails. - `requireRole(ServerRequestInterface $request, string $service, string $role): void` - fails when role is not granted for the service - `requireRoleOneOf(ServerRequestInterface $request, string $service, array $possible_roles): void` - `possible_roles` as `string[]`, only one of the specified roles must match - `requireProjectAccess(ServerRequestInterface $request, string $project_id): void` - does not check for any roles, only that the specified access token is valid against the given `project` `Bemit\AuthMiddleware\RequestAuthorizeContext` ---------------------------------------------- [](#bemitauthmiddlewarerequestauthorizecontext) Convenience functions to get the typed data out of the server request attributes. - `static getTokenData(ServerRequestInterface $request): ?TokenData` - `static getUserData(ServerRequestInterface $request): ?UserData` - `static getProject(ServerRequestInterface $request): ?ProjectData` - `static getId(ServerRequestInterface $request): ?string` `Bemit\AuthMiddleware\NotAuthorizedException` --------------------------------------------- [](#bemitauthmiddlewarenotauthorizedexception) Exception to be used when needs authorization, but doesn't have them. Dependencies ------------ [](#dependencies) Dependency definition example, with PHP\\DI: ```