PHPackages blerify/auth-php-client - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. blerify/auth-php-client ActiveLibrary[Authentication & Authorization](/categories/authentication) blerify/auth-php-client ======================= Blerify service-account authentication for PHP: signs a JWT client assertion and exchanges it at the Blerify IAM token endpoint for an access token (RFC 7523 private\_key\_jwt). v1.0.0(1w ago)00MITPHPPHP >=8.1CI passing Since May 28Pushed 1w agoCompare [ Source](https://github.com/BlerifyPlatform/auth-php-client)[ Packagist](https://packagist.org/packages/blerify/auth-php-client)[ RSS](/packages/blerify-auth-php-client/feed)WikiDiscussions main Synced 1w ago READMEChangelogDependencies (3)Versions (2)Used By (0) blerify/auth-php-client ======================= [](#blerifyauth-php-client) Service-account authentication for PHP clients of the Blerify platform. It signs a short-lived **JWT client assertion** with a service-account private key and exchanges it at the Blerify IAM token endpoint for an **access token**, which is then sent as `Authorization: Bearer ` on API calls. This is the [RFC 7523](https://www.rfc-editor.org/rfc/rfc7523) `private_key_jwt` client authentication flow. The token-acquisition logic was extracted from `blerify/mdl` (`php-mdl`) so it can be reused by any PHP service that calls Blerify — without depending on the mDL library. Requirements ------------ [](#requirements) - PHP >= 8.1 with `ext-curl`, `ext-openssl`, `ext-json` - A Blerify **service-account credentials** JSON file (issued by the Blerify portal when a service account is created) Install ------- [](#install) ``` composer require blerify/auth-php-client ``` Usage ----- [](#usage) ``` use Blerify\Auth\ServiceAccountTokenProvider; $tokens = ServiceAccountTokenProvider::fromFile(__DIR__ . '/credentials.json'); // Returns a cached token until shortly before it expires. $accessToken = $tokens->getAccessToken(); // Use it on any Blerify API request (e.g. via the gateway): // Authorization: Bearer {$accessToken} ``` ### Runnable example [](#runnable-example) A complete runnable example lives in [`index.php`](index.php): ``` composer install # Generate the service-account credentials JSON from the Blerify portal and # save it as config/credentials.json php index.php ``` It loads the credentials file, obtains a token, and shows how to attach it as a `Bearer` header. The credentials JSON is generated from the Blerify portal; `config/credentials.example.json` documents its shape, and real credentials files under `config/` are git-ignored. ### Credentials file [](#credentials-file) The service-account JSON is generated from the Blerify portal (create a service account, then download its credentials file). It contains (other fields are ignored): FieldUsed for`client_id``iss` / `sub` of the assertion, and the `client_id` form field`organization_id`sent as the `organization_id` form field`private_key`PEM key that signs the assertion (RS256)`token_uri`the Blerify IAM token endpoint`iam_audience`the `aud` of the assertionWhat happens on the wire ------------------------ [](#what-happens-on-the-wire) The provider builds and signs this assertion: ``` // header { "alg": "RS256", "typ": "JWT" } // payload { "iss": "", "sub": "", "aud": "", "iat": 1700000000, "exp": 1700003600, // iat + 3600 "jti": "" } ``` and POSTs it as `application/x-www-form-urlencoded` to `token_uri`: ``` POST {token_uri} Content-Type: application/x-www-form-urlencoded client_id={client_id}&organization_id={organization_id}&client_assertion={signed_jwt} ``` The endpoint responds with a standard OAuth2 token response; the `access_token`field is what gets used as the Bearer token. Customizing the transport ------------------------- [](#customizing-the-transport) `getAccessToken()` uses cURL by default. To use a different HTTP stack (or to test without a network), implement `Blerify\Auth\TokenEndpointClient` and pass it in: ``` $tokens = new ServiceAccountTokenProvider($credentials, $myTokenEndpointClient); ``` Development ----------- [](#development) ``` composer install composer test # runs PHPUnit ``` Unit tests use a throwaway RSA keypair fixture (`tests/fixtures/`) to verify the signed assertion's claims and signature, the form sent to the endpoint, token caching and renewal, and error handling — no network or real credentials required. ### Health Score 38 — LowBetter than 83% of packages Maintenance98 Actively maintained with recent releases Popularity0 Limited adoption so far Community6 Small or concentrated contributor base Maturity42 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 12d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/11699587?v=4)[Erick Pacheco Pedraza](/maintainers/eum602)[@eum602](https://github.com/eum602) --- Top Contributors [![eum602](https://avatars.githubusercontent.com/u/11699587?v=4)](https://github.com/eum602 "eum602 (10 commits)") --- Tags jwtAuthenticationoauth2service accountblerify ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/blerify-auth-php-client/health.svg) ``` [![Health](https://phpackages.com/badges/blerify-auth-php-client/health.svg)](https://phpackages.com/packages/blerify-auth-php-client) ``` ### Alternatives [google/auth Google Auth Library for PHP 1.4k286.7M203](/packages/google-auth)[ellaisys/aws-cognito AWS Cognito package that allows Auth and other related features using the AWS SDK for PHP 121242.9k1](/packages/ellaisys-aws-cognito)[dev-toolbelt/jwt-token-manager Framework-agnostic JWT token manager with RSA/HMAC support 111.3k](/packages/dev-toolbelt-jwt-token-manager) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)