PHPackages daycry/auth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. daycry/auth ActiveLibrary[Authentication & Authorization](/categories/authentication) daycry/auth =========== Authentication for Codeigniter 4 v5.0.0(1mo ago)1952MITPHPPHP ^8.1CI passing Since Dec 21Pushed 1mo ago1 watchersCompare [ Source](https://github.com/daycry/auth)[ Packagist](https://packagist.org/packages/daycry/auth)[ Docs](https://github.com/daycry/auth)[ RSS](/packages/daycry-auth/feed)WikiDiscussions development Synced 1mo ago READMEChangelog (10)Dependencies (31)Versions (43)Used By (0) [![Donate](https://camo.githubusercontent.com/604e3db9c8751116b3f765aad0353ec7ded655bbe8aaacbc38d8c4a6b784b3ed/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f446f6e6174652d50617950616c2d677265656e2e737667)](https://www.paypal.com/donate?business=SYC5XDT23UZ5G&no_recurring=0&item_name=Thank+you%21¤cy_code=EUR) Daycry Auth =========== [](#daycry-auth) [![Tests](https://github.com/daycry/auth/actions/workflows/phpunit.yml/badge.svg?branch=main)](https://github.com/daycry/auth/actions/workflows/phpunit.yml)[![Static Analysis](https://github.com/daycry/auth/actions/workflows/static-analysis.yml/badge.svg?branch=main)](https://github.com/daycry/auth/actions/workflows/static-analysis.yml)[![Coverage Status](https://camo.githubusercontent.com/9df9f7200147fc8e2363bb0ba5287c602ea49b9061e83bf349a7d5777c1c8b15/68747470733a2f2f636f766572616c6c732e696f2f7265706f732f6769746875622f6461796372792f617574682f62616467652e7376673f6272616e63683d6d61696e)](https://coveralls.io/github/daycry/auth?branch=main)[![Documentation Status](https://camo.githubusercontent.com/3e747d21b6454f39cef3d557bcae9c9243f5dfe39144cec3664d330ab0453821/68747470733a2f2f72656164746865646f63732e6f72672f70726f6a656374732f61757468656e7469636174696f6e2d666f722d636f646569676e697465722d342f62616467652f3f76657273696f6e3d6c6174657374)](https://authentication-for-codeigniter-4.readthedocs.io/en/latest/?badge=latest)[![Downloads](https://camo.githubusercontent.com/7d63f9195f81796c44e3ae68d5332b361356b9cd08f9ca495963645af63ffef2/68747470733a2f2f706f7365722e707567782e6f72672f6461796372792f617574682f646f776e6c6f616473)](https://packagist.org/packages/daycry/auth)[![GitHub release (latest by date)](https://camo.githubusercontent.com/8b62ad9342faec8a2eca7347141f99dddd6638ce1e3680a9ddcd7b8f6a241b77/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f762f72656c656173652f6461796372792f61757468)](https://packagist.org/packages/daycry/auth)[![GitHub stars](https://camo.githubusercontent.com/496ddfd1f0c7c643b919f7b7e83f2b328c47cf1df39340e16815dbb6fc5d246c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f73746172732f6461796372792f61757468)](https://packagist.org/packages/daycry/auth)[![GitHub license](https://camo.githubusercontent.com/d9b7a6ca0e3ede8c49e42b9d5ccefa1f6bedc700d00eefd277b9dff77ef1db46/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f6461796372792f61757468)](https://github.com/daycry/auth/blob/main/LICENSE) A comprehensive authentication and authorization library for **CodeIgniter 4**, designed to be flexible, secure, and easy to extend. ``` composer require daycry/auth ``` --- Features -------- [](#features) ### Authentication Methods [](#authentication-methods) MethodDescription**Session**Email/password with secure remember-me cookies**Access Token**Long-lived API keys sent via `X-API-KEY` header**JWT**Stateless Bearer tokens with refresh token rotation**Magic Link**Passwordless login via one-time email link**OAuth 2.0**Social login: Google, GitHub, Facebook, Microsoft Azure### Security Features [](#security-features) FeatureDescription**TOTP Two-Factor Auth**Time-based OTP (Google Authenticator, Authy, 1Password)**Email Two-Factor Auth**6-digit code sent to user's email after login**Email Activation**Require email confirmation before first login**Per-User Account Lockout**Lock account after N failed attempts (independent of IP)**IP-Based Blocking**Block IPs that exceed failed attempt limits**Rate Limiting**Per-IP, per-user, or per-endpoint request throttling**Force Password Reset**Flag accounts for mandatory password change**Password Reset Flow**Secure token-based reset with email delivery**Self-Service Email Change**Change email with confirmation link to new address**Access Token Revocation**Soft-revoke tokens without deleting them**Device Session Tracking**See and terminate active logins per device/browser**UUID Dual-Key Pattern**Internal `id` (INT) + external `uuid` (UUID v7) on users### Authorization [](#authorization) FeatureDescription**Groups**Named roles (e.g., `admin`, `editor`, `user`)**Permissions**Granular actions (e.g., `posts.create`, `users.delete`)**Permission Inheritance**Users inherit all permissions from their groups**Wildcard Permissions**`posts.*` grants all post-related permissions**Permission Cache**Configurable TTL cache to avoid repeated DB queries**Route Filters**`group:admin`, `permission:posts.edit` directly on routes### Developer Experience [](#developer-experience) FeatureDescription**BaseAuthController**Abstract base with validation, redirect, and error helpers**Bootstrap 5 Admin Panel**Manage users, groups, permissions, and logs via UI**OAuth Provider Unlinking**Let users disconnect social accounts**Pre-Auth Events**`pre-login` and `pre-register` CodeIgniter Events**CI4 Events System**Hook into `login`, `logout`, `registered`, `passwordReset`, etc.**Chain Authenticator**Try session → access\_token → JWT automatically**Custom Authenticators**Extend `Base` with full Dependency Injection support--- Quick Start ----------- [](#quick-start) ### Requirements [](#requirements) - PHP **8.1** or higher - CodeIgniter **4.4** or higher - Composer ### Installation [](#installation) ``` # 1. Install the package composer require daycry/auth # 2. Run migrations (creates all auth tables) php spark migrate --all # 3. Publish config files and basic routes php spark auth:setup ``` ### Basic Usage [](#basic-usage) ``` // Login $result = auth()->attempt([ 'email' => 'user@example.com', 'password' => 'secret', ]); if ($result->isOK()) { return redirect()->to('/dashboard'); } // Check authentication if (auth()->loggedIn()) { $user = auth()->user(); echo $user->email; } // Check authorization if ($user->can('posts.create')) { ... } if ($user->inGroup('admin')) { ... } // Logout auth()->logout(); ``` ### Protect Routes [](#protect-routes) ``` // app/Config/Routes.php // Require login $routes->group('dashboard', ['filter' => 'session'], static function ($routes) { $routes->get('/', 'Dashboard::index'); }); // Require login + admin group $routes->group('admin', ['filter' => 'session,group:admin'], static function ($routes) { $routes->get('/', 'Admin::index'); }); // Require a specific permission $routes->post('posts/delete/(:num)', 'PostController::delete/$1', [ 'filter' => 'session,permission:posts.delete', ]); // API with JWT $routes->group('api', ['filter' => 'jwt'], static function ($routes) { $routes->get('profile', 'API\ProfileController::show'); }); ``` ### JWT with Refresh Tokens (API) [](#jwt-with-refresh-tokens-api) ``` # Login → get access + refresh token POST /auth/jwt/login email=user@example.com&password=secret # Use access token GET /api/profile Authorization: Bearer eyJ0eXAi... # Refresh when expired POST /auth/jwt/refresh user_id=42&refresh_token=a3f8c2d1... # Logout (revoke refresh token) POST /auth/jwt/logout user_id=42&refresh_token=a3f8c2d1... ``` --- Documentation ------------- [](#documentation) Full documentation is available at: **** SectionDescription[Quick Start](https://authentication-for-codeigniter-4.readthedocs.io/en/latest/01-quick-start.html)Install and set up in minutes[Configuration](https://authentication-for-codeigniter-4.readthedocs.io/en/latest/02-configuration.html)Every config option explained[Authentication](https://authentication-for-codeigniter-4.readthedocs.io/en/latest/03-authentication.html)All auth methods + JWT refresh + password reset[Filters](https://authentication-for-codeigniter-4.readthedocs.io/en/latest/04-filters.html)Route protection filters[Controllers](https://authentication-for-codeigniter-4.readthedocs.io/en/latest/05-controllers.html)All included controllers[Authorization](https://authentication-for-codeigniter-4.readthedocs.io/en/latest/06-authorization.html)Groups, permissions, RBAC[Logging & Events](https://authentication-for-codeigniter-4.readthedocs.io/en/latest/07-logging.html)CI4 Events, DB logs, lockout[Testing](https://authentication-for-codeigniter-4.readthedocs.io/en/latest/08-testing.html)Testing auth in your app[OAuth 2.0](https://authentication-for-codeigniter-4.readthedocs.io/en/latest/09-oauth.html)Google, GitHub, Facebook, Azure[TOTP 2FA](https://authentication-for-codeigniter-4.readthedocs.io/en/latest/10-totp-2fa.html)Authenticator app integration[Device Sessions](https://authentication-for-codeigniter-4.readthedocs.io/en/latest/11-device-sessions.html)Active session management--- Contributing ------------ [](#contributing) Contributions of all kinds are welcome — code, documentation, bug reports, or feedback. See [CONTRIBUTING.md](CONTRIBUTING.md) for details. License ------- [](#license) This project is licensed under the MIT License — see the [LICENSE](LICENSE) file for details. Acknowledgements ---------------- [](#acknowledgements) [ ![](https://camo.githubusercontent.com/f96262c2d9999bfbbeeb904100763c36f782573d5fc39bd5a75ad25f2373dd97/68747470733a2f2f636f6e747269622e726f636b732f696d6167653f7265706f3d6461796372792f61757468)](https://github.com/daycry/auth/graphs/contributors)Made with [contrib.rocks](https://contrib.rocks). Security design informed by: - [NIST Digital Identity Guidelines (SP 800-63B)](https://pages.nist.gov/800-63-3/sp800-63b.html) - [Google Cloud: Best practices for user account, authentication, and password management](https://cloud.google.com/blog/products/identity-security/account-authentication-and-password-management-best-practices) - [OWASP Password Storage Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html) - [Secure "Remember Me" Cookies (paragonie.com)](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence) ### Health Score 48 — FairBetter than 95% of packages Maintenance88 Actively maintained with recent releases Popularity19 Limited adoption so far Community7 Small or concentrated contributor base Maturity63 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~20 days Recently: every ~5 days Total 41 Last Release 58d ago Major Versions v1.0.24 → v2.0.02025-07-17 v2.0.1 → v3.0.02026-01-14 v3.1.0 → v4.0.02026-03-01 v4.0.4 → v5.0.02026-03-21 PHP version history (2 changes)v1.0.0PHP ^8.0 v1.0.16PHP ^8.1 ### Community Maintainers ![](https://www.gravatar.com/avatar/3b0f66565d5c9ca3c84fb294e04f8d5e0b9a867d9c06f83b95bf168bd6fcf9bc?d=identicon)[daycry](/maintainers/daycry) --- Top Contributors [![daycry](https://avatars.githubusercontent.com/u/7590335?v=4)](https://github.com/daycry "daycry (119 commits)") ### Embed Badge ![Health badge](/badges/daycry-auth/health.svg) ``` [![Health](https://phpackages.com/badges/daycry-auth/health.svg)](https://phpackages.com/packages/daycry-auth) ``` ### Alternatives [codeigniter4/shield Authentication and Authorization for CodeIgniter 4 417372.4k22](/packages/codeigniter4-shield)[fof/oauth Allow users to log in with GitHub, Facebook, Google, Discord, GitLab, LinkedIn, and more! 50118.7k41](/packages/fof-oauth)[axepress/wp-graphql-headless-login A WordPress plugin that provides headless login and authentication for WPGraphQL 10512.9k](/packages/axepress-wp-graphql-headless-login)[jamesedmonston/graphql-authentication GraphQL authentication for your headless Craft CMS applications. 2917.0k](/packages/jamesedmonston-graphql-authentication)[chameleon-system/chameleon-base The Chameleon System core. 1026.5k3](/packages/chameleon-system-chameleon-base)[dukt/social Let your visitors log into Craft with web services like Facebook, Google, Twitter… 1141.0k5](/packages/dukt-social) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)