PHPackages dereuromark/cakephp-tinyauth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. dereuromark/cakephp-tinyauth ActiveCakephp-plugin[Authentication & Authorization](/categories/authentication) dereuromark/cakephp-tinyauth ============================ A CakePHP plugin to handle user authentication and authorization the easy way. 5.1.3(2mo ago)129228.6k↑15.6%43[1 issues](https://github.com/dereuromark/cakephp-tinyauth/issues)8MITPHPPHP >=8.2CI passing Since Apr 25Pushed 2mo ago8 watchersCompare [ Source](https://github.com/dereuromark/cakephp-tinyauth)[ Packagist](https://packagist.org/packages/dereuromark/cakephp-tinyauth)[ Docs](https://github.com/dereuromark/cakephp-tinyauth)[ RSS](/packages/dereuromark-cakephp-tinyauth/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (14)Versions (57)Used By (8) CakePHP TinyAuth Plugin ======================= [](#cakephp-tinyauth-plugin) [![CI](https://github.com/dereuromark/cakephp-tinyauth/actions/workflows/ci.yml/badge.svg?branch=master)](https://github.com/dereuromark/cakephp-tinyauth/actions/workflows/ci.yml?query=branch%3Amaster)[![Latest Stable Version](https://camo.githubusercontent.com/22df046969e4eb1172726dc74bbee5843cf8205fe25413f9d35b38c3cc457d96/68747470733a2f2f706f7365722e707567782e6f72672f6465726575726f6d61726b2f63616b657068702d74696e79617574682f762f737461626c652e737667)](https://packagist.org/packages/dereuromark/cakephp-tinyauth)[![Coverage Status](https://camo.githubusercontent.com/7e5283812db92f57842e54762b1d5e371b4fe867d2f4bac881501342c6b84389/68747470733a2f2f696d672e736869656c64732e696f2f636f6465636f762f632f6769746875622f6465726575726f6d61726b2f63616b657068702d74696e79617574682f6d61737465722e737667)](https://codecov.io/github/dereuromark/cakephp-tinyauth/branch/master)[![PHPStan](https://camo.githubusercontent.com/f60d96f7c2579690ab6dfa8918f777fe93a02a92301c661eb38a85861a92b780/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048505374616e2d6c6576656c253230382d627269676874677265656e2e7376673f7374796c653d666c6174)](https://phpstan.org/)[![Minimum PHP Version](https://camo.githubusercontent.com/ec21f169d70b69344c67d6f18fa1a24d20476d2f0cd680e8c4a1534c22f34e5f/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7068702d253345253344253230382e322d3838393242462e737667)](https://php.net/)[![License](https://camo.githubusercontent.com/26ae37bc092232192e7d28ff518c72eb83048aaaf1e43af33fba5b08662eaeec/68747470733a2f2f706f7365722e707567782e6f72672f6465726575726f6d61726b2f63616b657068702d74696e79617574682f6c6963656e73652e737667)](LICENSE)[![Total Downloads](https://camo.githubusercontent.com/72ac33a6818c6a78e3d3460d3b7a6b74a3dc087cb70b60f3cc4338169b113f05/68747470733a2f2f706f7365722e707567782e6f72672f6465726575726f6d61726b2f63616b657068702d74696e79617574682f642f746f74616c2e737667)](https://packagist.org/packages/dereuromark/cakephp-tinyauth)[![Coding Standards](https://camo.githubusercontent.com/dbabe22710e675cb88cd0b12196f1477e2376dea497332775692cf1359a75918/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f63732d5053522d2d322d2d522d79656c6c6f772e737667)](https://github.com/php-fig-rectified/fig-rectified-standards) A CakePHP plugin to handle authentication and user authorization the easy way. This branch is for **CakePHP 5.1+**. For details see [version map](https://github.com/dereuromark/cakephp-tinyauth/wiki#cakephp-version-map). Why use TinyAuth? ----------------- [](#why-use-tinyauth) **TinyAuth is a wrapper plugin** that extends CakePHP's official Authentication and Authorization plugins, providing significant advantages: ### 🚀 Zero-Code Configuration [](#-zero-code-configuration) - **INI-based setup**: Define all your authentication and authorization rules in simple INI files - **No controller modifications**: Unlike vanilla plugins that require code in every controller - **Plugin-friendly**: Automatically works with third-party plugins without modifications ### ⚡ Lightning Fast Setup [](#-lightning-fast-setup) - **5-minute integration**: Get authentication and authorization working in minutes, not hours - **Sensible defaults**: Pre-configured settings that work for 90% of use cases - **Quick setups**: Built-in configurations for common scenarios (public non-prefixed, admin areas, etc.) ### 🛠️ Developer Experience [](#️-developer-experience) - **Centralized management**: All auth rules in one place, not scattered across controllers - **Easy maintenance**: Change access rules without touching code - **Cache optimized**: Built-in caching for maximum performance - **DebugKit panel**: Visualize auth status, identity, and permissions in real-time ### 🔧 Flexibility [](#-flexibility) - **Adapter pattern**: Use INI files, database, or custom adapters for rule storage - **Progressive enhancement**: Start simple, add complexity only when needed - **Stand-alone components**: Use AuthUser component/helper independently if needed ### 📊 When to Choose TinyAuth [](#-when-to-choose-tinyauth) Choose TinyAuth when you want: - ✅ Simple role-based access control (RBAC) - ✅ Quick setup without extensive configuration - ✅ Controller-action level permissions - ✅ Easy-to-manage access rules - ✅ Minimal code changes Since this plugin just further extends the official ones, you can skip the plugin's authentication and authorization components, and use the original plugins' functionality if you want: - ❌ Complex policy-based authorization - ❌ Resource-level permissions (per-entity authorization) - ❌ Middleware/routing level authentication - ❌ Custom authentication flows You can still use the other helpers of this plugin, however. What's the idea? ---------------- [](#whats-the-idea) Default CakePHP authentication and authorization depends on code changes in at least each controller, maybe more classes. This plugin hooks in with a single line of change and manages all that using config files and there is no need to touch all those controllers, including plugin controllers. It is also possible to manage the config files without the need to code. And it can with adapters also be moved completely to the DB and managed by CRUD backend. Ask yourself: Do you need the overhead and complexity involved with a full blown (RBAC DB) ACL or very specific Policy approaches? See also my post [acl-access-control-lists-revised/](https://www.dereuromark.de/2015/01/06/acl-access-control-lists-revised/). If not, then this plugin could very well be your answer and a super quick solution to your auth problem :) But even if you don't leverage the full authentication or authorization potential, the available AuthUserComponent and AuthUserHelper can be very useful when dealing with role based decisions in your controller or view level. They also work stand-alone. Demo ---- [](#demo) See ### auth\_allow.ini [](#auth_allowini) Define the public actions (accessible by anyone) per controller: ``` Users = index,view Admin/Maintenance = pingCheck PluginName.SomeController = * MyPlugin.Api/V1 = * ``` ### auth\_acl.ini [](#auth_aclini) Define what actions may be accessed by what logged-in user role: ``` [Users] index = * add,edit = user,super-user [Admin/Users] * = admin [Translate.Admin/Languages] * = * ``` ### AuthUser component and helper [](#authuser-component-and-helper) ``` $currentId = $this->AuthUser->id(); $isMe = $this->AuthUser->isMe($userEntity->id); if ($this->AuthUser->hasRole('mod')) { } if ($this->AuthUser->hasAccess(['action' => 'secretArea'])) { } // Helper only echo $this->AuthUser->link('Admin Backend', ['prefix' => 'Admin', 'action' => 'index']); echo $this->AuthUser->postLink('Delete', ['action' => 'delete', $id], ['confirm' => 'Sure?']); ``` Installation ------------ [](#installation) ### Required Dependencies [](#required-dependencies) **IMPORTANT:** TinyAuth is a wrapper plugin that extends CakePHP's official plugins. You must understand them first: #### 📦 Official CakePHP Plugins [](#-official-cakephp-plugins) PluginPurposeDocumentation**[cakephp/authentication](https://github.com/cakephp/authentication)**Handles user authentication (login, sessions, etc.)[📖 Official Docs](https://book.cakephp.org/authentication/3/en/index.html)**[cakephp/authorization](https://github.com/cakephp/authorization)**Handles user authorization (permissions, access control)[📖 Official Docs](https://book.cakephp.org/authorization/3/en/index.html)``` # Install for authentication features (login, sessions) composer require cakephp/authentication # Install for authorization features (roles, ACL) composer require cakephp/authorization ``` **Note:** You only need to install the plugin(s) for the features you plan to use. The AuthUser component and helper can work standalone without requiring the official plugins. #### 📦 Install TinyAuth [](#-install-tinyauth) After installing the required official plugin(s), install TinyAuth: ``` composer require dereuromark/cakephp-tinyauth ``` Finally, load the plugin: ``` bin/cake plugin load TinyAuth ``` Docs ---- [](#docs) For setup and usage see [Docs](/docs). Also note the original [blog post](https://www.dereuromark.de/2011/12/18/tinyauth-the-fastest-and-easiest-authorization-for-cake2/) and how it all started. ### Health Score 69 — FairBetter than 100% of packages Maintenance87 Actively maintained with recent releases Popularity51 Moderate usage in the ecosystem Community37 Small or concentrated contributor base Maturity89 Battle-tested with a long release history Bus Factor1 Top contributor holds 70% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~78 days Recently: every ~35 days Total 52 Last Release 62d ago Major Versions 1.12.3 → 2.0.02019-11-09 2.0.1 → 3.0.0-beta2019-12-27 3.2.0 → 4.0.0-RC2023-10-03 4.5.3 → 5.0.02025-10-28 PHP version history (8 changes)1.0.0PHP >=5.4 1.5.0PHP >=5.5 1.7.0PHP >=5.6 3.0.0-betaPHP >=7.2 3.1.0PHP >=7.3 3.2.0PHP >=7.4 4.0.0-RCPHP >=8.1 5.1.2PHP >=8.2 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/39854?v=4)[Mark Scherer](/maintainers/dereuromark)[@dereuromark](https://github.com/dereuromark) --- Top Contributors [![dereuromark](https://avatars.githubusercontent.com/u/39854?v=4)](https://github.com/dereuromark "dereuromark (417 commits)")[![bravo-kernel](https://avatars.githubusercontent.com/u/230500?v=4)](https://github.com/bravo-kernel "bravo-kernel (65 commits)")[![saeideng](https://avatars.githubusercontent.com/u/8215801?v=4)](https://github.com/saeideng "saeideng (21 commits)")[![opeadeyomoye](https://avatars.githubusercontent.com/u/13920568?v=4)](https://github.com/opeadeyomoye "opeadeyomoye (15 commits)")[![mtancoigne](https://avatars.githubusercontent.com/u/1732268?v=4)](https://github.com/mtancoigne "mtancoigne (13 commits)")[![nadymain](https://avatars.githubusercontent.com/u/1042401?v=4)](https://github.com/nadymain "nadymain (11 commits)")[![ajfranzoia](https://avatars.githubusercontent.com/u/964115?v=4)](https://github.com/ajfranzoia "ajfranzoia (8 commits)")[![chrissPony](https://avatars.githubusercontent.com/u/6143417?v=4)](https://github.com/chrissPony "chrissPony (7 commits)")[![steefaan](https://avatars.githubusercontent.com/u/5982785?v=4)](https://github.com/steefaan "steefaan (6 commits)")[![zeroasterisk](https://avatars.githubusercontent.com/u/23422?v=4)](https://github.com/zeroasterisk "zeroasterisk (5 commits)")[![LDSign](https://avatars.githubusercontent.com/u/1359083?v=4)](https://github.com/LDSign "LDSign (3 commits)")[![bar](https://avatars.githubusercontent.com/u/88155?v=4)](https://github.com/bar "bar (3 commits)")[![AdamHyski](https://avatars.githubusercontent.com/u/4146304?v=4)](https://github.com/AdamHyski "AdamHyski (3 commits)")[![Codaxis](https://avatars.githubusercontent.com/u/6729928?v=4)](https://github.com/Codaxis "Codaxis (2 commits)")[![ervinszabo](https://avatars.githubusercontent.com/u/4283220?v=4)](https://github.com/ervinszabo "ervinszabo (2 commits)")[![amr-dallin](https://avatars.githubusercontent.com/u/6120256?v=4)](https://github.com/amr-dallin "amr-dallin (1 commits)")[![LordSimal](https://avatars.githubusercontent.com/u/9105243?v=4)](https://github.com/LordSimal "LordSimal (1 commits)")[![lorro](https://avatars.githubusercontent.com/u/977617?v=4)](https://github.com/lorro "lorro (1 commits)")[![marianodonal](https://avatars.githubusercontent.com/u/33905866?v=4)](https://github.com/marianodonal "marianodonal (1 commits)")[![MarksSoftwareGmbH](https://avatars.githubusercontent.com/u/36896620?v=4)](https://github.com/MarksSoftwareGmbH "MarksSoftwareGmbH (1 commits)") --- Tags aclauthenticationauthorizationcakephpcakephp-pluginmulti-rolephpmiddlewarepluginAuthenticationcakephpauthorizationaclrolespermissionstinyauth ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/dereuromark-cakephp-tinyauth/health.svg) ``` [![Health](https://phpackages.com/badges/dereuromark-cakephp-tinyauth/health.svg)](https://phpackages.com/packages/dereuromark-cakephp-tinyauth) ``` ### Alternatives [pktharindu/nova-permissions Laravel Nova Grouped Permissions (ACL) 136387.1k](/packages/pktharindu-nova-permissions)[silvanite/novatoolpermissions Laravel Nova Permissions (Roles and Permission based Access Control (ACL)) 100256.7k2](/packages/silvanite-novatoolpermissions)[hasinhayder/tyro Tyro - The ultimate Authentication, Authorization, and Role & Privilege Management solution for Laravel 12 & 13 6712.1k2](/packages/hasinhayder-tyro)[hosseinhezami/laravel-permission-manager Advanced permission manager for Laravel. 403.3k](/packages/hosseinhezami-laravel-permission-manager)[larapacks/authorization Native Laravel Authorization. 5410.7k2](/packages/larapacks-authorization) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)