PHPackages                             dflydev/stack-authentication - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. dflydev/stack-authentication

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

dflydev/stack-authentication
============================

STACK-2 Authentication Middlewares

39.5k1[1 issues](https://github.com/dflydev/dflydev-stack-authentication/issues)[1 PRs](https://github.com/dflydev/dflydev-stack-authentication/pulls)2PHP

Since Aug 2Pushed 8y ago1 watchersCompare

[ Source](https://github.com/dflydev/dflydev-stack-authentication)[ Packagist](https://packagist.org/packages/dflydev/stack-authentication)[ RSS](/packages/dflydev-stack-authentication/feed)WikiDiscussions master Synced 1mo ago

READMEChangelogDependenciesVersions (1)Used By (2)

STACK-2 Authentication Middlewares
==================================

[](#stack-2-authentication-middlewares)

A collection of [Stack](http://stackphp.com/) middlewares designed to help authentication middleware implementors adhere to the [STACK-2 Authentication](http://stackphp.com/specs/STACK-2/) conventions.

Installation
------------

[](#installation)

Through [Composer](http://getcomposer.org) as [dflydev/stack-authentication](https://packagist.org/packages/dflydev/stack-authentication).

Middlewares
-----------

[](#middlewares)

### Authentication Middleware

[](#authentication-middleware)

The Authentication middleware takes care of setting up the handling of an inbound request by taking care of some [STACK-2 Authentication](http://getcomposer.org) housekeeping tasks:

- If the `stack.authn.token` is set, it wraps the application in `WwwAuthenticateStackChallenge` and delegates.
- Checks the request by calling the **check** callback. The return value is a boolean. If true, the **authenticate** callback is called and its return value is returned. If false, we should not. The default check is to see if there is an Authorization header.
- If anonymous requests are received and anonymous requests are allowed, it wraps the application in `WwwAuthenticateStackChallenge` and delegates.
- Otherwise, it returns the result of the **challenge** callback.

#### Usage

[](#usage)

```
