PHPackages goinstant/goinstant-auth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. goinstant/goinstant-auth AbandonedArchivedLibrary goinstant/goinstant-auth ======================== GoInstant Authentication for Your PHP Application 1.0.2(12y ago)393BSD-3-ClausePHPPHP >=5.3.26 Since Nov 18Pushed 12y ago36 watchersCompare [ Source](https://github.com/goinstant/php-goinstant-auth)[ Packagist](https://packagist.org/packages/goinstant/goinstant-auth)[ RSS](/packages/goinstant-goinstant-auth/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (2)Versions (4)Used By (0) php-goinstant-auth ================== [](#php-goinstant-auth) GoInstant Authentication for Your PHP Application. [![Build Status](https://camo.githubusercontent.com/35067699f9efb5c667dd51cbe7a59c5c5a1320ee42a1ac44cfee138689a56bb5/68747470733a2f2f7472617669732d63692e6f72672f676f696e7374616e742f7068702d676f696e7374616e742d617574682e706e673f6272616e63683d6d6173746572)](https://travis-ci.org/goinstant/php-goinstant-auth)[![Coverage Status](https://camo.githubusercontent.com/b4493e7419c1cc14894de5f1a665c98ecc77b352de881fb1d16e564a2c19e7e5/68747470733a2f2f636f766572616c6c732e696f2f7265706f732f676f696e7374616e742f7068702d676f696e7374616e742d617574682f62616467652e706e67)](https://coveralls.io/r/goinstant/php-goinstant-auth) This is an implementation of JWT tokens consistent with what's specified in the [GoInstant Users and Authentication Guide](https://developers.goinstant.com/v1/security_and_auth/guides/users_and_authentication.html). This library is not intended as a general-use JWT library; see JWT-php for that. At the time of this writing, GoInstant supports the [JWT IETF draft version 8](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-08). Installation ============ [](#installation) via Composer ------------ [](#via-composer) Installing with [Composer](https://getcomposer.org) is easy: ``` ./composer.phar require goinstant/goinstant-auth:dev-master ``` If not already done so by your framework, you can autoload composer modules like so (assuming that this is in a file called `main.php` in your project directory). ``` require_once 'vendor/autoload.php'; ``` via Zip-file ------------ [](#via-zip-file) If you don't want to use Composer, we suggest that you download the [latest release](https://github.com/goinstant/php-goinstant-auth/releases) zip-file off of GitHub. Extract the zip-file and you should get a `GoInstant` directory. Copy this directory to your project library. ``` cd ~/Downloads unzip php-goinstant-auth-*.zip cp -a php-goinstant-auth-*/GoInstant /path/to/your/project/GoInstant ``` Then, require the `Signer.php` file where you need to use it. Note that you may need to adjust the path based on the layout of your project. ``` require_once 'GoInstant/Auth/Signer.php'; ``` Usage ===== [](#usage) Creating a signer parses and stores your GoInstant application key. The application key should be in base64url or base64 string format. To get your key, go to [your goinstant dashboard](https://goinstant.com/dashboard) and click on your App. **Remember, the Secret Key needs to be treated like a password!**Never share it with your users! ``` use \GoInstant\Auth\Signer; $signer = new Signer($secretKey); ``` You can then use this `$signer` to create as many tokens as you want. You should replace `example.com` with your website's domain. Groups are optional. ``` $token = $signer->sign(array( 'domain' => 'example.com', // TODO: replace me 'id' => $user->id, 'displayName' => $user->fullName(), 'groups' => array( array( 'id' => 'room-'.$roomId, 'displayName' => 'Room '.$roomId ) ) )); ``` You can then inline this into your goinstant connection JavaScript. The JWT format is safe to inline in both URL and HTML contexts since it only contains characters matched by `/^[a-zA-Z0-9_\-.]+$/` ``` (function() { // using a var like this prevents other javascript on the page from // easily accessing or stealing the token: var opts = { user: "", rooms: [ ... ] }; var url = 'https://goinstant.net/YOURACCOUNT/YOURAPP' goinstant.connect(url, opts, function(err, connection) { if (err) { throw err; } runYourApp(connection); }); }()); ``` Methods ======= [](#methods) ### `__constructor($secretKey)` [](#__constructorsecretkey) Constructs a `GoInstantAuth` "signer" instance from a secret key. ### `sign($userData, $extraHeaders=array())` [](#signuserdata-extraheadersarray) Creates a JWT as a JWS in Compact Serialization format. Can be called multiple times on the same object, saving you from having to load your secret GoInstant application key every time. `$userData` is an Array with the following required fields, plus any other custom ones you want to include in the JWT. - `domain` - the domain of your website - `id` - the unique, permanent identity of this user on your website - `displayName` - the name to initially display for this user - `groups` - an array of groups, each group requiring: - `id` - the unique ID of this group, which is handy for defining [GoInstant ACLs](https://developers.goinstant.com/v1/security_and_auth/guides/creating_and_managing_acl.html) - `displayName` - the name to display for this group `$extraHeaders` is completely optional. It's used to define any additional [JWS header fields](http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-11#section-4.1)that you want to include. Technicals ========== [](#technicals) The `sign()` method `$userData` maps to the following JWT claims. The authoritative list of claims used in GoInstant can be found in the [Users and Authentication Guide](https://developers.goinstant.com/v1/security_and_auth/guides/users_and_authentication.html#which-reserved-claims-are-required). - `domain` -> `iss` (standard claim) - `id` -> `sub` (standard claim) - `displayName` -> `dn` (GoInstant private claim) - `groups` -> `g` (GoInstant private claim) - `id` -> `id` (GoInstant private claim) - `displayName` -> `dn` (GoInstant private claim) - `'goinstant.net'` -> `aud` (standard claim) *automatically added* For the `$extraHeaders` parameter in `sign()`, the `alg` and `typ` headers will be overridden by this library. Contributing ============ [](#contributing) If you'd like to contribute to or modify php-goinstant-auth, here's a quick guide to get you started. Development Dependencies ------------------------ [](#development-dependencies) - [PHP](http://www.php.net/downloads.php) >= 5.3 (5.5 recommended) - [Composer](https://getcomposer.org/download/) >= 1.0.0-alpha7 Set-Up ------ [](#set-up) Download via GitHub and install composer dependencies: ``` git clone git@github.com:goinstant/php-goinstant-auth.git cd php-goinstant-auth ``` If you're developing on a Mac, you may wish to install php and composer through Mac Homebrew via the `brew install` command. Otherwise, follow the instructions on [the Composer download page](https://getcomposer.org/download/). ``` composer install || ./composer.phar install ``` Testing ------- [](#testing) Tests are written in PHPUnit. The test files themselves are located in the `Tests/` directory. To run the tests: ``` vendor/bin/phpunit ``` This may fail on the Coverage step if your PHP doesn't have the XDebug extension loaded. Either remove the coverage step from `phpunit.xml` or edit your `php.ini` to include the XDebug extension. XDebug can be installed via PEAR or through Mac Homebrew. Publishing ---------- [](#publishing) When publishing master to a new `$VERSION` (a semver) 1. edit composer.json to bump the version number 2. `git add -u && git commit -m "$VERSION"` 3. `git tag $VERSION` 4. `git push origin master` 5. `git push --tags` Go to and confirm it published. Support ======= [](#support) Email [GoInstant Support](mailto:support@goinstant.com) or stop by #goinstant on freenode. For responsible disclosures, email [GoInstant Security](mailto:security@goinstant.com). To [file a bug](https://github.com/goinstant/php-goinstant-auth/issues) or [propose a patch](https://github.com/goinstant/php-goinstant-auth/pulls), please use github directly. Legal ===== [](#legal) © 2013 GoInstant Inc., a salesforce.com company. All Rights Reserved. Licensed under the 3-clause BSD license ### Health Score 29 — LowBetter than 60% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity13 Limited adoption so far Community12 Small or concentrated contributor base Maturity60 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~1 days Total 3 Last Release 4553d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/932d6f8d2b593550d16bb65b74d863b9c6f9f158cf4c0ff809be84fabf61db9c?d=identicon)[goinstant](/maintainers/goinstant) --- Top Contributors [![stash](https://avatars.githubusercontent.com/u/37922?v=4)](https://github.com/stash "stash (45 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/goinstant-goinstant-auth/health.svg) ``` [![Health](https://phpackages.com/badges/goinstant-goinstant-auth/health.svg)](https://phpackages.com/packages/goinstant-goinstant-auth) ``` PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)