PHPackages gremo/hmac-authentication-bundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [HTTP & Networking](/categories/http) 4. / 5. gremo/hmac-authentication-bundle ActiveSymfony-bundle[HTTP & Networking](/categories/http) gremo/hmac-authentication-bundle ================================ Symfony bundle adding REST HMAC HTTP authentication v1.1.2(6y ago)54.7k2[1 issues](https://github.com/gremo/GremoHmacAuthenticationBundle/issues)1MITPHPPHP >=5.3.3 Since Apr 27Pushed 5y ago1 watchersCompare [ Source](https://github.com/gremo/GremoHmacAuthenticationBundle)[ Packagist](https://packagist.org/packages/gremo/hmac-authentication-bundle)[ RSS](/packages/gremo-hmac-authentication-bundle/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (1)Dependencies (3)Versions (7)Used By (1) GremoHmacAuthenticationBundle ============================= [](#gremohmacauthenticationbundle) [![Latest stable](https://camo.githubusercontent.com/3d0811972533ab63dd6d24fad563b6b89a5b3f53a0e0aa829df527874e293f31/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6772656d6f2f686d61632d61757468656e7469636174696f6e2d62756e646c652e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/gremo/hmac-authentication-bundle) [![Downloads total](https://camo.githubusercontent.com/f2ef4c2c7f23945004e972e9fdda1e7352530ca62218212c5ede3c671d7f0c59/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6772656d6f2f686d61632d61757468656e7469636174696f6e2d62756e646c652e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/gremo/hmac-authentication-bundle) [![GitHub issues](https://camo.githubusercontent.com/7eac9c28e85271484c8402d631a334a977c014723501fc2dfdd45b75da76f615/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6973737565732f6772656d6f2f4772656d6f486d616341757468656e7469636174696f6e42756e646c652e7376673f7374796c653d666c61742d737175617265)](https://github.com/gremo/GremoHmacAuthenticationBundle/issues) Symfony bundle adding REST HMAC HTTP authentication. Installation ------------ [](#installation) ``` { "require": { "gremo/hmac-authentication-bundle": "~1.0" }, } ``` Register the bundle in your `app/AppKernel.php`: ``` public function registerBundles() { $bundles = array( // ... new Gremo\HmacAuthenticationBundle\GremoHmacAuthenticationBundle(), ); // ... } ``` Configuration ------------- [](#configuration) Not needed. Usage ----- [](#usage) Protect part of your application in `security.yml` using the `hmac` key: ``` # ... firewalls: # ... hmac_secured: pattern: ^/api stateless: true # HMAC is stateless! hmac: auth_header: Authorization # Name of the header to inspect service_label: HMAC # Service name/id algorithm: sha256 # Hashing algoritm, see hash_algos() verify_headers: [] # Array or comma-separated list of headers ``` How it works ------------ [](#how-it-works) The authentication manager will inspect the `auth_header` header with the following pattern: ``` : : ``` If the service label matches, the manager loads the user with `` username. The password is used to re-compute the signature, base64-enconding the hashed canonical string: ``` = + "\n" + + "\n" + + "\n" + + "\n" + ... ; ``` Note that both **query params and headers are sorted** before calculating the signature. Consider the following **configuration**: ``` security: # ... providers: in_memory: memory: users: foo: { password: bar } firewalls: hmac_secured: pattern: ^/ stateless: true provider: in_memory hmac: auth_header: Authorization service_label: HMAC algorithm: sha256 verify_headers: [Date, Accept, Content-MD5] # ... ``` And the **raw HTTP request**: ``` GET /?b=c&a= HTTP/1.1 Accept: application/json Host: localhost:8080 Authorization: HMAC foo:ZWQyNmYwZWM1MmZkYmIyNTgzYjJiYWQ2Zjg3OGJkYjIzNzU2YTBlYjQ3NGY5ZDg1YWE5ZjYwN2Q1ODg1NWI1MQ== Date: Mon, 26 Mar 2007 19:37:58 +0000 ``` The **canonical string** would be (note the LF where `Content-MD5` should appear): ``` GET /?a=&b=c application/json Mon, 26 Mar 2007 19:37:58 +0000 ``` The **hashed value** is (plain password is `bar`): ``` ed26f0ec52fdbb2583b2bad6f878bdb23756a0eb474f9d85aa9f607d58855b51 ``` And finally the **base64 encoded value** (that is the signature of `Authorization` header): ``` ZWQyNmYwZWM1MmZkYmIyNTgzYjJiYWQ2Zjg3OGJkYjIzNzU2YTBlYjQ3NGY5ZDg1YWE5ZjYwN2Q1ODg1NWI1MQ== ``` ### Health Score 31 — LowBetter than 68% of packages Maintenance16 Infrequent updates — may be unmaintained Popularity23 Limited adoption so far Community13 Small or concentrated contributor base Maturity62 Established project with proven stability Bus Factor1 Top contributor holds 92.9% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~283 days Total 5 Last Release 2536d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/f9a79689fe41827b4fd386dd42a9117115e27a4f946935d6ce77d7f6a76260fe?d=identicon)[gremo](/maintainers/gremo) --- Top Contributors [![gremo](https://avatars.githubusercontent.com/u/1532616?v=4)](https://github.com/gremo "gremo (13 commits)")[![Pchol](https://avatars.githubusercontent.com/u/1392398?v=4)](https://github.com/Pchol "Pchol (1 commits)") --- Tags restsecurityAuthenticationhmac ### Embed Badge ![Health badge](/badges/gremo-hmac-authentication-bundle/health.svg) ``` [![Health](https://phpackages.com/badges/gremo-hmac-authentication-bundle/health.svg)](https://phpackages.com/packages/gremo-hmac-authentication-bundle) ``` ### Alternatives [lexik/jwt-authentication-bundle This bundle provides JWT authentication for your Symfony REST API 2.6k58.7M210](/packages/lexik-jwt-authentication-bundle)[scheb/2fa Two-factor authentication for Symfony applications (please use scheb/2fa-bundle to install) 578630.7k1](/packages/scheb-2fa)[emartech/escher Library for HTTP request signing (PHP implementation) 20293.8k8](/packages/emartech-escher) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)