PHPackages ivanciric/ecdsa-auth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. ivanciric/ecdsa-auth ActiveLibrary[Authentication & Authorization](/categories/authentication) ivanciric/ecdsa-auth ==================== ECDSA based authentication for Laravel/Dingo API 11251PHP Since Oct 16Pushed 7y ago1 watchersCompare [ Source](https://github.com/ivanciric/ecdsa-auth)[ Packagist](https://packagist.org/packages/ivanciric/ecdsa-auth)[ RSS](/packages/ivanciric-ecdsa-auth/feed)WikiDiscussions master Synced today READMEChangelogDependenciesVersions (2)Used By (0) Ecdsa Auth ========== [](#ecdsa-auth) Passwordless authentication based on public/private key signatures. [ECDSA](https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm) implementation for [Laravel](https://laravel.com)/[Dingo API](https://github.com/dingo/api)with the help of [elliptic-php](https://github.com/simplito/elliptic-php) and [keccak](https://github.com/kornrunner/php-keccak) packages. Instalation ----------- [](#instalation) ``` composer require ivanciric/ecdsa-auth ``` Library uses package auto-discovery feature, so you don't need to set the service provider manually. Publish the package configuration ``` php artisan vendor:publish ``` Configuration ------------- [](#configuration) After publishing configuration, you can edit the available options in **config/ecdsaauth.php** OptionDetailsuser\_providerUser class that should be used when attempting to authenticate an incoming API request. Default: **\\App\\User::class**lookup\_fieldField that should be initially checked when attempting to authenticate an incoming API request. Default: **email**verificationIf you require users to be verified (e.g. email verified) in order to access the data, set this otion to true. Default: **false**verified\_fieldIf you've set the verification to true, state the field which marks the user as verified. Default: **email\_verified**verified\_pass\_conditionValue of the verified\_field that marks the user as verified. Default: **1**key\_lookup\_fieldField which contains the public key of the user. This could be Ethereum address or pure Ecdsa public key. Default: **crypto\_key**authorization\_headerName of the header which holds the authorization payload. Default: **authorization**authorization\_methodsMethods allowed in the authorization header. They denote supported encryption algorithms. Default: **\['eth', 'ecdsa'\]**message\_propertyKey in the payload which contains the message. Default: **message**signature\_propertyKey in the payload which contains the signature. Default: **signature**error\_messagesArray of various friendly error messages.Usage ----- [](#usage) This package presumes you have Dingo API setup. Edit the **config/api.php** file and set the **auth** key as follows: ``` 'auth' => [ 'ivanciric\EcdsaAuth\Authenticator' ] ``` You should set the **lookup\_key** and **key\_lookup\_field** in the package config to reflect your user properties. Protect your routes by specifying the middleware: ``` $api->version('v1', ['middleware' => 'api.auth'], function ($api) { ... }); ``` Creating the payload -------------------- [](#creating-the-payload) Authorization header should contain the payload in the following forms: ``` Eth eyJlbWFpbCI6ImhhQG1hLnRvIiwibWVzc2FnZSI6IjkyNThhNjQ0Y2FmZTZ... ``` or ``` Ecdsa eyJlbWFpbCI6ImhhQG1hLnRvIiwibWVzc2FnZSI6IjkyNThhNjQ0Y2FmZTZ... ``` Payload itself is a **base64** encoded **json** with the following properties: ``` { "email": "h@ma.to", // user's email or alternative lookup field "message": "message that you've signed", // string "signature": "3046022100a94c1a..." // signed message } ``` All properties are configurable. ### Health Score 22 — LowBetter than 22% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity12 Limited adoption so far Community8 Small or concentrated contributor base Maturity41 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/0e19d1001d8d7675709d76cc4a0228682b74d4a635d12c0e9e4e9d265d6530aa?d=identicon)[ivanciric](/maintainers/ivanciric) --- Top Contributors [![ivanciric](https://avatars.githubusercontent.com/u/3796581?v=4)](https://github.com/ivanciric "ivanciric (10 commits)") ### Embed Badge ![Health badge](/badges/ivanciric-ecdsa-auth/health.svg) ``` [![Health](https://phpackages.com/badges/ivanciric-ecdsa-auth/health.svg)](https://phpackages.com/packages/ivanciric-ecdsa-auth) ``` ### Alternatives [namshi/jose JSON Object Signing and Encryption library for PHP. 1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client OAuth 1.0 Client Library 99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 41721.2M118](/packages/league-oauth2-google)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)