PHPackages legalthings/authorizer - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. legalthings/authorizer ActiveLibrary[Authentication & Authorization](/categories/authentication) legalthings/authorizer ====================== Authorizer for HTTP requests v0.1.11(5y ago)7191[2 issues](https://github.com/legalthings/authorizer/issues)MITPHP Since Nov 11Pushed 5y ago9 watchersCompare [ Source](https://github.com/legalthings/authorizer)[ Packagist](https://packagist.org/packages/legalthings/authorizer)[ RSS](/packages/legalthings-authorizer/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (2)Versions (16)Used By (0) Legal Things - Authorizer ========================= [](#legal-things---authorizer) With the authorizer library, a webservice can generate an access token for a resource. The library uses [public key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) to encrypt the access token. This means it can only be used by a system that has the private decryption key to get access to the resource. Requirements ------------ [](#requirements) - [PHP](http://www.php.net) >= 5.5.0 *Required PHP extensions are marked by composer* Installation ------------ [](#installation) The library can be installed using composer. ``` composer require legalthings/authorizer ``` How it works ------------ [](#how-it-works) System A has a resource which requires authorization. It will only allow system B access to the resource. Clients are allowed to use the resource, but don't have direct access to it. A client using both system A and system B, wants system A to share a specific resource with system B. Upon request by the client, system A will generate an access token for the resource. It download the public encryption key of system B and uses it to encrypt the access token. This encrypted token returned to the client. The client passes the link to the resource and the encrypted token to system B. Sytem B will decrypt the encrypted token and use it to download the resource. ### Example [](#example) **System A (has resources)** ``` use LegalThings/Authorizer; Authorizer::$globalSecret = 'some-secret-which-stays-the-same'; $pdf = basename($_GET['pdf']); if (isset($_GET['authzgen'])) { if (parse_url($_GET['authzgen'], PHP_URL_HOST) !== 'system-b.example.com') { http_response_code(403); echo "Will only grant access for system-b.example.com"; exit(); } $encryptedToken = Authorizer::sign($pdf, $_GET['authzgen']); // authzgen is a string with the format: {{public_key_url}};{{time_from}};{{time_to}} header('Content-Type: text/plain'); echo $encryptedToken; exit(); } $mayAccess = isset($_GET['authz']) && Authorizer::verify($pdf, $_GET['authz']); // authz is the decrypted secret if (!$mayAccess) { http_response_code(403); echo "Access denied"; exit(); } // Get and output resource header('Content-Type: application/pdf'); readfile('path/to/resources/' . $pdf); ``` **System B (can download and use resources)** ``` use LegalThings/Authorizer; $link = $_POST['link']; if (isset($_POST['token'])) { $encryptedToken = $_POST['token']; $token = Authorizer::decrypt($encryptedSecret, 'path/to/private_key.pem'); $link .= (strstr($link, '?') ? '&' : '?') . 'authz=' . $token; } $pdf = file_get_contents($link); // Let's do something with the PDF $username = $_SESSION['username']; file_put_contents("../userdata/$username/" . md5(microtime()) . ".pdf", $pdf); ``` **Client** ``` LINK="http://system-a.example.com/get-pdf.php?pdf=abc.pdf" ENCRYPTED_TOKEN=$(curl --get "$LINK" --data-urlencode "authzgen=http://system-b.example.com/authorizer.pem") curl --post "http://system-b.example.com/use-pdf.php" --data-urlencode "link=$LINK" --data-urlencode "authz=$ENCRYPTED_TOKEN" ``` Why is this useful? ------------------- [](#why-is-this-useful) This is a way to allow two systems to share resources between them, with minimal coupling. System B can use any PDF on the internet. By implementing `Authorizer` it gives services that want to share a resource only with system B the means to do so. ### Health Score 28 — LowBetter than 54% of packages Maintenance14 Infrequent updates — may be unmaintained Popularity12 Limited adoption so far Community15 Small or concentrated contributor base Maturity61 Established project with proven stability Bus Factor1 Top contributor holds 50% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~159 days Recently: every ~426 days Total 12 Last Release 2077d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/3379a93d51305df325df9045e1a8b205d195e4e8c01312dff53a000ee79002eb?d=identicon)[jasny](/maintainers/jasny) ![](https://www.gravatar.com/avatar/fb23c3d3e3cfed7ef09c08be522314ed8f4aee9d25c0674ca3b0be7895182f8f?d=identicon)[svenstam](/maintainers/svenstam) --- Top Contributors [![moesjarraf](https://avatars.githubusercontent.com/u/5793511?v=4)](https://github.com/moesjarraf "moesjarraf (11 commits)")[![jasny](https://avatars.githubusercontent.com/u/100821?v=4)](https://github.com/jasny "jasny (6 commits)")[![svenstm](https://avatars.githubusercontent.com/u/1632578?v=4)](https://github.com/svenstm "svenstm (5 commits)") ### Code Quality TestsCodeception ### Embed Badge ![Health badge](/badges/legalthings-authorizer/health.svg) ``` [![Health](https://phpackages.com/badges/legalthings-authorizer/health.svg)](https://phpackages.com/packages/legalthings-authorizer) ``` ### Alternatives [josiasmontag/laravel-recaptchav3 Recaptcha V3 for Laravel package 2641.6M2](/packages/josiasmontag-laravel-recaptchav3)[rahul900day/laravel-captcha Different types of Captcha implementation for Laravel Application. 10715.9k](/packages/rahul900day-laravel-captcha)[simplesamlphp/simplesamlphp-module-oidc A SimpleSAMLphp module adding support for the OpenID Connect protocol 5016.9k1](/packages/simplesamlphp-simplesamlphp-module-oidc)[kinde-oss/kinde-auth-php Kinde PHP SDK for authentication 2369.5k3](/packages/kinde-oss-kinde-auth-php)[descope/descope-php Descope SDK for PHP 3814.0k](/packages/descope-descope-php)[njoguamos/laravel-turnstile A laravel wrapper for https://developers.cloudflare.com/turnstile/ 2315.9k2](/packages/njoguamos-laravel-turnstile) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)