PHPackages lonnieezell/codeigniter-shield - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. lonnieezell/codeigniter-shield ActiveLibrary[Authentication & Authorization](/categories/authentication) lonnieezell/codeigniter-shield ============================== Authentication and Authorization for CodeIgniter 4 v1.3.0(2mo ago)41785145[7 issues](https://github.com/codeigniter4/shield/issues)[14 PRs](https://github.com/codeigniter4/shield/pulls)MITPHPPHP ^8.1CI passing Since Jun 3Pushed 2mo ago32 watchersCompare [ Source](https://github.com/codeigniter4/shield)[ Packagist](https://packagist.org/packages/lonnieezell/codeigniter-shield)[ Docs](https://github.com/codeigniter4/shield)[ RSS](/packages/lonnieezell-codeigniter-shield/feed)WikiDiscussions develop Synced 1mo ago READMEChangelog (10)Dependencies (16)Versions (19)Used By (0) CodeIgniter Shield ================== [](#codeigniter-shield) [![Unit Tests](https://github.com/codeigniter4/shield/workflows/PHPUnit/badge.svg)](https://github.com/codeigniter4/shield/actions/workflows/phpunit.yml)[![Static Analysis](https://github.com/codeigniter4/shield/workflows/PHPStan/badge.svg)](https://github.com/codeigniter4/shield/actions/workflows/phpstan.yml)[![PHP-CS-Fixer](https://github.com/codeigniter4/shield/actions/workflows/phpcsfixer.yml/badge.svg)](https://github.com/codeigniter4/shield/actions/workflows/phpcsfixer.yml)[![Rector](https://github.com/codeigniter4/shield/actions/workflows/rector.yml/badge.svg)](https://github.com/codeigniter4/shield/actions/workflows/rector.yml)[![Psalm](https://github.com/codeigniter4/shield/actions/workflows/psalm.yml/badge.svg)](https://github.com/codeigniter4/shield/actions/workflows/psalm.yml)[![Architecture](https://github.com/codeigniter4/shield/workflows/Deptrac/badge.svg)](https://github.com/codeigniter4/shield/actions/workflows/deptrac.yml)[![Coverage Status](https://camo.githubusercontent.com/6f2abea7508966edbabb6bed9af0227840f15a0b1c750b4d1a053a1864ef33e3/68747470733a2f2f636f766572616c6c732e696f2f7265706f732f6769746875622f636f646569676e69746572342f736869656c642f62616467652e7376673f6272616e63683d646576656c6f70)](https://coveralls.io/github/codeigniter4/shield?branch=develop) Shield is the official authentication and authorization framework for CodeIgniter 4. While it does provide a base set of tools that are commonly used in websites, it is designed to be flexible and easily customizable. The primary goals for Shield are: 1. It must be very flexible and allow developers to extend/override almost any part of it. 2. It must have security at its core. It is an auth lib after all. 3. To cover many auth needs right out of the box, but be simple to add additional functionality to. Authentication Methods ---------------------- [](#authentication-methods) Shield provides two primary methods **Session-based** and **Access Token**authentication out of the box. It also provides **HMAC SHA256 Token** and **JSON Web Token** authentication. ### Session-based [](#session-based) This is your typical email/username/password system you see everywhere. It includes a secure "remember-me" functionality. This can be used for standard web applications, as well as for single page applications. Includes full controllers and basic views for all standard functionality, like registration, login, forgot password, etc. ### Access Token [](#access-token) These are much like the access tokens that GitHub uses, where they are unique to a single user, and a single user can have more than one. This can be used for API authentication of third-party users, and even for allowing access for a mobile application that you build. ### HMAC SHA256 Token [](#hmac-sha256-token) This is a slightly more complicated improvement on Access Token authentication. The main advantage with HMAC is the shared Secret Key is not passed in the request, but is instead used to create a hash signature of the request body. ### JSON Web Token [](#json-web-token) JWT or JSON Web Token is a compact and self-contained way of securely transmitting information between parties as a JSON object. It is commonly used for authentication and authorization purposes in web applications. Important Features ------------------ [](#important-features) - Session-based authentication (traditional ID/Password with Remember-me) - Stateless authentication using Personal Access Tokens - Optional Email verification on account registration - Optional Email-based Two-Factor Authentication after login - Magic Link Login when a user forgets their password - Flexible Groups-based access control (think Roles, but more flexible) - Users can be granted additional Permissions See the [An Official Auth Library](https://forum.codeigniter.com/showthread.php?tid=82003) for more Info. Getting Started --------------- [](#getting-started) ### Prerequisites [](#prerequisites) Usage of Shield requires the following: - A [CodeIgniter 4.3.5+](https://github.com/codeigniter4/CodeIgniter4/) based project - [Composer](https://getcomposer.org/) for package management - PHP 8.1+ ### Installation [](#installation) Installation is done through Composer. ``` composer require codeigniter4/shield ``` See the [docs](https://codeigniter4.github.io/shield/) for more specific instructions on installation and usage recommendations. Contributing ------------ [](#contributing) Shield does accept and encourage contributions from the community in any shape. It doesn't matter whether you can code, write documentation, or help find bugs, all contributions are welcome. See the [CONTRIBUTING.md](CONTRIBUTING.md) file for details. License ------- [](#license) This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details. Acknowledgements ---------------- [](#acknowledgements) Every open-source project depends on its contributors to be a success. The following users have contributed in one manner or another in making Shield: [ ![Contributors](https://camo.githubusercontent.com/6ec35d9b25134a732fd065064b4dc4e3a404d50ae6298445730e19e536560359/68747470733a2f2f636f6e747269622e726f636b732f696d6167653f7265706f3d636f646569676e69746572342f736869656c64)](https://github.com/codeigniter4/shield/graphs/contributors)Made with [contrib.rocks](https://contrib.rocks). The following articles/sites have been fundamental in shaping the security and best practices used within this library, in no particular order: - [Google Cloud: 13 best practices for user account, authentication, and password management, 2021 edition](https://cloud.google.com/blog/products/identity-security/account-authentication-and-password-management-best-practices) - [NIST Digital Identity Guidelines](https://pages.nist.gov/800-63-3/sp800-63b.html) - [Implementing Secure User Authentication in PHP Applications with Long-Term Persistence (Login with "Remember Me" Cookies) ](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence) - [Password Storage - OWASP Cheat Sheet Series](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html) ### Health Score 56 — FairBetter than 98% of packages Maintenance87 Actively maintained with recent releases Popularity33 Limited adoption so far Community34 Small or concentrated contributor base Maturity65 Established project with proven stability Bus Factor1 Top contributor holds 51.1% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~98 days Recently: every ~182 days Total 15 Last Release 62d ago PHP version history (3 changes)v1.0.0-betaPHP ^7.4 || ^8.0 v1.0.0-beta.2PHP ^7.4.3 || ^8.0 v1.2.0PHP ^8.1 ### Community Maintainers ![](https://www.gravatar.com/avatar/65f693f45781e767ed8557b776fd775309e7a262629892b99cf38462931e9b26?d=identicon)[lonnieezell](/maintainers/lonnieezell) --- Top Contributors [![kenjis](https://avatars.githubusercontent.com/u/87955?v=4)](https://github.com/kenjis "kenjis (1418 commits)")[![datamweb](https://avatars.githubusercontent.com/u/9530214?v=4)](https://github.com/datamweb "datamweb (434 commits)")[![lonnieezell](https://avatars.githubusercontent.com/u/51931?v=4)](https://github.com/lonnieezell "lonnieezell (262 commits)")[![sammyskills](https://avatars.githubusercontent.com/u/8720569?v=4)](https://github.com/sammyskills "sammyskills (112 commits)")[![tswagger](https://avatars.githubusercontent.com/u/8365904?v=4)](https://github.com/tswagger "tswagger (72 commits)")[![MGatner](https://avatars.githubusercontent.com/u/17572847?v=4)](https://github.com/MGatner "MGatner (61 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (48 commits)")[![jozefrebjak](https://avatars.githubusercontent.com/u/36922215?v=4)](https://github.com/jozefrebjak "jozefrebjak (42 commits)")[![warcooft](https://avatars.githubusercontent.com/u/22941122?v=4)](https://github.com/warcooft "warcooft (38 commits)")[![samsonasik](https://avatars.githubusercontent.com/u/459648?v=4)](https://github.com/samsonasik "samsonasik (38 commits)")[![paulbalandan](https://avatars.githubusercontent.com/u/51850998?v=4)](https://github.com/paulbalandan "paulbalandan (30 commits)")[![michalsn](https://avatars.githubusercontent.com/u/459185?v=4)](https://github.com/michalsn "michalsn (29 commits)")[![mieszkou](https://avatars.githubusercontent.com/u/57371264?v=4)](https://github.com/mieszkou "mieszkou (26 commits)")[![nowackipawel](https://avatars.githubusercontent.com/u/8414802?v=4)](https://github.com/nowackipawel "nowackipawel (26 commits)")[![jlopes90](https://avatars.githubusercontent.com/u/50026015?v=4)](https://github.com/jlopes90 "jlopes90 (18 commits)")[![arashsaffari](https://avatars.githubusercontent.com/u/737229?v=4)](https://github.com/arashsaffari "arashsaffari (14 commits)")[![sba](https://avatars.githubusercontent.com/u/186256?v=4)](https://github.com/sba "sba (10 commits)")[![ThibautPV](https://avatars.githubusercontent.com/u/75485473?v=4)](https://github.com/ThibautPV "ThibautPV (9 commits)")[![mshannaq](https://avatars.githubusercontent.com/u/162535?v=4)](https://github.com/mshannaq "mshannaq (9 commits)")[![iamsyh](https://avatars.githubusercontent.com/u/5077021?v=4)](https://github.com/iamsyh "iamsyh (7 commits)") --- Tags authauthenticationauthorizationcodeigniter4Authenticationcodeigniterauthorizationcodeigniter4 ### Embed Badge ![Health badge](/badges/lonnieezell-codeigniter-shield/health.svg) ``` [![Health](https://phpackages.com/badges/lonnieezell-codeigniter-shield/health.svg)](https://phpackages.com/packages/lonnieezell-codeigniter-shield) ``` ### Alternatives [codeigniter4/shield Authentication and Authorization for CodeIgniter 4 417372.4k22](/packages/codeigniter4-shield)[league/oauth2-server A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API. 6.6k136.0M248](/packages/league-oauth2-server)[league/oauth2-client OAuth 2.0 Client Library 3.8k118.6M1.2k](/packages/league-oauth2-client)[league/oauth1-client OAuth 1.0 Client Library 99698.8M106](/packages/league-oauth1-client)[league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 41721.2M118](/packages/league-oauth2-google)[auth0/auth0-php PHP SDK for Auth0 Authentication and Management APIs. 40820.2M68](/packages/auth0-auth0-php) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)