PHPackages madesimple/slim-auth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. madesimple/slim-auth ActiveLibrary[Authentication & Authorization](/categories/authentication) madesimple/slim-auth ==================== Authentication and authorisation middleware for Slim framework v2.1.0(3y ago)1710.3k4MITPHPPHP >=7.2CI failing Since Jan 25Pushed 3y ago2 watchersCompare [ Source](https://github.com/pdscopes/slim-auth)[ Packagist](https://packagist.org/packages/madesimple/slim-auth)[ RSS](/packages/madesimple-slim-auth/feed)WikiDiscussions master Synced 3w ago READMEChangelog (3)Dependencies (7)Versions (4)Used By (0) madesimple/slim-auth ==================== [](#madesimpleslim-auth) [![Build Status](https://camo.githubusercontent.com/1f1b55d8402a730b85e7bd7b0e272c839636abfcf5395cea63c6e78f098feb01/68747470733a2f2f7472617669732d63692e6f72672f706473636f7065732f736c696d2d617574682e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/pdscopes/slim-auth) An authentication and authorisation middleware for [Slim 4 framework](https://www.slimframework.com/). Installation ------------ [](#installation) ``` composer require madesimple/slim-auth ``` Authentication -------------- [](#authentication) A middleware to determine whether the request contains valid authentication token. The middleware has been designed so that it can easily be extended to: - handle any type of token retrieval; - handle any type of validation method; and, - perform any set of actions if authentication was successful. To use an Authentication middleware to your Slim application simply: ``` use Slim\Middleware\Authentication\SimpleTokenAuthentication; /** @var \Slim\App $app The Slim application */ /** @var string $pattern Pattern for either the group or a route */ /** @var callable $callable A callable for a route */ // Add to all routes: $app->add(new SimpleTokenAuthentication($app->getContainer(), $options)); // Add to a group of routes: $app->group($pattern, function () {}) ->add(new SimpleTokenAuthentication($app->getContainer(), $options)); // Add to a specific route: $app->get($pattern, $callable) ->add(new SimpleTokenAuthentication($app->getContainer(), $options)); ``` *Side node*: We recommend that if you are going to be adding same authentication to more than more groups/routes to put the middleware in `dependencies.php`. Default options for authentication are: ``` [ // boolean - whether to enforce an https connection 'secure' => true, // array - list of hostnames/IP addresses to ignore the secure flag 'relaxed' => ['localhost', '127.0.0.1'], // array - list of environment variables to check for the token (set to an empty array to skip) 'environment' => ['HTTP_AUTHORIZATION', 'REDIRECT_HTTP_AUTHORIZATION'], // string - the header to check for the token (set to false, null, or '' to skip) 'header' => 'X-Auth', // string - the regex to match the token ($match[$options['index']] is used as the token) 'regex' => '/(.*)/', // integer - the regex index to use as the token 'index' => 1, // string - the cookie to check for the token (set to false, null, or '' to skip) 'cookie' => 'X-Auth', // string - the identifier for the token in the payload 'payload' => null, // string - the name to store the token in the request attributes 'attribute' => 'token', // object - an instance of a Psr\LoggerInterface 'logger' => null, ]; ``` When authentication fails the middleware throws an `HttpUnauthorizedException` is thrown. ### SimpleTokenAuthentication [](#simpletokenauthentication) Simple token authentication is an implementation of Authentication which allows the user to provide a callable to validate a token. The callable is passed to Simple token authentication using the option: ``` [ // callable - function to validate the token [required] 'validate' => null, ]; ``` The callable should have the following signature: ``` function ($token): bool { /** @var bool $isValid Populated by this function, true if the token is valid */ return $isValid; } ``` ### JwtAuthentication [](#jwtauthentication) JWT authentication is an implementation of Authentication which allows the user to use JWT as authentication tokens. JWT authentication overrides the default regex, and adds two extra options: ``` [ // string - Overrides the default regex 'regex' => '/Bearer\s+(.*)$/i', // string - JWT secret [required] 'secret' => '', // array - list of JWT algorithms [optional] 'algorithm' => ['HS256', 'HS512', 'HS384'], ]; ``` Authorisation ------------- [](#authorisation) A middleware to determine whether an authenticated request has authorisation to access the requested route. When Authorisation fails the middleware throws an `HttpForbiddenException` exception. *Note*: If you need to access the route from within your app middleware you will need to add the `Middleware\RoutingMiddleware` middleware to your application just before you call `run()`. ### Health Score 35 — LowBetter than 77% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity34 Limited adoption so far Community12 Small or concentrated contributor base Maturity60 Established project with proven stability Bus Factor1 Top contributor holds 96.6% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~888 days Total 3 Last Release 1295d ago Major Versions v1.0.0 → v2.0.02020-06-19 PHP version history (2 changes)v1.0.0PHP >=7.0 v2.0.0PHP >=7.2 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/13329586?v=4)[Pete Scopes](/maintainers/pdscopes)[@pdscopes](https://github.com/pdscopes) --- Top Contributors [![pdscopes](https://avatars.githubusercontent.com/u/13329586?v=4)](https://github.com/pdscopes "pdscopes (28 commits)")[![gliden](https://avatars.githubusercontent.com/u/19516505?v=4)](https://github.com/gliden "gliden (1 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/madesimple-slim-auth/health.svg) ``` [![Health](https://phpackages.com/badges/madesimple-slim-auth/health.svg)](https://phpackages.com/packages/madesimple-slim-auth) ``` ### Alternatives [cakephp/cakephp The CakePHP framework 8.8k19.1M1.7k](/packages/cakephp-cakephp)[matomo/matomo Matomo is the leading Free/Libre open analytics platform 21.6k38.2k](/packages/matomo-matomo)[simplesamlphp/saml2 SAML2 PHP library from SimpleSAMLphp 30417.8M41](/packages/simplesamlphp-saml2)[web-auth/webauthn-lib FIDO2/Webauthn Support For PHP 1237.8M120](/packages/web-auth-webauthn-lib)[web-auth/webauthn-framework FIDO2/Webauthn library for PHP and Symfony Bundle. 51390.8k2](/packages/web-auth-webauthn-framework)[evoweb/sf-register Frontend User Registration 14185.9k2](/packages/evoweb-sf-register) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)