PHPackages mattferris/auth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. mattferris/auth ActiveLibrary[Authentication & Authorization](/categories/authentication) mattferris/auth =============== An extensible authentivation library for PHP 0.2(9y ago)01031BSD-2-ClausePHP Since Oct 21Pushed 9y ago1 watchersCompare [ Source](https://github.com/mattferris/auth)[ Packagist](https://packagist.org/packages/mattferris/auth)[ RSS](/packages/mattferris-auth/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (2)Versions (3)Used By (1) Auth ==== [](#auth) An extensible authentication library for PHP. ``` use MattFerris\Auth\Authenticator; $auth = new Authenticator(); $auth->register($authProvider); $response = $auth->authenticate($request); ``` Requests -------- [](#requests) Every authentication request must be an instance of `RequestInterface`. Handlers subscribe to different event types based on the request's class. For example, a handler may subscribe to `MattFerris\Auth\PasswordRequest`, and will only be called when an instance of `MattFerris\Auth\PasswordReqeust` is received. ``` $auth->authenticate(new MattFerris\Auth\PasswordRequest(...)); ``` Providers --------- [](#providers) Providers register handlers and manipulators which handle authentication requests, and manipulate authentication responses (respectively). ``` use MattFerris\Provider\ProviderInterface; use MattFerris\Auth\RequestInterface; use MattFerris\Auth\ResponseInterface; use MattFerris\Auth\Response; class Provider implements ProviderInterface { public function provides($consumer) { // $consumer contains an instance of Authenticator $authenticator = $consumer; $authenticator ->handle('PassowrdRequest', [$this, 'passwordAuth']) ->handle('PrivateKeyRequest', function (RequestInterface $request) { // do private key stuff here }); $authentcator ->manipulate('PasswordResponse', [$this, 'manipulatePasswordResponse']); } } ``` Handlers -------- [](#handlers) Handlers provide mechanisms for authenticating requests. Handlers for a particular request are processed in the order they were registered. If a handler returns a response no further handlers are processed. Handlers can return either null (no response), or an instance of `ResponseInterface`. In the above example, `$this->passwordAuth` was defined as a handler. It's implementation might look like: ``` public function passwordAuth(RequestInterface $request) { // prepare an auth-failed response by default $response = new Response(false); // verify the username and password against the database if ($this->db->verify($request->getUsername(), $request->getPassword()) { // everything matched, so generate an auth-success response, including // the username, uid and auth expiry $response = new Response(true, $this->generateToken( array( 'username' => $request->getUsername(), 'uid' => $userId, 'expiry' => time() + 3600 ) )); } return $response; } ``` Responses --------- [](#responses) Handlers return instances of `ResponseInterface` that contain the status of the authentication request and any additional information provided by the handler. The status of the response can be determined by calling `isValid()`. ``` $response = $auth->authenticate($request); if ($response->isValid()) { echo 'success'; } else { echo 'failed'; } ``` Manipulators ------------ [](#manipulators) Manipulators allow for the modification of responses. As with handlers, manipulators are processed in the order the were registered, with processing stopping when a response is returned. Manipulators allow for more sophisticated responses to be generated without complicating the authentication itself. For example, users can login to your service via multiple remote services (Google, Facebook, etc..) and then be issued a login token. You could register handlers for each remote service: ``` namespace MyApp; use MattFerris\Provider\ProviderInterface class RemoteServicesProvider implements ProviderInterface { public function provides($consumer) { $consumer ->handle('MyApp\\GoogleRequest', [$this, 'handleGoogleRequest']) ->handle('MyApp\\FacebookRequest', [$this, 'handleFacebookRequest']); } public function handleGoogleRequest(GoogleRequest $request) { // call google auth api return $this->generateToken(...); } public function handleFacebookRequest(FacebookRequset $request) { // call facebook auth api return $this->generateToken(...); } protected function generateToken(...) { // token generation stuff } } ``` Alternatively, you could decouple the token generation from the authentication using a manipulator. ``` namespace MyApp; use MattFerris\Privder\ProviderInterface; use MattFerris\Auth\Response; class TokenManiplatorProvider implements ProviderInterface { public function provides($consumer) { $consumer->manipulate('MattFerris\\Auth\\Response', [$this, 'manipulateResponse']); } public function manipulateResponse(Response $response) { // don't manipulate failed auth requests if (!$response->isValid()) { return; } $tokenData = $response->getAttributes(); $token = $this->generateToken($tokenData); $response = new Response(true, array('token' => $token)); } } ``` This manipulator can take any valid auth request and generate a response with a token. Handlers no longer need to know how to generate tokens. Your application code looks like: ``` namespace MyApp; $auth = new MattFerris\Auth\Authenticator(); $auth ->register(new RemoteServicesProvider()) ->register(new TokenManipulatorProvider()); $response = $auth->authenticate(new GoogleRequest()); setCookie('auth_token', $response->getAttribute('token')); ``` ### Health Score 26 — LowBetter than 43% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity10 Limited adoption so far Community9 Small or concentrated contributor base Maturity54 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~454 days Total 2 Last Release 3408d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/9d3d46e7fdc93a3d67119773bdae779e281a87f2d70e95568a969c72205aedf7?d=identicon)[mattferris](/maintainers/mattferris) --- Top Contributors [![mattferris](https://avatars.githubusercontent.com/u/1687325?v=4)](https://github.com/mattferris "mattferris (7 commits)") ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/mattferris-auth/health.svg) ``` [![Health](https://phpackages.com/badges/mattferris-auth/health.svg)](https://phpackages.com/packages/mattferris-auth) ``` ### Alternatives [bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth)[beatswitch/lock A flexible, driver based Acl package for PHP 5.4+ 870304.7k2](/packages/beatswitch-lock)[amocrm/amocrm-api-library amoCRM API Client 182728.5k6](/packages/amocrm-amocrm-api-library)[vonage/jwt A standalone package for creating JWTs for Vonage APIs 424.1M4](/packages/vonage-jwt) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)