PHPackages                             middlewares/http-authentication - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [HTTP &amp; Networking](/categories/http)
4. /
5. middlewares/http-authentication

ActiveLibrary[HTTP &amp; Networking](/categories/http)

middlewares/http-authentication
===============================

Middleware to implement Basic and Digest Http authentication

v2.2.0(1y ago)35302.0k↑46.2%42MITPHPPHP ^7.2 || ^8.0CI passing

Since Oct 2Pushed 1y ago2 watchersCompare

[ Source](https://github.com/middlewares/http-authentication)[ Packagist](https://packagist.org/packages/middlewares/http-authentication)[ Docs](https://github.com/middlewares/http-authentication)[ RSS](/packages/middlewares-http-authentication/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (10)Dependencies (8)Versions (13)Used By (2)

middlewares/http-authentication
===============================

[](#middlewareshttp-authentication)

[![Latest Version on Packagist](https://camo.githubusercontent.com/ee4fcc37d3fb876cd08440afcbea8bffe695ee38de7a674776a4ca6222781f1f/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6d6964646c6577617265732f687474702d61757468656e7469636174696f6e2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/middlewares/http-authentication)[![Software License](https://camo.githubusercontent.com/55c0218c8f8009f06ad4ddae837ddd05301481fcf0dff8e0ed9dadda8780713e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](LICENSE)[![Testing](https://github.com/middlewares/http-authentication/workflows/testing/badge.svg)](https://github.com/middlewares/http-authentication/workflows/testing/badge.svg)[![Total Downloads](https://camo.githubusercontent.com/12b71264118bbc0e9629de4d6251c2a577a4d954749df2081f5d0d1998e4285d/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6d6964646c6577617265732f687474702d61757468656e7469636174696f6e2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/middlewares/http-authentication)

Middleware to implement [RFC 2617 Http Authentication](https://tools.ietf.org/html/rfc2617). Contains the following components:

- [BasicAuthentication](#basicauthentication)
- [DigestAuthentication](#digestauthentication)

Requirements
------------

[](#requirements)

- PHP &gt;= 7.2
- A [PSR-7 http library](https://github.com/middlewares/awesome-psr15-middlewares#psr-7-implementations)
- A [PSR-15 middleware dispatcher](https://github.com/middlewares/awesome-psr15-middlewares#dispatcher)

Installation
------------

[](#installation)

This package is installable and autoloadable via Composer as [middlewares/http-authentication](https://packagist.org/packages/middlewares/http-authentication).

```
composer require middlewares/http-authentication
```

BasicAuthentication
-------------------

[](#basicauthentication)

The [Basic access authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) is the simplest technique.

You have to provide an `Array` or `ArrayAccess` with the usernames and passwords of all available users. The keys are the usernames and the values the passwords.

```
Dispatcher::run([
    new Middlewares\BasicAuthentication([
        'username1' => 'password1',
        'username2' => 'password2'
    ])
]);
```

Optionally, you can provide a `Psr\Http\Message\ResponseFactoryInterface` as the second argument, that will be used to create the error responses (`401`). If it's not defined, [Middleware\\Utils\\Factory](https://github.com/middlewares/utils#factory) will be used to detect it automatically.

```
$responseFactory = new MyOwnResponseFactory();

$route = new Middlewares\BasicAuthentication($users, $responseFactory);
```

### realm

[](#realm)

The realm value. By default is "Login".

### attribute

[](#attribute)

The attribute name used to save the username of the user. If it's not defined, it wont be saved. Example:

```
Dispatcher::run([
    (new Middlewares\BasicAuthentication([
        'username1' => 'password1',
        'username2' => 'password2'
    ]))->attribute('username'),

    function ($request) {
        $username = $request->getAttribute('username');

        return new Response('Hello '.$username);
    }
]);
```

### verifyHash

[](#verifyhash)

This option verifies the password using [`password_verify`](https://www.php.net/manual/en/function.password-verify.php). Useful if you don't want to provide the passwords in plain text.

```
$users = [
    'username' => password_hash('secret-password', PASSWORD_DEFAULT);
]

Dispatcher::run([
    (new Middlewares\BasicAuthentication($users))
        ->attribute('username')
        ->verifyHash(),

    function ($request) {
        $username = $request->getAttribute('username');

        return new Response('Hello '.$username);
    }
]);
```

DigestAuthentication
--------------------

[](#digestauthentication)

The [Digest access authentication](https://en.wikipedia.org/wiki/Digest_access_authentication) is more secure than basic.

The constructor signature is the same than `BasicAuthentication`:

```
$users = [
    'username1' => 'password1',
    'username2' => 'password2'
];
$responseFactory = new MyOwnResponseFactory();

Dispatcher::run([
    new Middlewares\DigestAuthentication($users, $responseFactory)
]);
```

### realm

[](#realm-1)

The realm value. By default is "Login".

### attribute

[](#attribute-1)

The attribute name used to save the username of the user. If it's not defined, it wont be saved.

### nonce

[](#nonce)

To configure the nonce value. If its not defined, it's generated with [uniqid](http://php.net/uniqid)

---

Please see [CHANGELOG](CHANGELOG.md) for more information about recent changes and [CONTRIBUTING](CONTRIBUTING.md) for contributing details.

The MIT License (MIT). Please see [LICENSE](LICENSE) for more information.

###  Health Score

50

—

FairBetter than 96% of packages

Maintenance46

Moderate activity, may be stable

Popularity44

Moderate usage in the ecosystem

Community19

Small or concentrated contributor base

Maturity75

Established project with proven stability

 Bus Factor1

Top contributor holds 94.5% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~281 days

Recently: every ~485 days

Total

12

Last Release

422d ago

Major Versions

v0.5.0 → v1.0.02018-01-25

v1.1.0 → v2.0.02019-11-30

PHP version history (4 changes)v0.1.0PHP ^5.6 || ^7.0

v0.5.0PHP ^7.0

v2.0.0PHP ^7.2

v2.1.1PHP ^7.2 || ^8.0

### Community

Maintainers

![](https://www.gravatar.com/avatar/e99df56b617f4af8cf0556a51a0ca20c7420104920c57d7e9eab093f92bb744f?d=identicon)[oscarotero](/maintainers/oscarotero)

![](https://www.gravatar.com/avatar/42e0d72f42eb7d84f67e20d28606da42e5a3248ca908b1eadb4366aafeae2561?d=identicon)[filisko](/maintainers/filisko)

---

Top Contributors

[![oscarotero](https://avatars.githubusercontent.com/u/377873?v=4)](https://github.com/oscarotero "oscarotero (52 commits)")[![filisko](https://avatars.githubusercontent.com/u/8798694?v=4)](https://github.com/filisko "filisko (2 commits)")[![nlemoine](https://avatars.githubusercontent.com/u/2526939?v=4)](https://github.com/nlemoine "nlemoine (1 commits)")

---

Tags

basic-authenticationdigest-authenticationhttphttp-authenticationmiddlewarepsr-15httppsr-7middlewareAuthenticationserverpsr-15basicdigest

###  Code Quality

TestsPHPUnit

Static AnalysisPHPStan

Code StylePHP CS Fixer

Type Coverage Yes

### Embed Badge

![Health badge](/badges/middlewares-http-authentication/health.svg)

```
[![Health](https://phpackages.com/badges/middlewares-http-authentication/health.svg)](https://phpackages.com/packages/middlewares-http-authentication)
```

###  Alternatives

[middlewares/request-handler

Middleware to execute request handlers

451.6M26](/packages/middlewares-request-handler)[middlewares/fast-route

Middleware to use FastRoute

96191.1k15](/packages/middlewares-fast-route)[middlewares/negotiation

Middleware to implement content negotiation

47442.1k11](/packages/middlewares-negotiation)[middlewares/payload

Middleware to parse the body of the request with support for json, csv and url-encode

32466.8k17](/packages/middlewares-payload)[mezzio/mezzio-authentication

Authentication middleware for Mezzio and PSR-7 applications

121.6M26](/packages/mezzio-mezzio-authentication)[middlewares/whoops

Middleware to use Whoops as error handler

33205.4k24](/packages/middlewares-whoops)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)