PHPackages                             nowise/uup-auth - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. nowise/uup-auth

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

nowise/uup-auth
===============

Flexible authentication stack supporting multiple credential obtaining methods and account validation backends.

2.3.21(6y ago)0482Apache-2.0PHPPHP &gt;=5.6.0

Since Aug 29Pushed 6y agoCompare

[ Source](https://github.com/nowisesys/uup-auth)[ Packagist](https://packagist.org/packages/nowise/uup-auth)[ Docs](https://nowise.se/oss/uup/auth)[ RSS](/packages/nowise-uup-auth/feed)WikiDiscussions master Synced today

READMEChangelogDependencies (1)Versions (46)Used By (2)

UUP-AUTH - Authentication stack for PHP
---------------------------------------

[](#uup-auth---authentication-stack-for-php)

The uup-auth package provides a library for stacking authenticators together to support multiple authentication method in a uniform way.

Bundled are also restrictors for performing access restriction (i.e. on time of day or the ip-address/hostname). All authenticators in the stack can be set as required or sufficient to enforce logon policy (i.e. require CAS-logon from outside of LAN while supporting Kerberos logon from inside).

The library is modular. The authenticators are the frontend (credentials obtainers) that might use a validator as authentication source (for example LDAP). The authenticator can be combined with a storage object to support logon sessions.

Authenticators can be used in a stack or standalone (single login method). If configuring a stack, use one of the access classes for easy access to chains and authenticators.

```
+-- UUP/Authentication/
      +-- Authenticator/        : Authenticator frontend classes.
      +-- Restrictor/           : Restrictor classes.
      +-- Stack/                : Support for stacking authenticators/restrictors.
      +-- Storage/              : Persistance support.
      +-- Validator/            : Authentication support.

```

### Example

[](#example)

A typical authentication/authorization stack providing login thru PAM, CAS and LDAP with restriction on network and logon time might look like this:

```
class Authentication extends AuthenticatorStack
{

    public function __construct()
    {
        $chain = array(
            //
            // Plugin account authenticator objects in stack:
            //
            'auth'   => array(
                'pam'  => (new SystemAuthentication())
                    ->visible(true)
                    ->control(Authenticator::SUFFICIENT)
                    ->name('System')
                    ->description('Login using local system account.'),
                'cas'  => (new CasAuthenticator('cas.example.com'))
                    ->visible(true)
                    ->control(Authenticator::SUFFICIENT)
                    ->name('CAS')
                    ->description('CAS server login'),
                'ldap' => (new LdapAuthenticator('ldaps://ldap.example.com'))
                    ->visible(true)
                    ->control(Authenticator::SUFFICIENT)
                    ->name('LDAP')
                    ->description('LDAP authentication')
            ),
            //
            // Add some login restrictions:
            //
            'access' => array(
                'addr' => (new AddressRestrictor(array('::1', '127.0.0.1', '192.168.0.0/16')))
                    ->visible(false)
                    ->control(Authenticator::REQUIRED),
                'time' => (new DateTimeRestrictor('08:45', '16:30'))
                    ->visible(false)
                    ->control(Authenticator::REQUIRED)
            )
        );

        parent::__construct($chain);
    }

    public function getName()
    {
        return $this->getAuthenticator()->name;
    }

}
```

Somewhere (typical dispatcher or main template) add some code to handle login/logout request and render logon form:

```
try {
    $authenticator = new Authentication();

    if (filter_has_var(INPUT_GET, 'login')) {
        $authenticator->activate(filter_input(INPUT_GET, 'login'));
        $authenticator->login();
    }
    if (filter_has_var(INPUT_GET, 'logout')) {
        $authenticator->logout();
    }

    if ($authenticator->accepted()) {
        printf("Logged on to %s as %s | Logout\n",
                $authenticator->getName(),
                $authenticator->getSubject()
        );
    } else {
        printf("\n");
        printf("\n");
        foreach ($authenticator->authenticators(true) as $key => $obj) {
            printf("%s\n", $key, $obj->description, $obj->name);
        }
        printf("\n");
        printf("\n");
        printf("\n");
    }
} catch (Exception $exception) {
    die(sprintf("Exception: %s", $exception));
}
```

See examples directory for fully functional code. Visit the [project page](https://nowise.se/oss/uup/auth) for more information.

###  Health Score

30

—

LowBetter than 64% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity8

Limited adoption so far

Community10

Small or concentrated contributor base

Maturity71

Established project with proven stability

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~42 days

Recently: every ~158 days

Total

45

Last Release

2400d ago

Major Versions

1.0.2 → 2.0.02014-08-31

PHP version history (2 changes)1.0.3PHP &gt;=5.4.0

2.3.18PHP &gt;=5.6.0

### Community

Maintainers

![](https://www.gravatar.com/avatar/051c93d5c76da455715b999de080c10df538ce46843177f3b1779c235fe4aaff?d=identicon)[nowise](/maintainers/nowise)

---

Top Contributors

[![nowisesys](https://avatars.githubusercontent.com/u/35581658?v=4)](https://github.com/nowisesys "nowisesys (288 commits)")

---

Tags

authenticationauthorizationphp-libraryauthAuthenticationuupbmc

### Embed Badge

![Health badge](/badges/nowise-uup-auth/health.svg)

```
[![Health](https://phpackages.com/badges/nowise-uup-auth/health.svg)](https://phpackages.com/packages/nowise-uup-auth)
```

###  Alternatives

[tymon/jwt-auth

JSON Web Token Authentication for Laravel and Lumen

11.5k49.1M350](/packages/tymon-jwt-auth)[league/oauth2-server

A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.

6.6k136.0M248](/packages/league-oauth2-server)[php-open-source-saver/jwt-auth

JSON Web Token Authentication for Laravel and Lumen

8359.8M53](/packages/php-open-source-saver-jwt-auth)[auth0/auth0-php

PHP SDK for Auth0 Authentication and Management APIs.

40820.2M68](/packages/auth0-auth0-php)[kreait/firebase-tokens

A library to work with Firebase tokens

24040.8M14](/packages/kreait-firebase-tokens)[opauth/opauth

Multi-provider authentication framework for PHP

1.6k783.4k58](/packages/opauth-opauth)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)