PHPackages                             pebble-solutions/pebbleauthclient - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. pebble-solutions/pebbleauthclient

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

pebble-solutions/pebbleauthclient
=================================

Pebble client tool for authenticate user and licence management written in PHP

0.1.1(2y ago)0871GPL-3.0-or-laterPHP

Since Jan 16Pushed 2y ago2 watchersCompare

[ Source](https://github.com/pebble-solutions/pebble-auth-client-php)[ Packagist](https://packagist.org/packages/pebble-solutions/pebbleauthclient)[ Docs](https://pebble-solutions.github.io/pebble-auth-client-php/)[ RSS](/packages/pebble-solutions-pebbleauthclient/feed)WikiDiscussions main Synced 1mo ago

READMEChangelogDependencies (5)Versions (3)Used By (0)

Quickstart
==========

[](#quickstart)

Introduction
------------

[](#introduction)

This library offer a client for authenticate user and licence management written in PHP compatible with many PHP API Resource Server.

Installation
------------

[](#installation)

### Requirements

[](#requirements)

The following procedures explains the installation of the following packages :

- PHP 8 or higher
- composer

### Install with composer

[](#install-with-composer)

If your project use composer, simply add the following.

```
composer require pebble-solutions/pebbleauthclient
```

Usage
-----

[](#usage)

### Configuration

[](#configuration)

Before you can work with the library, you must define a system environment variable with the URI of the public Json Web Key Set (remote JWKS file).

This file will be requested and store **temporary** on your API Server. Your server should be able to write on *./var/credentials/auth/jwks.json* . If the file does not exist, it will be created.

**If you start your server directly from a terminal, run this command on your terminal before starting your server :**

```
export PBL_JWKS_REMOTE_URI=https://SERVER_URI/path/jwks.json
```

**If you start your server within a Docker container, you should add this line to your Dockefile :**

```
ENV PBL_JWKS_REMOTE_URI=https://SERVER_URI/path/jwks.json
```

**Other configurations**

You can add more configuration by defining some more environment variables on your system. These configurations have values by default that works for most of the cases.

Environment variableDefaultDescription`PBL_JWKS_REMOTE_URI`*Unset***MANDATORY** URI of the remote jwks.json file. This file contains all active public keys to decode token.`PBL_CERTS_FOLDER`./var/credentials/authLocal folder for temporary store authentication credentials. Storing locally the credentials improves server response.`PBL_JWKS_EXP_TIME`86400Duration in seconds after which Keys Set (JWKS) is considered as expired. All local copy of the keys must be destroyed and the remote server will be requested to create the new copy.### Test keys pair

[](#test-keys-pair)

Warning

These key files are not secured and must be used FOR TESTING PURPOSE ONLY on a local development environment !

**JWKS URI (for PBL\_JWKS\_REMOTE\_URI environment variable)**

[https://storage.googleapis.com/pebble-public-cdn/test\_auth/jwks\_test.json](https://storage.googleapis.com/pebble-public-cdn/test_auth/jwks_test.json)

**Public and private keys used to sign a token**

[https://storage.googleapis.com/pebble-public-cdn/test\_auth/public\_test.pem](https://storage.googleapis.com/pebble-public-cdn/test_auth/public_test.pem)

[https://storage.googleapis.com/pebble-public-cdn/test\_auth/private\_test.pem](https://storage.googleapis.com/pebble-public-cdn/test_auth/private_test.pem)

### Authenticate with token string

[](#authenticate-with-token-string)

```
$authService = new \PebbleAuthClient\Services\auth();

try {
    $pebbleAuthToken = $authService->auth("a.valid.token");
    $user = $pebbleAuthToken->getUser();
    $licence = $pebbleAuthToken->getAuthenticatedLicence();

    var_dump($pebbleAuthToken);
    var_dump($user);
    var_dump($licence);
}
catch (Exception $e) {
    echo "Error : ".$e->getMessage();
}
```

### Authenticate with HTTP Authorization header

[](#authenticate-with-http-authorization-header)

Note

This example shows one way to serverside authenticate a user with the Authorization header. The important thing is to communicate an array to `authFromHttpHeaders()` function with a valid Authorization key value.

```
/**
 * This class is an example of a custom authenticator for symfony.
 */
class TokenAuthenticator extends AbstractAuthenticator
{
    /** ... */

    public function authenticate(Request $request): Passport
    {
        $authService = new \PebbleAuthClient\Services\auth();

        try {
            $pebbleAuthToken = $authService->authFromHttpHeaders($request->headers->all());
            $user = $pebbleAuthToken->getUser();
            $licence = $pebbleAuthToken->getAuthenticatedLicence();

            var_dump($pebbleAuthToken);
            var_dump($user);
            var_dump($licence);
        }
        catch (Exception $e) {
            throw $e;
        }

        // implement your own logic to get the user identifier
        $userIdentifier = /** ... */;

        return new SelfValidatingPassport(new UserBadge($userIdentifier));
    }

    /** ... */
}
```

Note

`$headers` parameter in `authFromHttpHeaders()` method is compliant with [PSR-7 standard recommendation](https://www.php-fig.org/psr/psr-7/). Theses values must be considered as valid :

Key to string relation :

```
[
    "authorization" => "my.valid.token"
]
```

Key to array of strings relation :

```
[
    "authorization" => [
        "my.valid.token"
    ]
]
```

However, even if PSR-7 accept multiple values for the same header name, the following will cause an AmbiguousToken error. It is not allowed to provide multiple token throw the authorization header.

```
[
    "authorization" => [
        "my.first.token",
        "my.second.token"
    ]
]
```

### Check the audience

[](#check-the-audience)

Audience identifies the recipients that the token is intended for. Each resource server MUST be identified by its audience name and the authorization process MUST check that this audience exists in the token.

Warning

By default, audience is not checked by the authentication process. It is the responsibility of the resource server to communicate its audience name in order to only accept token that has been generated for the this specific resource server.

To check the audience, add an `$options` array to the `auth()` or `authFromHttpHeaders()` functions.

```
$authService = new \PebbleAuthClient\Services\auth();

// Check that the provided token has a valid audience for api.pebble.solutions/v5/my-resource
$auth_token = $authService->auth("----my.valid.token----", [
    'audience' => "api.pebble.solutions/v5/my-resource"
]);

// Check that token communicate through authorization header has a valid audience
// for api.pebble.solutions/v5/my-resource
$auth_token = $authService->authFromHttpHeaders(headers, [
    'audience' => "api.pebble.solutions/v5/my-resource"
]);
```

###  Health Score

19

—

LowBetter than 10% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity10

Limited adoption so far

Community9

Small or concentrated contributor base

Maturity33

Early-stage or recently created project

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~0 days

Total

2

Last Release

850d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/449dde2341b4345642f0fd60b6813d149d2c131d941f4188419799c9405dd173?d=identicon)[Guillaume35](/maintainers/Guillaume35)

---

Top Contributors

[![Guillaume35](https://avatars.githubusercontent.com/u/945411?v=4)](https://github.com/Guillaume35 "Guillaume35 (18 commits)")

### Embed Badge

![Health badge](/badges/pebble-solutions-pebbleauthclient/health.svg)

```
[![Health](https://phpackages.com/badges/pebble-solutions-pebbleauthclient/health.svg)](https://phpackages.com/packages/pebble-solutions-pebbleauthclient)
```

###  Alternatives

[google/auth

Google Auth Library for PHP

1.4k272.7M162](/packages/google-auth)[kreait/firebase-php

Firebase Admin SDK

2.4k39.7M72](/packages/kreait-firebase-php)[saloonphp/saloon

Build beautiful API integrations and SDKs with Saloon

2.4k9.6M468](/packages/saloonphp-saloon)[ellaisys/aws-cognito

AWS Cognito package that allows Auth and other related features using the AWS SDK for PHP

120220.7k1](/packages/ellaisys-aws-cognito)[kinde-oss/kinde-auth-php

Kinde PHP SDK for authentication

2369.5k3](/packages/kinde-oss-kinde-auth-php)[clerkinc/backend-php

2755.0k](/packages/clerkinc-backend-php)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)