PHPackages phant/auth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. phant/auth ActiveLibrary[Authentication & Authorization](/categories/authentication) phant/auth ========== Manage auth easily 2.2(1y ago)03.8k↓50%MITPHPPHP >=8.1 Since Sep 21Pushed 1y ago1 watchersCompare [ Source](https://github.com/PhantPHP/auth)[ Packagist](https://packagist.org/packages/phant/auth)[ RSS](/packages/phant-auth/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (9)Dependencies (6)Versions (10)Used By (0) Auth ==== [](#auth) Presentation ------------ [](#presentation) The authentication service is intended to manage access (Applications and Users) to applications and APIs. The application wishing to use this service must first obtain an API key (to be generated). Authentication service aims to provide an access token allowing access of applications and users. Obtaining the access token is subject to various methods. The access token has a limited lifetime. It embeds data relating to its applicant (application, user). Technologies used ----------------- [](#technologies-used) - `PHP 8.1` - `Composer` for dependencies management (PHP) Installation ------------ [](#installation) `composer install` Request access -------------- [](#request-access) For each use case the following setup is required. ``` use Phant\Auth\Domain\Service\AccessToken as ServiceAccessToken; use Phant\Auth\Domain\Service\RequestAccess as ServiceRequestAccess; use Phant\Auth\Domain\Entity\SslKey; use App\RepositoryRequestAccess; // Config $sslKey = new SslKey('private key', 'public key'); $repositoryRequestAccess = new RepositoryRequestAccess(); // Build services $serviceRequestAccess = new ServiceRequestAccess( $repositoryRequestAccess, $sslKey ); $serviceAccessToken = return new ServiceAccessToken( $sslKey, $serviceRequestAccess ) ``` ### From API key [](#from-api-key) Process : 1. The application requests an access token by providing its API key, 2. The service provides an access token. ``` use Phant\Auth\Domain\Service\RequestAccessFromApiKey as ServiceRequestAccessFromApiKey; use App\RepositoryApplication; // Config $repositoryApplication = new RepositoryApplication(); // Build services $serviceRequestAccessFromApiKey = new ServiceRequestAccessFromApiKey( $serviceRequestAccess, $serviceAccessToken, $repositoryApplication ); // Obtain API key from application /* @todo */ $apiKey = 'XXXXXXXX.XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; // Request access token $accessToken = $serviceRequestAccessFromApiKey->getAccessToken($apiKey); ``` ### From Otp [](#from-otp) Process : 1. The application asks the user to authenticate himself by providing his contact details (last name, first name and e-mail address), 2. The application generates an access request by providing its identity and the user's contact details (last name, first name and e-mail address), 3. The service generates an Otp and requests its sending to the user, 4. The user receives an Otp, 5. The application retrieves the Otp from the user, 6. The user transmits the received Otp to the application, 7. The application verifies the Otp with the service, 8. The application requests an access token, 9. The service provides an access token. The Otp is sent to user by your own OtpSender service (e-mail, SMS, etc.). ``` use Phant\Auth\Domain\Service\RequestAccessFromOtp as ServiceRequestAccessFromOtp; use Phant\Auth\Domain\Entity\Application; use Phant\Auth\Domain\Entity\User; use App\OtpSender; // Config $repositoryApplication = new RepositoryApplication(); $otpSender = new OtpSender(); // Build services $serviceRequestAccessFromOtp = new ServiceRequestAccessFromOtp( $serviceRequestAccess, $serviceAccessToken, $otpSender ); // Request access token $user = new User( 'john.doe@domain.ext', 'John', 'DOE' ); $application = new Application( 'eb7c9c44-32c2-4e88-8410-4ebafb18fdf7', 'My app', 'https://domain.ext/image.ext' ); $requestAccessToken = $serviceRequestAccessFromOtp->generate($user, $application); // Obtain Otp from user /* @todo */ $otp = '123456'; // Verify Otp $isValid = $serviceRequestAccessFromOtp->verify($otp); if ( ! $isValid) { $numberOfAttemptsRemaining = $serviceRequestAccessFromOtp->numberOfAttemptsRemaining($requestAccessToken); } // Get access token $accessToken = $serviceRequestAccessFromOtp->getAccessToken($requestAccessToken); ``` ### From third party [](#from-third-party) Process : 1. The application generates an access request by providing its identity, 2. The service generates an Access-Request and returns an Access-Request Token, 3. The application forwards the authentication request to the third party service by passing the access request token, 4. The user authenticates with the third-party authentication service, 5. The application retrieves the user authentication result, 6. The application declares the authentication result, 7. The service takes note of the authentication. 8. The service provides an access token. ``` use Phant\Auth\Domain\Service\RequestAccessFromThirdParty as ServiceRequestAccessFromThirdParty; use Phant\Auth\Domain\Entity\Application; use Phant\Auth\Domain\Entity\User; use App\RepositoryRequestAccess; // Config $repositoryApplication = new RepositoryApplication(); $otpSender = new OtpSender(); // Build services $serviceRequestAccessFromThirdParty = new ServiceRequestAccessFromThirdParty( $serviceRequestAccess, $serviceAccessToken ); // Request access token $application = new Application( 'eb7c9c44-32c2-4e88-8410-4ebafb18fdf7', 'My app', 'https://domain.ext/image.ext' ); $requestAccessToken = $serviceRequestAccessFromThirdParty->generate( $application, 'https://domain.ext/callback/url' ); // Request third party auth with requestAccessToken /* @todo */ // Obtain authentication status /* @todo */ $isAuthorized = true; // Obtain user data /* @todo */ $user = new User( 'john.doe@domain.ext', 'John', 'DOE' ); // Set auth status $serviceRequestAccessFromThirdParty->setStatus($requestAccessToken, $user, $isAuthorized); // Get access token $accessToken = $serviceRequestAccessFromThirdParty->getAccessToken($requestAccessToken); ``` Access token ------------ [](#access-token) The access token is a JWT. For each use case the following setup is required. ``` use Phant\Auth\Domain\Service\AccessToken as ServiceAccessToken; use Phant\Auth\Domain\Service\RequestAccess as ServiceRequestAccess; use Phant\Auth\FixtDomainure\DataStructure\SslKey; use App\RepositoryRequestAccess; // Config $sslKey = new SslKey('private key', 'public key'); $repositoryRequestAccess = new RepositoryRequestAccess(); // Build services $serviceRequestAccess = new ServiceRequestAccess( $repositoryRequestAccess, $sslKey ); $serviceAccessToken = return new ServiceAccessToken( $sslKey, $serviceRequestAccess ) // An access token $accessToken = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhcHAiOnsiaWQiOiJjMjI4MDI1OC03OGU5LTQ4ZmQtOTA1Zi0yYzhlMDIzYWNiOWMiLCJuYW1lIjoiRmxhc2hwb2ludCIsImxvZ28iOiJodHRwczpcL1wvdmlhLnBsYWNlaG9sZGVyLmNvbVwvNDAweDIwMD90ZXh0PUZsYXNocG9pbnQiLCJhcGlfa2V5IjoiZnc5TEFJcFkuclA2b2d5VlNRdEx1OWRWMXBqOTR2WG56ekVPNXNISldHeHdhNWMxZzZMa3owNlo5dGNuc21GNFNieVRqeURTaCJ9LCJ1c2VyIjp7ImVtYWlsX2FkZHJlc3MiOiJqb2huLmRvZUBkb21haW4uZXh0IiwibGFzdG5hbWUiOiJET0UiLCJmaXJzdG5hbWUiOiJKb2huIiwicm9sZSI6bnVsbH0sImlhdCI6MTY2MzY4NDM3MCwiZXhwIjoxNjYzNjk1MTcwfQ.a-wJ_T1ENG58zCw2X7oP2oZrziZRP_m0rOOkUkC2axAsx7O72ebGjQja-iry-lFvd1PF48BxejQw69LPUQKrx1Tb9oQ_8VqMhU97nR8Jd5v2jlWIA7CP2H9voQLE5ybHpqFO2IzgPf2MurzwXQ0tlSeiRbQzHLzMBbWhcQLU4aI'; ``` ### JWT decrypt method [](#jwt-decrypt-method) The application may need the public key for the following uses : - check the integrity of the token, - extract data from the token. ``` use Phant\DataStructure\Token\Jwt; use Phant\Error\NotCompliant; $publicKey = $serviceAccessToken->getPublicKey(); try { $payLoad = (new Jwt($accessToken))->decode($publicKey); } catch (NotCompliant $e) { } ``` ### Verification [](#verification) The application can verify the integrity of the token with the service. ``` use Phant\Auth\Domain\Entity\Application; $application = new Application( 'eb7c9c44-32c2-4e88-8410-4ebafb18fdf7', 'My app', 'https://domain.ext/image.ext' ); $isValid = $serviceAccessToken->check($accessToken, $application); ``` ### Get payload [](#get-payload) The app can get the token payload from the service. ``` use Phant\Auth\Domain\Entity\Application; $application = new Application( 'eb7c9c44-32c2-4e88-8410-4ebafb18fdf7', 'My app', 'https://domain.ext/image.ext' ); $payload = $serviceAccessToken->getPayload($accessToken); ``` ### Health Score 37 — LowBetter than 83% of packages Maintenance45 Moderate activity, may be stable Popularity21 Limited adoption so far Community7 Small or concentrated contributor base Maturity61 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~113 days Recently: every ~227 days Total 9 Last Release 426d ago Major Versions 1.5 → 2.02022-10-24 ### Community Maintainers ![](https://www.gravatar.com/avatar/5ce749176c74e4c4fd7bd457cdad471fd1e0e14092259e60e7330724ce622dce?d=identicon)[Phant](/maintainers/Phant) --- Top Contributors [![lennyrouanet](https://avatars.githubusercontent.com/u/5269913?v=4)](https://github.com/lennyrouanet "lennyrouanet (66 commits)") --- Tags auth managerSimpleAuthauth component ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StylePHP CS Fixer Type Coverage Yes ### Embed Badge ![Health badge](/badges/phant-auth/health.svg) ``` [![Health](https://phpackages.com/badges/phant-auth/health.svg)](https://phpackages.com/packages/phant-auth) ``` ### Alternatives [bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth)[beatswitch/lock A flexible, driver based Acl package for PHP 5.4+ 870304.7k2](/packages/beatswitch-lock)[amocrm/amocrm-api-library amoCRM API Client 182728.5k6](/packages/amocrm-amocrm-api-library)[vonage/jwt A standalone package for creating JWTs for Vonage APIs 424.1M4](/packages/vonage-jwt) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)