PHPackages popphp/pop-auth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. popphp/pop-auth ActiveLibrary[Authentication & Authorization](/categories/authentication) popphp/pop-auth =============== Pop Auth Component for Pop PHP Framework 4.0.3(6mo ago)56.5k↓50%1BSD-3-ClausePHPPHP >=8.3.0CI passing Since Jul 16Pushed 6mo ago1 watchersCompare [ Source](https://github.com/popphp/pop-auth)[ Packagist](https://packagist.org/packages/popphp/pop-auth)[ Docs](https://github.com/popphp/pop-auth)[ RSS](/packages/popphp-pop-auth/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (10)Dependencies (3)Versions (29)Used By (1) pop-auth ======== [](#pop-auth) [![Build Status](https://github.com/popphp/pop-auth/workflows/phpunit/badge.svg)](https://github.com/popphp/pop-auth/actions)[![Coverage Status](https://camo.githubusercontent.com/82cfaeec8733ba9c781042e212deff20020716af660d9e15833e0b9e547e5a58/687474703a2f2f63632e706f707068702e6f72672f636f7665726167652e7068703f636f6d703d706f702d61757468)](http://cc.popphp.org/pop-auth/) [![Join the chat at https://discord.gg/TZjgT74U7E](https://camo.githubusercontent.com/acad7b0eeb78b78d08ffd2b85681ab243436388b5f86f8bcb956a69246e53739/68747470733a2f2f6d656469612e706f707068702e6f72672f696d672f646973636f72642e737667)](https://discord.gg/TZjgT74U7E) - [Overview](#overview) - [Install](#install) - [Quickstart](#quickstart) - [Using a File](#using-a-file) - [Using a Database](#using-a-database) - [Using HTTP](#using-http) - [Using LDAP](#using-ldap) - [Getting the User](#getting-the-user) Overview -------- [](#overview) `pop-auth` provides adapters to authenticate users via different authentication sources. The adapters share the same interface and are interchangeable. The available available adapters are: - File - Database - HTTP - LDAP `pop-auth` is a component of the [Pop PHP Framework](http://www.popphp.org/). Install ------- [](#install) Install `pop-auth` using Composer. ``` composer require popphp/pop-auth ``` Or, require it in your composer.json file ``` "require": { "popphp/pop-auth" : "^4.0.3" } ``` [Top](#pop-auth) Quickstart ---------- [](#quickstart) To verify an authentication attempt, create a new auth object pointed at its authentication source. From there, you can attempt to call the `authenticate()` with a username and password. ``` use Pop\Auth; $auth = new Auth\File('/path/to/.htmyauth'); if ($auth->authenticate('admin', 'password')) { // User is authenticated } else { // Handle failed authentication attempt } ``` If you need to reference the same authentication attempt result at a later time in the application, you can call `isAuthenticated()`: ``` var_dump($auth->isAuthenticated()); // bool ``` [Top](#pop-auth) Using a File ------------ [](#using-a-file) Using the file adapter, you would need to create we use a file containing a colon-delimited list of usernames and passwords or, preferably, password hashes: ``` testuser1:PASSWORD_HASH1 testuser2:PASSWORD_HASH2 testuser3:PASSWORD_HASH3 ``` ``` use Pop\Auth; $auth = new Auth\File('/path/to/.htmyauth'); $auth->authenticate('testuser1', 'password'); // Return int if ($auth->isAuthenticated()) { } // Returns bool ``` [Top](#pop-auth) Using a Database ---------------- [](#using-a-database) Using the table adapter, you would need to create a table in a database that stores the users. There would need to be a correlating table class that extends `Pop\Db\Record` (for more on this, visit the `pop-db` component.) For simplicity, the table class has been named `MyApp\Table\Users` and has a column called `username` and a column called `password`, but those column names can be changed. ``` use Pop\Auth; $auth = new Auth\Table('MyApp\Table\Users'); $auth->authenticate('admin', 'password'); // int if ($auth->isAuthenticated()) { } // bool ``` If the username/password fields are called something different in the table, that can be changed: ``` use Pop\Auth; $auth = new Auth\Table('MyApp\Table\Users'); $auth->setUsernameField('user_name') ->setPasswordField('password_hash'); $auth->authenticate('admin', 'password'); // int if ($auth->isAuthenticated()) { } // bool ``` [Top](#pop-auth) Using HTTP ---------- [](#using-http) Using the HTTP adapter, the user can send an authentication request over HTTP to a remote server. It will utilize the `Pop\Http\Client` and its supporting classes from the `pop-http` component. The following example will set the username and password as POST data in the payload. ``` use Pop\Auth\Http; use Pop\Http\Client; $auth = new Http(new Client('https://www.domain.com/auth', ['method' => 'post'])); $auth->authenticate('admin', 'password'); // Returns int if ($auth->isAuthenticated()) { } // Returns bool ``` The following example will use a basic authorization header: ``` use Pop\Auth\Http; use Pop\Http\Client; use Pop\Http\Auth; $client = new Client( 'https://www.domain.com/auth', ['method' => 'post'], Auth::createBasic('admin', 'password') ); $auth = new Http($client); $auth->authenticate('admin', 'password'); // Returns int if ($auth->isAuthenticated()) { } // Returns bool ``` The following example will use a bearer token authorization header: ``` use Pop\Auth\Http; use Pop\Http\Client; use Pop\Http\Auth; $client = new Client( 'https://www.domain.com/auth', ['method' => 'post'], Auth::createBearer('AUTH_TOKEN') ); $auth = new Http($client); $auth->authenticate('admin', 'password'); if ($auth->isAuthenticated()) { } // Returns true ``` Like the Table adapter, if the username/password fields need to be set to something different to meet the requirements of the HTTP server, you can do that: ``` use Pop\Auth\Http; use Pop\Http\Client; $auth = new Http(new Client('https://www.domain.com/auth', ['method' => 'post'])); $auth->setUsernameField('user_name') ->setPasswordField('password_hash'); $auth->authenticate('admin', 'password'); // Returns int if ($auth->isAuthenticated()) { } // Returns bool ``` [Top](#pop-auth) Using LDAP ---------- [](#using-ldap) Using the LDAP adapter, the user can send an authentication request using LDAP to a remote server. The user can set the port and other various options that may be necessary to communicate with the LDAP server. ``` use Pop\Auth; $auth = new Auth\Ldap('ldap.domain', 389, [LDAP_OPT_PROTOCOL_VERSION => 3]); $auth->authenticate('admin', 'password'); if ($auth->isAuthenticated()) { } // Returns true ``` [Top](#pop-auth) Getting the User ---------------- [](#getting-the-user) Both the table and HTTP adapters have a method that allow you to get any possible user data that may have been returned. That method is `getUser()`: ``` use Pop\Auth; $auth = new Auth\Table('MyApp\Table\Users'); $auth->authenticate('admin', 'password'); // int if ($auth->isAuthenticated()) { $user = $auth->getUser(); } ``` This allows you access to the authenticated user's data without having to make an additional request. [Top](#pop-auth) ### Health Score 53 — FairBetter than 97% of packages Maintenance67 Regular maintenance activity Popularity27 Limited adoption so far Community9 Small or concentrated contributor base Maturity89 Battle-tested with a long release history Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~163 days Recently: every ~198 days Total 24 Last Release 196d ago Major Versions 2.2.1 → 3.0.02017-02-22 v2.x-dev → 3.1.02019-03-12 3.3.3 → 4.0.02023-12-18 PHP version history (8 changes)2.0.0PHP >=5.4.0 3.0.0PHP >=5.6.0 3.1.0PHP >=7.1.0 3.3.0PHP >=7.3.0 3.3.1PHP >=7.4.0 4.0.0PHP >=8.1.0 4.0.1PHP >=8.2.0 4.0.3PHP >=8.3.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/c19dee900e9e20039c723cc403f76b5c22ac2dddb3f86773ae64fb082d4949e2?d=identicon)[nicksagona](/maintainers/nicksagona) --- Top Contributors [![nicksagona](https://avatars.githubusercontent.com/u/898670?v=4)](https://github.com/nicksagona "nicksagona (83 commits)") --- Tags phpAuthenticationauthorizationpoppop php ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/popphp-pop-auth/health.svg) ``` [![Health](https://phpackages.com/badges/popphp-pop-auth/health.svg)](https://phpackages.com/packages/popphp-pop-auth) ``` ### Alternatives [andalisolutions/oauth2-anaf Anaf OAuth 2.0 support for the PHP League's OAuth 2.0 Client 194.1k](/packages/andalisolutions-oauth2-anaf) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)