PHPackages rublon/rublon-sdk-php - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. rublon/rublon-sdk-php ActiveLibrary[Authentication & Authorization](/categories/authentication) rublon/rublon-sdk-php ===================== Instant account security with effortless, email-based two-factor authentication; optional mobile app for more security; no tokens 4.2.3(2y ago)2186BSD-3-ClausePHPPHP >=5.3.0 Since Sep 4Pushed 2y ago4 watchersCompare [ Source](https://github.com/Rublon/rublon-sdk-php)[ Packagist](https://packagist.org/packages/rublon/rublon-sdk-php)[ Docs](https://github.com/Rublon/rublon-sdk-php)[ RSS](/packages/rublon-rublon-sdk-php/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (6)Dependencies (1)Versions (12)Used By (0) Rublon PHP SDK ============== [](#rublon-php-sdk) Table of Contents ----------------- [](#table-of-contents) 1. [Overview](#overview) 2. [Use Cases](#use-cases) 3. [Supported Authentication Methods](#auth-methods) 4. [Before You Start](#before-start) - [Create an Application in the Rublon Admin Console](#create-app) - [Optional: Install Rublon Authenticator](#install-ra) 5. [Configuration](#config) - [INFO: Initial Assumptions](#init-assumptions) - [INFO: Modifying the Library](#modifying-library) - [Initialize the Library](#init-library) - [Perform Authentication](#perform-auth) - [Verify Configuration](#verify-conf) - [Finalize Authentication](#final-auth) 6. [Laravel Configuration](#laravel-config) 7. [Troubleshooting](#troubleshooting) Overview -------- [](#overview) The *Rublon PHP SDK library* is a client-side implementation of the Rublon API written in PHP. The library includes methods for embedding the Rublon API’s GUI in an HTML-based environment. The Rublon PHP SDK forms a convenient PHP coding language facade for Rublon API’s REST interface. Use Cases --------- [](#use-cases) Rublon adds an extra layer of security by prompting the user to authenticate using an extra authentication method such as Mobile Push. Even if a malicious actor compromises the user's password, the hacker would not be able to log in to the user's account because the second secure factor will thwart them. Rublon can add an extra layer of security in the following two use cases: 1. **When a user signs in to a system** (after the user enters the correct password) 2. **When a user undergoes a security-sensitive transaction** (such as changing the password or conducting a money transfer) When a user signs in to a system, the second authentication factor should be initiated only after: - the user has successfully completed the first authentication factor (e.g., entered the correct password) - the user's unique username and email address have been gathered Supported Authentication Methods -------------------------------- [](#supported-authentication-methods) - [Mobile Push](https://rublon.com/product/mobile-push) - Approve the authentication request by tapping a push notification displayed on the Rublon Authenticator mobile app. - [Mobile Passcodes](https://rublon.com/product/mobile-passcodes) (TOTP) - Enter the TOTP code (Time-Based One Time Password) using the Rublon Authenticator mobile app or a third-party authenticator app like Google Authenticator or Microsoft Authenticator. - [SMS Passcodes](https://rublon.com/product/sms-passcodes) - Enter the verification code from the SMS sent to your mobile phone number. - [QR Codes](https://rublon.com/product/qr-codes) - Scan a QR code using the Rublon Authenticator mobile app. - [Email Links](https://rublon.com/product/email-link) - Click the verification link sent to your email address. - [WebAuthn/U2F Security Keys](https://rublon.com/product/security-keys/) - Insert the security key into the USB port of your computer and touch it. - [YubiKey OTP](https://rublon.com/product/yubikey-otp/) - Insert the YubiKey and tap it to automatically enter the OTP into the text field. Before You Start ---------------- [](#before-you-start) Before you start implementing the Rublon PHP SDK library into your code, you must create an application in the Rublon Admin Console. We also recommend that you install the Rublon Authenticator mobile app for Mobile Push, Mobile Passcode, and QR Code authentication methods. ### Create an Application in the Rublon Admin Console [](#create-an-application-in-the-rublon-admin-console) 1. Sign up for the Rublon Admin Console. [Here’s how](https://rublon.com/doc/admin-console/#rublon-account-registration). 2. In the Rublon Admin Console, go to the **Applications** tab and click **Add Application**. 3. Enter a name for your application and then set the type to **Custom integration using PHP SDK**. 4. Click **Save** to add the new PHP SDK application in the Rublon Admin Console. 5. Copy and save the values of **System Token** and **Secret Key**. You are going to need these values later. ### Optional: Install Rublon Authenticator [](#optional-install-rublon-authenticator) For increased security of Multi-Factor Authentication (MFA), end-users are recommended to install the [Rublon Authenticator](https://rublon.com/product/rublon-authenticator) mobile app. Download the Rublon Authenticator for: - [Android](https://play.google.com/store/apps/details?id=com.rublon.authenticator&hl=en) - [iOS](https://apps.apple.com/us/app/rublon-authenticator/id1434412791) After installing the mobile app, users can authenticate using the following authentication methods: - [Mobile Push](https://rublon.com/product/mobile-push) - [Mobile Passcode](https://rublon.com/product/mobile-passcodes) - [QR Code](https://rublon.com/product/qr-codes) In some cases, users may not want to install any additional apps on their phones. Also, some users own older phones that do not support modern mobile applications. These users can authenticate using one of the following authentication methods instead: - [WebAuthn/U2F Security Keys](https://rublon.com/product/security-keys) - [SMS Passcode](https://rublon.com/product/sms-passcodes) - [Email Link](https://rublon.com/product/email-link) - [WebAuthn/U2F Security Keys](https://rublon.com/product/security-keys/) - [YubiKey OTP](https://rublon.com/product/yubikey-otp) Configuration ------------- [](#configuration) Follow the steps below to configure Rublon PHP SDK. ### INFO: Initial Assumptions [](#info-initial-assumptions) Let’s assume there is a superglobal session associative array `$_SESSION`. It has access to an object that stores user data of the currently logged-in user. The `$_SESSION` array will be used in PHP code examples later in this document. ### INFO: Modifying the Library [](#info-modifying-the-library) The `Rublon` class implements a few public methods, which, when needed, can be overridden using class inheritance. We strongly discourage you from modifying any part of the library, as it usually leads to difficulties during library updates. If you need to change the flow or internal structure of the `Rublon` or `RublonCallback` classes, do not hesitate to subclass them according to your needs. ### Initialize the Library [](#initialize-the-library) To initialize the Rublon PHP SDK library, you need to instantiate a `Rublon` class object. Its constructor takes three arguments. `Rublon` class constructor arguments NameTypeDescription`$systemToken`stringThe System Token value you copied from the Rublon Admin Console.`$secretKey`stringThe Secret Key value you copied from the Rublon Admin Console.`$apiServer`stringRublon API Server URI Default: #### Example PHP Code [](#example-php-code) ``` require_once "libs/Rublon/Rublon.php"; $rublon = new Rublon( "D166A6E9996A40F0A88252432FA5E490", "913eda929c96cf52141b39f5717e25", "https://core.rublon.net" ); ``` ### Perform Authentication [](#perform-authentication) The `Rublon::auth()` method uses the username to check the user's protection status and returns a URL address the user should be redirected to in their web browser. `Rublon::auth()` method arguments NameTypeDescription`$callbackUrl`stringThe integrated system's callback URL. Rublon will redirect the user to this URL after successful authentication. `$username`stringThe user's username, which allows the user to sign in`$userEmail`stringThe user's email address, which allows to check the user's protection status and match the user to a Rublon account`$params`arrayAdditional transaction parameters (optional)`$isPasswordless`booleanWhether the sign-in attempt is passwordless (optional and false by default)#### Example PHP Code [](#example-php-code-1) ``` /** * An example method used to log the user in (integrated system's method) * * @param string $login * @param string $password */ function login($login, $password) { if (loginPreListener()) { if ($user = authenticate($login, $password)) { // The user has been authenticated. $_SESSION["user"] = $user; loginPostListener(); } } } /** * Listener (hook) invoked after a successful first factor user authentication, * implemented for Rublon integration purposes. */ function loginPostListener() { // Make sure that the user is not logged-in unset($_SESSION['user']); $rublon = new Rublon( "D166A6E9996A40F0A88252432FA5E490", "913eda929c96cf52141b39f5717e25", "https://core.rublon.net" ); try { // Initiate a Rublon authentication transaction $authUrl = $rublon->auth( $callbackUrl = "http://example.com?rublon=callback", $_SESSION["user"]["login"], // Username $_SESSION["user"]["email"] // User email ); if (!empty($authUrl)) { // User protection is active // Redirect the user's web browser to Rublon servers to verify the protection: header('Location: ' . $authUrl); } else { // User is not protected by Rublon, so bypass the second factor. header('Location: index.php'); } } catch (UserDeniedException $e) { // Access Denied header('Location: ./'); } catch (UserBypassedException $e) { // User bypassed header('Location: ./'); } catch (RublonException $e) { // An error occurred die($e->getMessage()); } } ``` **Note:** Make sure that your code checks that the user is not signed in. The user should be signed in only after successful Rublon authentication. ### Verify Configuration [](#verify-configuration) The `Rublon::checkApplication()` method verifies the validity of the configuration. Your application should call this method every time you change or save the configuration. A configuration change can be, for example, changing the systemToken or secretKey. `Rublon::checkApplication()` method arguments Name Type Description `appVer`stringThe version of the current application. `params`arrayOptional. Additional application parameters. `Rublon::checkApplication()` may throw one of the following exceptions: - **ApplicationNotFoundException** - Invalid System Token - **InvalidSignatureException** - Invalid Secret Key - **UnsupportedVersionException** - Incorrect version of the application ### Finalize Authentication [](#finalize-authentication) After successful authentication, Rublon redirects the user to the callback URL. The callback flow continues and finalizes the authentication process. #### Input Params [](#input-params) The callback URL will receive input arguments in the URL address itself (query string). Callback URL arguments NameTypeDescription`rublonState`stringAuthentication result: `ok`.`rublonToken`stringAccess token (60 alphanumeric characters, upper- and lowercase), which allows to verify the authentication using a background Rublon API connection**Note:** If the callback URL has been set to, e.g., `http://example.com/auth`, the params will be appended to the URL address: [http://example.com/auth?rublonState=ok&rublonToken=Kmad4hAS](http://example.com/auth?rublonState=ok&rublonToken=Kmad4hAS)... **Note:** If you want to construct the callback URL differently (e.g., by using mod\_rewrite), you can set the callback URL's template using the meta-tags: `%rublonToken%` and `%rublonState%`, like so: #### Handle Authentication Result [](#handle-authentication-result) After the callback is invoked, you need to instantiate a `RublonCallback` class object for proper finalization of the authentication process. `RublonCallback` class constructor method arguments NameTypeDescription`$rublon`RublonAn instance of the `Rublon` classNext, call the `RublonCallback::call()` method. It takes two arguments: `RublonCallback::call()` method arguments NameTypeDescription`$successHandler`callableThe name of the function/method, or an anonymous function/closure, to be invoked on successful authentication`$cancelHandler`callableThe name of the function/method, or an anonymous function/closure, to be invoked when the callback is canceledArguments of the `$successHandler` function, passed to the `RublonCallback::call()` method NameTypeDescription`$username`stringThe user's unique username in the integrated system, that was passed as an argument to the `Rublon::auth()` method`$callback`RublonCallbackAn instance of the `RublonCallback` classArguments of the `$cancelHandler` function, passed to the `RublonCallback::call()` method NameTypeDescription`$callback`RublonCallbackAn instance of the `RublonCallback` class#### Example PHP Code [](#example-php-code-2) An example portraying how to use the `RublonCallback` class in the callback: ``` $rublon = new Rublon( "D166A6E9996A40F0A88252432FA5E490", "913eda929c96cf52141b39f5717e25", "https://code.rublon.net" ); try { $callback = new RublonCallback($rublon); $callback->call( $successHandler = function($username, RublonCallback $callback) { // The user is finally logged in $_SESSION["user"] = $username; }, $cancelHandler = function(RublonCallback $callback) { // Cancel the authentication process header("Location: ./login"); exit; } ); // The authentication process was successful, redirect to the main page: header("Location: ./"); exit; } catch (RublonException $e) { // Please handle this error in the better way die($e->getMessage()); } ``` Laravel Configuration --------------------- [](#laravel-configuration) This Laravel configuration example uses the [Breeze](https://laravel.com/docs/9.x/starter-kits#laravel-breeze) starting kit. 1. After you create the application and install Breeze, you need to add Rublon PHP SDK: `composer require Rublon/rublon-sdk-php` 2. Add those to .env: `RUBLON_TOKEN="your rublon token"` `RUBLON_KEY="your rublon key"` `RUBLON_URL="https://core.rublon.net"` 3. Create new route for Rublon callback in routes/auth.php: `Route::get('rublon-callback', [AuthenticatedSessionController::class, 'rublonCallback'])->name('rublon-callback');` 4. Modify the store method in the controller: `Http/Controllers/Auth/AuthenticatedSessionController.php` ``` public function store(LoginRequest $request) { $request->authenticate(); $rublon = new Rublon( env('RUBLON_TOKEN'), env('RUBLON_KEY'), env('RUBLON_URL'), ); try { // Initiate a Rublon authentication transaction $url = $rublon->auth( $callbackUrl = url('/rublon-callback'), Auth::user()->email, // User email used as username Auth::user()->email // User email ); if (!empty($url)) { Auth::logout(); return redirect()->away($url); } else { // User is not protected by Rublon, so bypass the second factor. $request->session()->regenerate(); return redirect()->to('dashboard'); } } catch (UserBypassedException $e) { return redirect()->to('login'); } catch (RublonException $e) { // An error occurred die($e->getMessage()); } return redirect()->intended(RouteServiceProvider::HOME); } ``` 5. Add a new method for Rublon callback: ``` public function rublonCallback(Request $request) { $rublon = new Rublon( env('RUBLON_TOKEN'), env('RUBLON_KEY'), env('RUBLON_URL'), ); try { $callback = new RublonCallback($rublon); $request->session()->regenerate(); $callback->call( $successHandler = function($username, RublonCallback $callback) { $user = User::where('email', $username)->firstOrFail(); Auth::login($user); if (Auth::check()) { return redirect()->to('dashboard'); } else { return redirect()->to('login'); } }, $cancelHandler = function(RublonCallback $callback) { return redirect()->to('login'); } ); return redirect()->to('dashboard'); } catch (Rublon Exception $e) { die($e->getMessage()); } return redirect()->to('dashboard'); } ``` Troubleshooting --------------- [](#troubleshooting) If you encounter any issues with your Rublon integration, please contact [Rublon Support](https://rublon.com/support). ### Health Score 29 — LowBetter than 59% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity14 Limited adoption so far Community13 Small or concentrated contributor base Maturity60 Established project with proven stability Bus Factor1 Top contributor holds 63.2% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~153 days Recently: every ~45 days Total 11 Last Release 916d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/74da3b7a1af0a41e2e2a174e03b91cc26dd240bb7382e5f541f20b266106dc4c?d=identicon)[mwww](/maintainers/mwww) ![](https://www.gravatar.com/avatar/e85bc78081c986c1d3bf1db93bd7e28676a7f8da1b2ba02a60d5e504d3baa2ca?d=identicon)[rublon-mra](/maintainers/rublon-mra) --- Top Contributors [![rublon-tka](https://avatars.githubusercontent.com/u/112937681?v=4)](https://github.com/rublon-tka "rublon-tka (12 commits)")[![rublon-wle](https://avatars.githubusercontent.com/u/14776816?v=4)](https://github.com/rublon-wle "rublon-wle (6 commits)")[![rublon-mra](https://avatars.githubusercontent.com/u/51441997?v=4)](https://github.com/rublon-mra "rublon-mra (1 commits)") --- Tags qr codejavascriptsecurityAuthenticationpassword2faTwo Factor Authenticationmobiletwo-factorloginadminMFAMulti Factor Authentication2-Factor2-step verificationsmartphone2 factor authentication2 step authenticationcell phonelogin approvallogin protectionlogin verificationmobile phonetwo step authenticationtwo-factor verificationtwo-step verification ### Embed Badge ![Health badge](/badges/rublon-rublon-sdk-php/health.svg) ``` [![Health](https://phpackages.com/badges/rublon-rublon-sdk-php/health.svg)](https://phpackages.com/packages/rublon-rublon-sdk-php) ``` ### Alternatives [ellaisys/aws-cognito AWS Cognito package that allows Auth and other related features using the AWS SDK for PHP 120220.7k1](/packages/ellaisys-aws-cognito)[pragmarx/google2fa-qrcode QR Code package for Google2FA 12124.6M37](/packages/pragmarx-google2fa-qrcode)[paragonie/multi-factor Vendor-agnostic two-factor authentication library 142195.5k2](/packages/paragonie-multi-factor)[remotemerge/totp-php Lightweight, fast, and secure TOTP (2FA) authentication library for PHP — battle tested, dependency free, and ready for enterprise integration. 2010.2k](/packages/remotemerge-totp-php)[sicaboy/laravel-mfa A Laravel package of Multi-factor Authentication (MFA/2FA) with a middleware. 101.2k](/packages/sicaboy-laravel-mfa)[born05/craft-twofactorauthentication Craft 4 plugin for two-factor or two-step login using Time Based OTP. 36100.1k1](/packages/born05-craft-twofactorauthentication) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)