PHPackages shawm11/hawk-auth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. shawm11/hawk-auth ActiveLibrary[Authentication & Authorization](/categories/authentication) shawm11/hawk-auth ================= PHP implementation of the Hawk HTTP authentication scheme 1.0.9(1y ago)726.5k↑70%2[1 PRs](https://github.com/shawm11/hawk-auth-php/pulls)2MITPHPPHP >=5.5.0CI failing Since Jun 18Pushed 2mo ago1 watchersCompare [ Source](https://github.com/shawm11/hawk-auth-php)[ Packagist](https://packagist.org/packages/shawm11/hawk-auth)[ RSS](/packages/shawm11-hawk-auth/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (8)Versions (12)Used By (2) Hawk Authentication PHP ======================= [](#hawk-authentication-php) [![Version Number](https://camo.githubusercontent.com/35d1e026ba39b60f50d92a3ecb7e262a52cd5cd0a83be5afb8b81ca19724d366/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f736861776d31312f6861776b2d617574682e737667)](https://camo.githubusercontent.com/35d1e026ba39b60f50d92a3ecb7e262a52cd5cd0a83be5afb8b81ca19724d366/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f736861776d31312f6861776b2d617574682e737667)[![PHP Version](https://camo.githubusercontent.com/82936324e8b522a2418c2405ae162371642732fd0e1683a0b661d111a0fe9b88/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f736861776d31312f6861776b2d617574682e737667)](https://camo.githubusercontent.com/82936324e8b522a2418c2405ae162371642732fd0e1683a0b661d111a0fe9b88/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f736861776d31312f6861776b2d617574682e737667)[![License](https://camo.githubusercontent.com/8254f7c620aa0059e88cb72b8463ec3103844ac361c8702fb9b00fc383c6f49e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f736861776d31312f6861776b2d617574682d7068702e737667)](LICENSE.md) A PHP implementation of the 9.0.2 version of the [**Hawk**](https://github.com/mozilla/hawk)HTTP authentication scheme. Important Hawk is one of those rare projects that can be considered "complete". According to its [README](https://github.com/mozilla/hawk/blob/c1dd59bf0ca80210eedafcd30033e1858660a0e6/README.md), the protocol and documentation are considered complete. This means that changes to this repository be infrequent because only the development dependencies may need to be updated once every few years. If there is a bug or error in the documentation, please create an [issue](https://github.com/shawm11/hawk-auth-php/issues). The issue will receive a response or be resolved as soon as possible. Table of Contents ----------------- [](#table-of-contents) - [What is Hawk?](#what-is-hawk) - [Getting Started](#getting-started) - [Prerequisites](#prerequisites) - [Installation](#installation) - [Usage Examples](#usage-examples) - [API References](#api-references) - [Security Considerations](#security-considerations) - [Related Projects](#related-projects) - [Contributing/Development](#contributingdevelopment) - [Versioning](#versioning) - [License](#license) What is Hawk? ------------- [](#what-is-hawk) According to the [Hawk's API documentation](https://github.com/mozilla/hawk/blob/c1dd59bf0ca80210eedafcd30033e1858660a0e6/API.md): > **Hawk** is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Note that Hawk is not a complete replacement of OAuth. It is candidly stated in the [*Frequently Asked Questions* section of the Hawk API documentation](https://github.com/mozilla/hawk/blob/c1dd59bf0ca80210eedafcd30033e1858660a0e6/API.md#does-hawk-have-anything-to-do-with-oauth)that: > **Hawk** was originally proposed as the OAuth MAC Token specification. However, the OAuth working group in its consistent incompetence failed to produce a final, usable solution to address one of the most popular use cases of OAuth 1.0 - using it to authenticate simple client-server transactions (i.e. two-legged). As you can guess, the OAuth working group is still hard at work to produce more garbage. > > **Hawk** provides a simple HTTP authentication scheme for making client-server requests. It does not address the OAuth use case of delegating access to a third party. If you are looking for an OAuth alternative, check out [Oz](https://github.com/shawm11/oz-auth-php). More more information about Hawk, check out its [API documentation](https://github.com/mozilla/hawk/blob/c1dd59bf0ca80210eedafcd30033e1858660a0e6/API.md) Getting Started --------------- [](#getting-started) ### Prerequisites [](#prerequisites) - Git 2.9+ - PHP 5.5.0+ - OpenSSL PHP Extension - JSON PHP Extension - [Composer](https://getcomposer.org/) ### Installation [](#installation) Download and install using [Composer](https://getcomposer.org/): ``` composer require shawm11/hawk-auth ``` Usage Examples -------------- [](#usage-examples) The examples in this section do not work without modification. However, these examples should be enough to demonstrate how to use this package. Because PHP is a language most commonly used for server logic, the "Server" usage is more common than the "Client" usage. - [Server Example](docs/usage-examples/ServerExample.php) - [Client Example](docs/usage-examples/ClientExample.php) API References -------------- [](#api-references) - [Server API](docs/api-reference/server-api.md) — API reference for the classes in the `Shawm11\Hawk\Server` namespace - [Client API](docs/api-reference/server-api.md) — API reference for the classes in the `Shawm11\Hawk\Client` namespace - [Utils API](docs/api-reference/utils-api.md) — API reference for the classes in the `Shawm11\Hawk\Utils` namespace - [Crypto API](docs/api-reference/crypto-api.md) — API reference for the classes in the `Shawm11\Hawk\Crypto` namespace Security Considerations ----------------------- [](#security-considerations) See the [Security Considerations](https://github.com/mozilla/hawk/blob/c1dd59bf0ca80210eedafcd30033e1858660a0e6/API.md#security-considerations)section of [Hawk's API documentation](https://github.com/mozilla/hawk/blob/c1dd59bf0ca80210eedafcd30033e1858660a0e6/API.md). Related Projects ---------------- [](#related-projects) - [Oz PHP Implementation](https://github.com/shawm11/oz-auth-php) — Oz is a web authorization protocol that is an alternative to OAuth 1.0a and OAuth 2.0 three-legged authorization. Oz utilizes both Hawk and *iron*. - [Iron PHP Implementation](https://github.com/shawm11/iron-crypto-php) — *iron*(spelled with all lowercase), a cryptographic utility for sealing a JSON object into an encapsulated token. *iron* can be considered as an alternative to JSON Web Tokens (JWT). Contributing/Development ------------------------ [](#contributingdevelopment) Please read [CONTRIBUTING.md](CONTRIBUTING.md) for details on coding style, Git commit message guidelines, and other development information. Versioning ---------- [](#versioning) This project uses [SemVer](http://semver.org/) for versioning. For the versions available, see the tags on this repository. License ------- [](#license) This project is open-sourced software licensed under the [MIT license](https://opensource.org/licenses/MIT). ### Health Score 48 — FairBetter than 95% of packages Maintenance66 Regular maintenance activity Popularity35 Limited adoption so far Community13 Small or concentrated contributor base Maturity64 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~234 days Recently: every ~536 days Total 11 Last Release 552d ago PHP version history (2 changes)1.0.0-betaPHP >=5.6.0 1.0.5PHP >=5.5.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/c20594702330cf6f42e97455c41aca054dab32eee2c42a742a10b185b0a1d5ed?d=identicon)[shawm11](/maintainers/shawm11) --- Top Contributors [![shawm11](https://avatars.githubusercontent.com/u/11890980?v=4)](https://github.com/shawm11 "shawm11 (71 commits)") --- Tags authenticationauthorizationphp ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StylePHP\_CodeSniffer Type Coverage Yes ### Embed Badge ![Health badge](/badges/shawm11-hawk-auth/health.svg) ``` [![Health](https://phpackages.com/badges/shawm11-hawk-auth/health.svg)](https://phpackages.com/packages/shawm11-hawk-auth) ``` ### Alternatives [bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth)[beatswitch/lock A flexible, driver based Acl package for PHP 5.4+ 870304.7k2](/packages/beatswitch-lock)[amocrm/amocrm-api-library amoCRM API Client 182728.5k6](/packages/amocrm-amocrm-api-library)[vonage/jwt A standalone package for creating JWTs for Vonage APIs 424.1M4](/packages/vonage-jwt) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)