PHPackages verzth/tcx - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. verzth/tcx ActiveLibrary[Authentication & Authorization](/categories/authentication) verzth/tcx ========== TCX - Authentication Module for Client-Server Transaction (One Way - Two Way) 4.0.3(6y ago)096MITPHPPHP ^7.0CI failing Since Jul 24Pushed 6y ago1 watchersCompare [ Source](https://github.com/verzth/tcx)[ Packagist](https://packagist.org/packages/verzth/tcx)[ RSS](/packages/verzth-tcx/feed)WikiDiscussions master Synced 4d ago READMEChangelog (6)Dependencies (7)Versions (27)Used By (0) TCX v4.0.0 - Authentication Module for Client-Server Transaction (One Way - Two Way). ===================================================================================== [](#tcx-v400---authentication-module-for-client-server-transaction-one-way---two-way) ### TCX is authentication module to secure API Server. [](#tcx-is-authentication-module-to-secure-api-server) It's adapt OAuth2 scheme, but it use more simplify scheme which provide authentication for client-server without need to define scopes. #### Dependencies [](#dependencies) Laravel **>= 5.6** #### How to Install [](#how-to-install) ``` composer require verzth/tcx ``` #### How to Use [](#how-to-use) 1. Add our ServiceProvider on your **config/app.php**. ``` return [ //... //.. //. 'providers' => [ // ... Verzth\TCX\TCXServiceProvider::class, ... ] //. //.. //... ]; ``` 2. Add TCX Middleware in your **app/Http/Kernel.php**. - In every request. ``` $middleware = [ //... \Verzth\TCX\Middleware\TCXMiddleware::class, //... ]; ``` or - In your API group middleware only. ``` $middlewareGroups = [ //... 'api' => [ //... \Verzth\TCX\Middleware\TCXMiddleware::class, //... ] //... ]; ``` or - In your route middleware, and you can add manually on your route. ``` $routeMiddleware = [ //... 'tcx' => \Verzth\TCX\Middleware\TCXMiddleware::class, //... ]; ``` 3. Publish our vendor with artisan command. ``` php artisan vendor:publish --provider=Verzth\TCX\TCXServiceProvider ``` 4. Migrate our TCX DB. After migrate it, you will get 3 tables (tcx\_applications, tcx\_accesses, tcx\_mkas). ``` php artisan migrate ``` 5. Refresh the autoload with below command. ``` composer dump-autoload ``` 6. We provide seeder to generate sample data. Simply put below code to file database/seeds/DatabaseSeeder.php, inside run() function. ``` $this->call(TCXApplicationsTableSeeder::class); ``` then run below script on your shell/command prompt. ``` composer db:seed ``` 7. Or just run below script (skip step 6) to generate the sample data. ``` php artisan db:seed --class=TCXApplicationsTableSeeder ``` #### Implementation [](#implementation) 1. Authentication Type, TCX support three ways authentication type: - **One Way Transaction Code (OWTC)**: Client only need to use **app\_id** and **app\_public** to access Server APIs. - **Two Way Transaction Code (TWTC)**: Client has to use **app\_id** and **app\_public** to get access token, then it can be used to access APIs. - **Free Transaction Code (FTC)**: Client use master token to access APIs, without need to request token for every requests, it's specially design to by pass **TWTC** authentication. You need to generate Master token manually. To specify authentication for each APIs assign parameter in the middleware, use **or (|)** sign to specify multiple authentication or use **all** to support all type (Supported type : **all**, **owtc**, **twtc**). By default, TCX will support all authentication if you didn't specifying supported type. Client need to specify type by sending **X-TCX-TYPE** header in every APIs request. 2. How to generate credentials: - **app\_pass** or **X-TCX-APP-PASS**, it can be generate by hashing plain of joined token (param, time, or none), application public key, and client dynamic token with SHA1. Client need to append the given dynamic token to hash result by splitting with **colon (:)**symbol, then encrypt it with base64. - Param base Sample Parameter: ``` abc=123 _xyz=789 foo=bar def=456 bar=ghi ``` Expected Token: ``` _xyz=789&abc=123&bar=ghi&def=456&foo=bar ``` - Time base ``` tcx_datetime=YYYYMMDDHHmmss ``` Sample ``` tcx_datetime=20181230235959 // For 23:59:59, 30 December 2018 ``` - None, just using application password and client dynamic token. - **token** or **X-TCX-TOKEN**, it's provided when Client authorizing to server, but you need to encrypt it with base64. 3. Authentication Headers. - Type **OWTC**: - **'X-TCX-TYPE'**: **'OWTC'**. - **'X-TCX-APP-ID'**: Client ID. - **'X-TCX-APP-PASS'**: Client Password. - Type **TWTC**: - **'X-TCX-TYPE'**: **'TWTC'**. - **'X-TCX-APP-ID'**: Client ID. - **'X-TCX-APP-PASS'**: Client Password. - **'X-TCX-TOKEN'**: Access Token, obtained by doing authorization. - Type **FTC**: - **'X-TCX-TYPE'**: **'FTC'**. - **'X-TCX-APP-ID'**: Client ID. - **'X-TCX-APP-PASS'**: Client Password. - **'X-TCX-TOKEN'**: Master Access Token. 4. Authorization Routes, TCX provide some routes which is can be used to get access token in TWTC type: - **/tcx/authorize**: - METHOD: POST - Params: - **app\_id**: Client application id. - **app\_pass**: Client password. Sample **Fail** response ``` { "status": 0, "status_number": "002", "status_code": "TCXAFX", "status_message": "Authentication Failed" } ``` Sample **Success** response ``` { "status": 1, "status_number": "701", "status_code": "TCXSSS", "status_message": "Authentication Success", "data": { "token": "tfDBOa6q3PPTJFd0A8HWftw2sXMV1b5ue6v0intK", "refresh": "fR0HLeL5qk0ZdtthI2ZsQLZx8BHEP2dSnVaQqkF5", "expired_at": "2018-10-16 13:31:43" } } ``` - **/tcx/reauthorize**: Refresh token can be used to refresh your existing token, you can pass it to this service and your existing token will be extended. Service will reply new refresh token for your existing token to be used in next refresh. - METHOD: POST - Params: - **app\_id**: Client application id. - **token**: Refresh Token. Sample **Fail** response ``` { "status": 0, "status_number": "002", "status_code": "TCXAFX", "status_message": "Authentication Failed" } ``` Sample **Success** response ``` { "status": 1, "status_number": "701", "status_code": "TCXSSS", "status_message": "Token refreshed", "data": { "refresh": "04ITeVxWINOesyHH5Sxx57rN5uAW0ltCWN0cENxD", "expired_at": "2018-10-16 13:36:42" } } ``` 5. Response Status. StatusNumberCodeMessageNote070FF000TCXREQTCX Authentication RequiredProvide Authentication Header020FF001TCXRJCTCX Authentication RejectedX-TCX-Type not supported or disabled040FF002TCXAFXTCX Authentication FailedX-TCX-App-ID not found, invalid, or inactive050FF003TCXPFXTCX Pass did not matchX-TCX-App-Pass not passed, crosscheck point 2050FF004TCXMKFTCX Master Key did not validCheck the master access key (Only FTC)050FF005TCXTFXTCX Token did not validCheck the access key (Only TWTC)Sample Response: ``` { "status": 0, "status_code": "TCXREQ", "status_number": "70FF000", "status_message": "TCX Authentication Required" } ``` ### Health Score 29 — LowBetter than 59% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity9 Limited adoption so far Community7 Small or concentrated contributor base Maturity68 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~26 days Recently: every ~13 days Total 26 Last Release 2202d ago Major Versions 1.3.2 → 2.0.02018-10-01 2.2.1 → 3.0.02018-12-13 3.3.0 → 4.0.02020-03-12 PHP version history (2 changes)1.0.0PHP >=7.0 3.0.3PHP ^7.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/b59199dc7b63a65035b5521fc93d4fcbf8f921d51869f48c2875932ec4ec44e0?d=identicon)[verzth](/maintainers/verzth) --- Top Contributors [![verzth](https://avatars.githubusercontent.com/u/9104511?v=4)](https://github.com/verzth "verzth (3 commits)") --- Tags authauthenticationauthorizationlaravellaravel-authlaravel-authenticationlaravel-authorizationlaravel-frameworklaravelAuthenticationtcxowtctwtc ### Embed Badge ![Health badge](/badges/verzth-tcx/health.svg) ``` [![Health](https://phpackages.com/badges/verzth-tcx/health.svg)](https://phpackages.com/packages/verzth-tcx) ``` ### Alternatives [laravel/cashier Laravel Cashier provides an expressive, fluent interface to Stripe's subscription billing services. 2.5k25.9M107](/packages/laravel-cashier)[php-open-source-saver/jwt-auth JSON Web Token Authentication for Laravel and Lumen 8359.8M53](/packages/php-open-source-saver-jwt-auth)[laragear/two-factor On-premises 2FA Authentication for out-of-the-box. 339785.3k8](/packages/laragear-two-factor)[laravel/cashier-paddle Cashier Paddle provides an expressive, fluent interface to Paddle's subscription billing services. 264778.4k3](/packages/laravel-cashier-paddle)[alajusticia/laravel-logins Session management in Laravel apps, user notifications on new access, support for multiple separate remember tokens, IP geolocation, User-Agent parser 2011.0k](/packages/alajusticia-laravel-logins)[maize-tech/laravel-magic-login Laravel Magic Login 1808.1k](/packages/maize-tech-laravel-magic-login) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)