PHPackages                             xinix-technology/bono-auth - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. xinix-technology/bono-auth

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

xinix-technology/bono-auth
==========================

Bono Auth

2.0.2(10y ago)11.6k31MITPHP

Since Jan 2Pushed 7y ago1 watchersCompare

[ Source](https://github.com/xinix-technology/bono-auth)[ Packagist](https://packagist.org/packages/xinix-technology/bono-auth)[ RSS](/packages/xinix-technology-bono-auth/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (1)Dependencies (2)Versions (20)Used By (1)

bono-auth
=========

[](#bono-auth)

Your solution to use authorization and authentication with Bono Framework.

Setup
=====

[](#setup)

To use bono-auth you have to setup bono using bono-auth middleware in config.php.

```
'bono.middlewares' => array(
  '\\Xinix\\BonoAuth\\Middleware\\AuthMiddleware' => array(
    ...
  ),
),
```

bono-auth has two drivers to use, each will have distinct configuration:

Xinix\\BonoAuth\\Driver\\NormAuth
---------------------------------

[](#xinixbonoauthdrivernormauth)

```
'bono.middlewares' => array(
  '\\Xinix\\BonoAuth\\Middleware\\AuthMiddleware' => array(
    'driver' => '\\Xinix\\BonoAuth\\Driver\\NormAuth'
  ),
),
```

Xinix\\BonoAuth\\Driver\\OAuth
------------------------------

[](#xinixbonoauthdriveroauth)

```
'bono.middlewares' => array(
  '\\Xinix\\BonoAuth\\Middleware\\AuthMiddleware' => array(
    'driver' => '\\Xinix\\BonoAuth\\Driver\\OAuth',
    'debug' => true, // enable or disable debug
    'baseUrl' => 'http://to.your.oauth.provider',
    'authUrl' => '/oauth/auth', // URI to access auth
    'tokenUrl' => '/oauth/token', // URI to get token
    'revokeUrl' => '/oauth/revoke', // URI to revoke auth
    'clientId' => '*the client id*',
    'clientSecret' => '*the client secret*',
    'redirectUri' => \Bono\Helper\URL::site('/login'), // application redirect url
    'scope' => 'user',
  ),
),
```

Above configuration will enable default bono-auth. The default value will prevent guest to access to every pages accessed. And after user get login, he will be able to access every pages available.

Authorization
=============

[](#authorization)

To authorize/deauthorize specific pages, you have to write codes to register filter "auth.authorize" that run before the middleware invoked by system. Usually you can put this codes in provider file. The codes will be in this following form:

```
$app->filter('auth.authorize', function ($options) {
  // something to do
  return $allowed;
});
```

Return value
------------

[](#return-value)

If the return value will be the one of the following conditions:

- True (bool), url is authorized
- False (bool), url is not authorized
- (original argument), bono-auth will decide authorization for you, the default is logined user authorize to access and guest user is not authorized

Arguments
---------

[](#arguments)

The filter will accept single argument $options. As the nature of Bono Filter, the $options will be return value of previous ran of the same context name function. The first time value of $options will be the URI string (or assoc array contains URI string).

If the $options is\_bool, it means one of previous filter functions already handle the URI, you can skip the current filter function by adding if-statement.

```
$app->filter('auth.authorize', function ($options) {
  if (is_bool($options)) {
    return $options;
  }
  // something to do
});
```

###  Health Score

35

—

LowBetter than 80% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity19

Limited adoption so far

Community16

Small or concentrated contributor base

Maturity72

Established project with proven stability

 Bus Factor1

Top contributor holds 95.8% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~97 days

Recently: every ~223 days

Total

19

Last Release

2763d ago

Major Versions

0.2.2 → 1.0.02015-08-07

1.0.2 → 2.0.02016-05-15

### Community

Maintainers

![](https://www.gravatar.com/avatar/9ccba8ab264c930769a607c77fd9ad54731fb85847278488cc1f6d283130df0c?d=identicon)[reekoheek](/maintainers/reekoheek)

![](https://www.gravatar.com/avatar/f867e73b00a4c9a44730367cc7e47f915dbd64595db89ab9db9a32883eb1903c?d=identicon)[januarsiregar](/maintainers/januarsiregar)

---

Top Contributors

[![reekoheek](https://avatars.githubusercontent.com/u/299394?v=4)](https://github.com/reekoheek "reekoheek (46 commits)")[![apriantopramana](https://avatars.githubusercontent.com/u/3231439?v=4)](https://github.com/apriantopramana "apriantopramana (1 commits)")[![januarsiregar](https://avatars.githubusercontent.com/u/6738681?v=4)](https://github.com/januarsiregar "januarsiregar (1 commits)")

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/xinix-technology-bono-auth/health.svg)

```
[![Health](https://phpackages.com/badges/xinix-technology-bono-auth/health.svg)](https://phpackages.com/packages/xinix-technology-bono-auth)
```

###  Alternatives

[bezhansalleh/filament-shield

Filament support for `spatie/laravel-permission`.

2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle

Implements a refresh token system over Json Web Tokens in Symfony

70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[illuminate/auth

The Illuminate Auth package.

9327.3M1.0k](/packages/illuminate-auth)[beatswitch/lock

A flexible, driver based Acl package for PHP 5.4+

870304.7k2](/packages/beatswitch-lock)[amocrm/amocrm-api-library

amoCRM API Client

182728.5k6](/packages/amocrm-amocrm-api-library)[vonage/jwt

A standalone package for creating JWTs for Vonage APIs

424.1M4](/packages/vonage-jwt)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)