PHPackages yiisoft/auth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Framework](/categories/framework) 4. / 5. yiisoft/auth ActiveLibrary[Framework](/categories/framework) yiisoft/auth ============ Yii auth 3.2.1(5mo ago)37170.6k—7.3%14[1 PRs](https://github.com/yiisoft/auth/pulls)4BSD-3-ClausePHPPHP 8.0 - 8.5CI passing Since Aug 25Pushed 3mo ago15 watchersCompare [ Source](https://github.com/yiisoft/auth)[ Packagist](https://packagist.org/packages/yiisoft/auth)[ Docs](https://www.yiiframework.com/)[ GitHub Sponsors](https://github.com/sponsors/yiisoft)[ OpenCollective](https://opencollective.com/yiisoft)[ RSS](/packages/yiisoft-auth/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (4)Dependencies (15)Versions (12)Used By (4) [ ![Yii](https://camo.githubusercontent.com/8317c17418b39410a660f5149071d26c5023c0d5fb2b7ebb771324812f666d73/68747470733a2f2f796969736f66742e6769746875622e696f2f646f63732f696d616765732f7969695f6c6f676f2e737667) ](https://github.com/yiisoft) Yii Auth ======== [](#yii-auth) [![Latest Stable Version](https://camo.githubusercontent.com/e8d95166d57a571c70c23f3622fe84c7050a33dd83242d02eb2539c0b21255ec/68747470733a2f2f706f7365722e707567782e6f72672f796969736f66742f617574682f76)](https://packagist.org/packages/yiisoft/auth)[![Total Downloads](https://camo.githubusercontent.com/53460826393ffebeeb2a969785c9874d77bbed14aba5c26e8955d9dfe3831224/68747470733a2f2f706f7365722e707567782e6f72672f796969736f66742f617574682f646f776e6c6f616473)](https://packagist.org/packages/yiisoft/auth)[![Build status](https://github.com/yiisoft/auth/actions/workflows/build.yml/badge.svg)](https://github.com/yiisoft/auth/actions/workflows/build.yml)[![Code Coverage](https://camo.githubusercontent.com/a031684187877dcc1da378fd0b93119d9ea12739e03eb96183856f1f1c4d305d/68747470733a2f2f636f6465636f762e696f2f67682f796969736f66742f617574682f67726170682f62616467652e7376673f746f6b656e3d48455a504e4f56583634)](https://codecov.io/gh/yiisoft/auth)[![Mutation testing badge](https://camo.githubusercontent.com/58213e3306e76720d3e26b08ea51de3297d93aa5ee921a6cc597e177218acf74/68747470733a2f2f696d672e736869656c64732e696f2f656e64706f696e743f7374796c653d666c61742675726c3d687474707325334125324625324662616467652d6170692e737472796b65722d6d757461746f722e696f2532466769746875622e636f6d253246796969736f6674253246617574682532466d6173746572)](https://dashboard.stryker-mutator.io/reports/github.com/yiisoft/auth/master)[![static analysis](https://github.com/yiisoft/auth/workflows/static%20analysis/badge.svg)](https://github.com/yiisoft/auth/actions?query=workflow%3A%22static+analysis%22)[![type-coverage](https://camo.githubusercontent.com/cc4005420a555145d234370696eef31b4e02b0ce8de0702f6c1b0e24e91ea5e6/68747470733a2f2f73686570686572642e6465762f6769746875622f796969736f66742f617574682f636f7665726167652e737667)](https://shepherd.dev/github/yiisoft/auth) The package provides various authentication methods, a set of abstractions to implement in your application, and a [PSR-15](https://www.php-fig.org/psr/psr-15/) middleware to authenticate an identity. Requirements ------------ [](#requirements) - PHP 8.1 - 8.5. Installation ------------ [](#installation) ``` composer require yiisoft/auth ``` General usage ------------- [](#general-usage) Configure a middleware and add it to your middleware stack: ``` $identityRepository = getIdentityWithTokenRepository(); // \Yiisoft\Auth\IdentityRepositoryInterface $authenticationMethod = new \Yiisoft\Auth\Method\HttpBasic($identityRepository); $middleware = new \Yiisoft\Auth\Middleware\Authentication( $authenticationMethod, $responseFactory, // PSR-17 ResponseFactoryInterface $failureHandler // optional, \Yiisoft\Auth\Handler\AuthenticationFailureHandler by default ); $middlewareDispatcher->addMiddleware($middleware); ``` In order to get an identity instance in the following middleware use `getAttribute()` method of the request instance: ``` public function actionIndex(\Psr\Http\Message\ServerRequestInterface $request): \Psr\Http\Message\ResponseInterface { $identity = $request->getAttribute(\Yiisoft\Auth\Middleware\Authentication::class); // ... } ``` ### HTTP basic authentication [](#http-basic-authentication) Basic HTTP authentication is typically used for entering login and password in the browser. Credentials are passed as `$_SERVER['PHP_AUTH_USER']` and `$_SERVER['PHP_AUTH_PW']`. ``` $authenticationMethod = (new \Yiisoft\Auth\Method\HttpBasic($identityRepository)) ->withRealm('Admin') ->withAuthenticationCallback(static function ( ?string $username, #[\SensitiveParameter] ?string $password, \Yiisoft\Auth\IdentityWithTokenRepositoryInterface $identityRepository ): ?\Yiisoft\Auth\IdentityInterface { return $identityRepository->findIdentityByToken($username, \Yiisoft\Auth\Method\HttpBasic::class); }); ``` Realm is typically what you will see in the browser prompt asking for a login and a password. Custom authentication callback set in the above is the same as default behavior when it is not specified. ### HTTP bearer authentication [](#http-bearer-authentication) Bearer HTTP authentication is typically used in APIs. Authentication token is passed in `WWW-Authenticate` header. ``` $authenticationMethod = new \Yiisoft\Auth\Method\HttpBearer($identityRepository); ``` ### Custom HTTP header authentication [](#custom-http-header-authentication) Custom HTTP header could be used if you do not want to leverage bearer token authentication: ``` $authenticationMethod = (new \Yiisoft\Auth\Method\HttpHeader($identityRepository)) ->withHeaderName('X-Api-Key') ->withPattern('/(.*)/'); // default ``` In the above we use full value of `X-Api-Key` header as token. ### Query parameter authentication [](#query-parameter-authentication) This authentication method is mainly used by clients unable to send headers. In case you do not have such clients we advise not to use it. ``` $authenticationMethod = (new \Yiisoft\Auth\Method\QueryParameter($identityRepository)) ->withParameterName('token'); ``` ### HTTP cookie authentication [](#http-cookie-authentication) ``` $authenticationMethod = (new \Yiisoft\Auth\Method\HttpCookie($identityRepository)) ->withCookieName('access-token'); ``` Typical authentication for websites by storing a token in a browser cookie. ### Using multiple authentication methods [](#using-multiple-authentication-methods) To use multiple authentication methods, use `Yiisoft\Auth\Method\Composite`: ``` $authenticationMethod = new \Yiisoft\Auth\Method\Composite([ $bearerAuthenticationMethod, $basicAuthenticationMethod ]); ``` Extension and integration points -------------------------------- [](#extension-and-integration-points) - `\Yiisoft\Auth\IdentityInterface` should be implemented by your application identity class. Typically, that is `User`. - `\Yiisoft\Auth\IdentityRepositoryInterface` should be implemented by your application identity repository class. Typically, that is `UserIdentity`. - `\Yiisoft\Auth\IdentityWithTokenRepositoryInterface` could be additionally implemented by your application identity repository class in case token-based authentication is needed. Typically, that is `UserIdentity`. - `\Yiisoft\Auth\AuthenticationMethodInterface` could be implemented to provide your own authentication method. Documentation ------------- [](#documentation) - [Internals](docs/internals.md) If you need help or have a question, the [Yii Forum](https://forum.yiiframework.com/c/yii-3-0/63) is a good place for that. You may also check out other [Yii Community Resources](https://www.yiiframework.com/community). License ------- [](#license) The Yii Auth is free software. It is released under the terms of the BSD License. Please see [`LICENSE`](./LICENSE.md) for more information. Maintained by [Yii Software](https://www.yiiframework.com/). Support the project ------------------- [](#support-the-project) [![Open Collective](https://camo.githubusercontent.com/a2b15f8e2268d4e3842e00d41ff7a57cce2ad8bd8d8769c5dc4fa05a546a4f62/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4f70656e253230436f6c6c6563746976652d73706f6e736f722d3765616466313f6c6f676f3d6f70656e253230636f6c6c656374697665266c6f676f436f6c6f723d376561646631266c6162656c436f6c6f723d353535353535)](https://opencollective.com/yiisoft) Follow updates -------------- [](#follow-updates) [![Official website](https://camo.githubusercontent.com/d6b0929173e28cc627430d2519ca1853466a70f37395877eaf4820cb3e1e1909/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f506f77657265645f62792d5969695f4672616d65776f726b2d677265656e2e7376673f7374796c653d666c6174)](https://www.yiiframework.com/)[![Twitter](https://camo.githubusercontent.com/d077c362ac639792171af8bc002ee827816733dfc0925f70b557e6d151022226/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f747769747465722d666f6c6c6f772d3144413146323f6c6f676f3d74776974746572266c6f676f436f6c6f723d314441314632266c6162656c436f6c6f723d3535353535353f7374796c653d666c6174)](https://twitter.com/yiiframework)[![Telegram](https://camo.githubusercontent.com/4e38dd12535575c39c65bea7119b95e663abb2d1f4e3d669a27bbda07ef603f0/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f74656c656772616d2d6a6f696e2d3144413146323f7374796c653d666c6174266c6f676f3d74656c656772616d)](https://t.me/yii3en)[![Facebook](https://camo.githubusercontent.com/48204e301b34b29b0815854544f04c337fc0692096cab35e9a1f8c53a42c2307/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f66616365626f6f6b2d6a6f696e2d3144413146323f7374796c653d666c6174266c6f676f3d66616365626f6f6b266c6f676f436f6c6f723d666666666666)](https://www.facebook.com/groups/yiitalk)[![Slack](https://camo.githubusercontent.com/1a3645ba1c97e6684d0349bc478201e1621ba0d3efad516d81035364d442bad7/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f736c61636b2d6a6f696e2d3144413146323f7374796c653d666c6174266c6f676f3d736c61636b)](https://yiiframework.com/go/slack) ### Health Score 61 — FairBetter than 99% of packages Maintenance76 Regular maintenance activity Popularity45 Moderate usage in the ecosystem Community35 Small or concentrated contributor base Maturity79 Established project with proven stability Bus Factor3 3 contributors hold 50%+ of commits How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~215 days Recently: every ~442 days Total 10 Last Release 152d ago Major Versions 1.0.2 → 2.0.02021-01-13 2.0.0 → 3.0.02021-01-22 PHP version history (4 changes)1.0.0PHP ^7.4|^8.0 3.1.0PHP ^8.0 3.2.0PHP 8.0 - 8.4 3.2.1PHP 8.0 - 8.5 ### Community Maintainers ![](https://www.gravatar.com/avatar/261a6249c6f605f3956a2fae40fbb813f6b2e1e6f2bf806180c851a965426e54?d=identicon)[cebe](/maintainers/cebe) ![](https://www.gravatar.com/avatar/fc29e4e7068a00fe9b9db37b8aadda1db6020adcacef810461e47b99c2b150e6?d=identicon)[samdark](/maintainers/samdark) ![](https://www.gravatar.com/avatar/ccb75e3312d6bd454ea445ea308139fd185a4ca906ca5df21cc66e6a35de25a3?d=identicon)[SilverFire](/maintainers/SilverFire) ![](https://www.gravatar.com/avatar/99106256c24a8cb23871b99fa90e48f37f1aa71608c185759b7d2a88683a5918?d=identicon)[hiqsol](/maintainers/hiqsol) --- Top Contributors [![samdark](https://avatars.githubusercontent.com/u/47294?v=4)](https://github.com/samdark "samdark (48 commits)")[![vjik](https://avatars.githubusercontent.com/u/525501?v=4)](https://github.com/vjik "vjik (23 commits)")[![xepozz](https://avatars.githubusercontent.com/u/6815714?v=4)](https://github.com/xepozz "xepozz (23 commits)")[![devanych](https://avatars.githubusercontent.com/u/20116244?v=4)](https://github.com/devanych "devanych (8 commits)")[![romkatsu](https://avatars.githubusercontent.com/u/1677515?v=4)](https://github.com/romkatsu "romkatsu (7 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (6 commits)")[![terabytesoftw](https://avatars.githubusercontent.com/u/42547589?v=4)](https://github.com/terabytesoftw "terabytesoftw (5 commits)")[![luizcmarin](https://avatars.githubusercontent.com/u/67489841?v=4)](https://github.com/luizcmarin "luizcmarin (4 commits)")[![dependabot-preview[bot]](https://avatars.githubusercontent.com/in/2141?v=4)](https://github.com/dependabot-preview[bot] "dependabot-preview[bot] (4 commits)")[![rustamwin](https://avatars.githubusercontent.com/u/16498265?v=4)](https://github.com/rustamwin "rustamwin (3 commits)")[![thenotsoft](https://avatars.githubusercontent.com/u/44147615?v=4)](https://github.com/thenotsoft "thenotsoft (3 commits)")[![viktorprogger](https://avatars.githubusercontent.com/u/7670669?v=4)](https://github.com/viktorprogger "viktorprogger (3 commits)")[![roxblnfk](https://avatars.githubusercontent.com/u/4152481?v=4)](https://github.com/roxblnfk "roxblnfk (2 commits)")[![mspirkov](https://avatars.githubusercontent.com/u/63721828?v=4)](https://github.com/mspirkov "mspirkov (2 commits)")[![armpogart](https://avatars.githubusercontent.com/u/785768?v=4)](https://github.com/armpogart "armpogart (2 commits)")[![sankaest](https://avatars.githubusercontent.com/u/21160342?v=4)](https://github.com/sankaest "sankaest (2 commits)")[![StyleCIBot](https://avatars.githubusercontent.com/u/11048387?v=4)](https://github.com/StyleCIBot "StyleCIBot (2 commits)")[![skugarev](https://avatars.githubusercontent.com/u/22639131?v=4)](https://github.com/skugarev "skugarev (1 commits)")[![Fantom409](https://avatars.githubusercontent.com/u/14968877?v=4)](https://github.com/Fantom409 "Fantom409 (1 commits)")[![ev-gor](https://avatars.githubusercontent.com/u/177424352?v=4)](https://github.com/ev-gor "ev-gor (1 commits)") --- Tags authauthenticationbasicbearerhacktoberfestmiddlewarepsr-15yii3middlewareauth ### Code Quality TestsPHPUnit Static AnalysisPsalm, Rector Type Coverage Yes ### Embed Badge ![Health badge](/badges/yiisoft-auth/health.svg) ``` [![Health](https://phpackages.com/badges/yiisoft-auth/health.svg)](https://phpackages.com/packages/yiisoft-auth) ``` ### Alternatives [cakephp/cakephp The CakePHP framework 8.8k18.5M1.6k](/packages/cakephp-cakephp)[yiisoft/yii-middleware Yii Middleware 21151.3k1](/packages/yiisoft-yii-middleware)[cakephp/authentication Authentication plugin for CakePHP 1153.6M67](/packages/cakephp-authentication)[neos/flow Flow Application Framework 862.0M451](/packages/neos-flow)[cakephp/authorization Authorization abstraction layer plugin for CakePHP 742.2M34](/packages/cakephp-authorization)[slim/csrf Slim Framework 4 CSRF protection PSR-15 middleware 3512.1M94](/packages/slim-csrf) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)