Skip to content

gyselroth/micro-auth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits

src

src

 
 

tests

tests

 
 

.editorconfig

.editorconfig

 
 

.gitignore

.gitignore

 
 

.php_cs.dist

.php_cs.dist

 
 

.travis.yml

.travis.yml

 
 

CODE_OF_CONDUCT.md

CODE_OF_CONDUCT.md

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

composer.json

composer.json

 
 

composer.lock

composer.lock

 
 

phpstan.neon

phpstan.neon

 
 

Repository files navigation

Lightweight authentication library

Build Status Scrutinizer Code Quality Latest Stable Version GitHub release GitHub license

Description

This is a lightweight authentication library. It is adapter based and comes with support for LDAP and OpenID-connect. It can handle multiple adapter of the same or different types. This library contains no storage mechanism. If you wish to store the authentication you need to store the identity object in your sessesion storage.

Requirements

The library is only >= PHP7.1 compatible.

Download

The package is available at packagist: https://packagist.org/packages/gyselroth/micro-auth

To install the package via composer execute:

composer require gyselroth/micro-auth

Documentation

Simple example usage

Create authentication instance and inject an LDAP and OpenID-connect adapter:

use Micro\Auth;

$logger = new \My\Psr\Logger()
$auth = new Auth\Auth(\Psr\Log\LoggerInterface $logger);
$auth->injectAdapter(new Auth\Adapter\Basic\Ldap(new Auth\Ldap([
    'uri' => 'ldap://myldap.local:398',
    'binddn' => 'cn=admin,dc=test,dc=com',
    'bindpw' => '1234',
    'basedn' => 'dc=test,dc=com',
    'tls' => true
]), $logger, [
    'account_filter' => '(&(objectClass=posixAccount)(uid=%s))'
]), 'my_ldap_server');

$auth->injectAdapter(new Auth\Adapter\Oidc([
    'provider_url' => 'https://accounts.google.com',
    'identity_attribute' => 'email'
], $logger), 'google_oidc_server');

if($auth->requireOne()) {
    $identity = $auth->getIdentity();
    printf('Hello %s', $identity->getIdentifier());
} else {
    //Authentication failed
}

Define attribute map

So far so good but usually just authenticate is not enaugh, mostly you like to request user attributes of a given identity. Let us create an attribute map for our ldap server my_ldap_server.

use Micro\Auth;

$auth->injectAdapter(new Auth\Adapter\Basic\Ldap(new Auth\Ldap([
    'uri' => 'ldap://myldap.local:398',
    'binddn' => 'cn=admin,dc=test,dc=com',
    'bindpw' => '1234',
    'basedn' => 'dc=test,dc=com',
    'tls' => true
]), $logger, [
    'account_filter' => '(&(objectClass=posixAccount)(uid=%s))',
    'attribute_map' => [
        'firstname' => [
            'attr' => 'firstname',
            'type' => 'string',
        ],
        'lastname' => [
            'attr' => 'surname',
            'type' => 'string',
        ],
        'mail' => [
            'attr' => 'mail',
            'type' => 'string'
        ]
    ]
]), 'my_ldap_server');

if($auth->requireOne()) {
    $attributes = $auth->getIdentity()->getAttributes();
    var_dump($attributes);
} else {
    //Authentication failed
}

Given that, you can define an attribute map for each authentication adapter and map all attributes to the same attribute names you would like to use.

About

Lightweight authentication library

Topics

php ldap authentication openid-connect

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases 19

1.0.0-alpha6 Latest
Feb 3, 2022
+ 18 releases

Packages

No packages published

Languages