{"id":18896471,"url":"https://github.com/descope/descope-php","last_synced_at":"2025-11-29T22:04:05.223Z","repository":{"id":177395186,"uuid":"644211557","full_name":"descope/descope-php","owner":"descope","description":"PHP library used to integrate with Descope","archived":false,"fork":false,"pushed_at":"2025-11-20T08:53:10.000Z","size":158,"stargazers_count":35,"open_issues_count":11,"forks_count":3,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-11-27T14:52:57.436Z","etag":null,"topics":["authentication","descope","php","sdk","sdk-php"],"latest_commit_sha":null,"homepage":"https://docs.descope.com","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/descope.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-05-23T03:52:32.000Z","updated_at":"2025-11-12T16:43:53.000Z","dependencies_parsed_at":"2024-03-04T23:29:46.345Z","dependency_job_id":"1357c0cd-6de4-4895-b2be-8a0775b6eafa","html_url":"https://github.com/descope/descope-php","commit_stats":null,"previous_names":["descope/descope-php"],"tags_count":10,"template":false,"template_full_name":null,"purl":"pkg:github/descope/descope-php","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/descope%2Fdescope-php","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/descope%2Fdescope-php/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/descope%2Fdescope-php/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/descope%2Fdescope-php/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/descope","download_url":"https://codeload.github.com/descope/descope-php/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/descope%2Fdescope-php/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":27366339,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-11-29T02:00:06.589Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","descope","php","sdk","sdk-php"],"created_at":"2024-11-08T08:34:05.890Z","updated_at":"2025-11-29T22:04:05.217Z","avatar_url":"https://github.com/descope.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# \u003ca title=\"Descope PHP SDK\" href=\"https://www.php.net/\"\u003e\u003cimg width=\"64\" alt=\"php logo\" src=\"https://upload.wikimedia.org/wikipedia/commons/2/27/PHP-logo.svg\"\u003e\u003c/a\u003e by Descope\n\n[![License](https://img.shields.io/:license-MIT-blue.svg?style=flat)](https://opensource.org/licenses/MIT)\n\n## Overview\n\nThe Descope SDK for PHP provides convenient access to Descope authentication. You can read more on the [Descope Website](https://descope.com).\n\n## Getting started\n\n### Requirements\n\n- [PHP 7.4+](https://www.php.net/)\n\n### Installation\n\nInstall the package with `Composer`:\n\n```\ncomposer require descope/descope-php\n```\n\nYou'll need to set up a `.env` file in the root directory with your Descope Project ID, which you can get from the [Console](https://app.descope.com/settings/project) like this:\n\n```\nDESCOPE_PROJECT_ID=\u003cDescope Project ID\u003e\nDESCOPE_MANAGEMENT_KEY=\u003cDescope Management Key\u003e\n```\n\n## Using the SDK\n\nIn order to use the SDK you will need to initialize a `DescopeSDK` object with your Descope Project ID you defined in your `.env` file, like this:\n\n```php\nrequire 'vendor/autoload.php';\nuse Descope\\SDK\\DescopeSDK;\n\n$descopeSDK = new DescopeSDK([\n 'projectId' =\u003e $_ENV['DESCOPE_PROJECT_ID'],\n 'managementKey' =\u003e $_ENV['DESCOPE_MANAGEMENT_KEY'], // Optional, only used for Management functions\n 'debug' =\u003e false // Optional, enables verbose error logging (default: false)\n]);\n```\n\n### Debug/Verbose Logging\n\nThe SDK supports optional debug/verbose logging to help troubleshoot API request issues. **Debug logging is disabled by default** to keep your application logs clean in production.\n\nWhen enabled, the SDK will log detailed error information to PHP's error log (via `error_log()`) when API requests fail, including:\n\n- HTTP status codes\n- Error response bodies\n- Request exceptions\n\nYou can enable debug logging in three ways:\n\n1. **Via Config Array** (recommended):\n\n ```php\n $descopeSDK = new DescopeSDK([\n 'projectId' =\u003e $_ENV['DESCOPE_PROJECT_ID'],\n 'debug' =\u003e true // Enable verbose logging\n ]);\n ```\n\n2. **Via Environment Variable**:\n\n ```bash\n export DESCOPE_DEBUG=true\n ```\n\n Then initialize the SDK normally (it will automatically detect the environment variable):\n\n ```php\n $descopeSDK = new DescopeSDK([\n 'projectId' =\u003e $_ENV['DESCOPE_PROJECT_ID']\n ]);\n ```\n\n3. **Via `.env` file**:\n ```\n DESCOPE_DEBUG=true\n ```\n\n**Note:** Debug logging uses PHP's `error_log()` function, so logs will appear in your configured PHP error log location (typically defined by `error_log` in `php.ini` or your server configuration).\n\n### Caching Mechanism\n\nThe Descope PHP SDK uses a caching mechanism to store frequently accessed data, such as JSON Web Key Sets (JWKs) for session token validation. By default, the SDK uses **APCu** for caching, provided it is enabled and configured in your environment. If APCu is not available, and no other caching mechanism is provided, caching is disabled.\n\nBy using the `CacheInterface`, you can integrate the Descope PHP SDK with any caching mechanism that suits your application, ensuring optimal performance in both small and large-scale deployments.\n\n#### Custom Caching with `CacheInterface`\n\nThe SDK allows you to provide a custom caching mechanism by implementing the `CacheInterface`. This interface defines three methods that any cache implementation should support:\n\n- `get(string $key)`: Retrieve a value by key.\n- `set(string $key, $value, int $ttl = 3600): bool`: Store a value with a specified time-to-live (TTL).\n- `delete(string $key): bool`: Remove a value by key.\n\nYou can provide your custom caching implementation by creating a class that implements `CacheInterface`. Here's an example using Laravel's cache system:\n\n```php\nnamespace App\\Cache;\n\nuse Descope\\SDK\\Cache\\CacheInterface;\nuse Illuminate\\Support\\Facades\\Cache;\n\nclass LaravelCache implements CacheInterface\n{\n public function get(string $key)\n {\n return Cache::get($key);\n }\n\n public function set(string $key, $value, int $ttl = 3600): bool\n {\n // Laravel TTL is in minutes\n return Cache::put($key, $value, max(1, ceil($ttl / 60)));\n }\n\n public function delete(string $key): bool\n {\n return Cache::forget($key);\n }\n}\n```\n\nTo use the Laravel cache in the SDK:\n\n```php\nuse Descope\\SDK\\DescopeSDK;\nuse App\\Cache\\LaravelCache;\n\n$descopeSDK = new DescopeSDK([\n 'projectId' =\u003e $_ENV['DESCOPE_PROJECT_ID'],\n 'managementKey' =\u003e $_ENV['DESCOPE_MANAGEMENT_KEY'],\n], new LaravelCache());\n```\n\nOnce you've configured your caching, you're ready to use the SDK. This SDK will easily allow you integrate Descope functionality with the following built-in functions:\n\n## Authentication Methods\n\n### Passwords\n\n#### Sign Up\n\n```php\n$response = $descopeSDK-\u003eauth-\u003epassword-\u003esignUp(\"loginId\", \"password123\");\nprint_r($response);\n```\n\n#### Sign In\n\n```php\n$response = $descopeSDK-\u003eauth-\u003epassword-\u003esignIn(\"loginId\", \"password123\");\nprint_r($response);\n```\n\n#### Send Reset Password\n\n```php\n$response = $descopeSDK-\u003eauth-\u003epassword-\u003esendReset(\"loginId\", \"https://example.com/reset\");\nprint_r($response);\n```\n\n#### Update Password\n\n```php\n$descopeSDK-\u003eauth-\u003epassword-\u003eupdate(\"loginId\", \"newPassword123\", \"refreshToken\");\n```\n\n#### Replace Password\n\n```php\n$response = $descopeSDK-\u003eauth-\u003epassword-\u003ereplace(\"loginId\", \"oldPassword123\", \"newPassword123\");\nprint_r($response);\n```\n\n#### Get Password Policy\n\n```php\n$response = $descopeSDK-\u003eauth-\u003epassword-\u003egetPolicy();\nprint_r($response);\n```\n\n### SSO\n\n#### SSO Sign In\n\n```php\n$response = $descopeSDK-\u003eauth-\u003esso-\u003esignIn(\n \"tenant\",\n \"https://example.com/callback\",\n \"prompt\",\n true,\n true,\n [\"custom\" =\u003e \"claim\"],\n \"ssoAppId\"\n);\nprint_r($response);\n```\n\n#### Exchange Token\n\n```php\n$response = $descopeSDK-\u003eauth-\u003esso-\u003eexchangeToken(\"code\");\nprint_r($response);\n```\n\n### Session Management\n\n1. `DescopeSDK-\u003everify($sessionToken)` - will validate the session token and return either **TRUE** or **FALSE**, depending on if the JWT is valid and expired.\n2. `DescopeSDK-\u003erefreshSession($refreshToken)` - will refresh your session and return a new session token, with the refresh token.\n3. `DescopeSDK-\u003everifyAndRefreshSession($sessionToken, $refreshToken)` - will validate the session token and return either **TRUE** or **FALSE**, and will refresh your session and return a new session token.\n4. `DescopeSDK-\u003elogout($refreshToken)` - will invalidate the refresh token and log the user out of the current session.\n5. `DescopeSDK-\u003elogoutAll($refreshToken)` - will invalidate all refresh tokens associated with a given project, thereby signing out of all sessions across multiple applications.\n\n---\n\n6. `DescopeSDK-\u003egetClaims($sessionToken)` - will return all of the claims from the JWT in an array format.\n7. `DescopeSDK-\u003egetUserDetails($refreshToken)` - will return all of the user information (email, phone, verification status, etc.) using a provided refresh token.\n\n### User Management Functions\n\nEach of these functions have code examples on how to use them.\n\n\u003e Some of these values may be incorrect for your environment, they exist purely as an example for your own implementation.\n\n#### Create User\n\n```php\n$response = $descopeSDK-\u003emanagement-\u003euser-\u003ecreate(\n 'testuser1', // loginId\n 'newemail@example.com', // email\n '+1234567890', // phone\n 'Updated User', // displayName\n 'Updated', // givenName\n 'Middle', // middleName\n 'User', // familyName\n null, // picture\n null, // customAttributes\n true, // verifiedEmail\n true, // verifiedPhone\n null, // inviteUrl\n ['altUser1'], // additionalLoginIds\n ['app123'], // ssoAppIds\n null, // password\n ['admin', 'editor'], // roleNames\n [['tenantId' =\u003e 'tenant1']] // userTenants\n);\nprint_r($response);\n```\n\n#### Update User\n\n```php\n$response = $descopeSDK-\u003emanagement-\u003euser-\u003eupdate(\n 'testuser1', // loginId\n 'updatedemail@example.com', // email\n '+1234567890', // phone\n 'Updated User', // displayName\n 'Updated', // givenName\n 'Middle', // middleName\n 'User', // familyName\n 'https://example.com/newpic.jpg', // picture\n ['department' =\u003e 'HR'], // customAttributes\n true, // verifiedEmail\n true, // verifiedPhone\n ['altUser1'], // additionalLoginIds\n [''], // ssoAppIds\n);\n```\n\n#### Invite User\n\n```php\n$response = $descopeSDK-\u003emanagement-\u003euser-\u003einvite(\n 'newuser1', // loginId\n 'invite@example.com', // email\n '+1234567890', // phone\n 'New User', // displayName\n 'John', // givenName\n 'Middle', // middleName\n 'Doe', // familyName\n 'https://example.com/profile.jpg', // picture\n ['department' =\u003e 'Engineering'], // customAttributes\n true, // verifiedEmail\n true, // verifiedPhone\n 'https://myapp.com/invite', // inviteUrl\n true, // sendMail\n true // sendSms\n);\nprint_r($response);\n```\n\n#### Batch Invite\n\n```php\n$users = [\n new Descope\\SDK\\Management\\UserObj(\n 'batchuser1', // loginId\n 'batch1@example.com', // email\n null, // phone\n 'Batch User One', // displayName\n null, // givenName\n null, // middleName\n null, // familyName\n ['admin'], // roleNames\n [['tenantId' =\u003e 'tenant1']], // userTenants (can be an empty array if no tenant)\n null, // picture\n null, // customAttributes\n null, // verifiedEmail\n null, // verifiedPhone\n null, // additionalLoginIds\n null, // ssoAppIds\n null, // password\n 'enabled' // status (optional: \"enabled\", \"disabled\", \"invited\")\n ),\n\n new Descope\\SDK\\Management\\UserObj(\n 'batchuser2', // loginId\n 'batch2@example.com', // email\n null, // phone\n 'Batch User Two', // displayName\n null, // givenName\n null, // middleName\n null, // familyName\n ['viewer'], // roleNames\n [['tenantId' =\u003e 'tenant2']], // userTenants (can be an empty array if no tenant)\n null, // picture\n null, // customAttributes\n null, // verifiedEmail\n null, // verifiedPhone\n null, // additionalLoginIds\n null, // ssoAppIds\n null, // password\n 'disabled' // status (optional: \"enabled\", \"disabled\", \"invited\")\n )\n];\n\n$response = $descopeSDK-\u003emanagement-\u003euser-\u003einviteBatch(\n $users,\n 'https://myapp.com/batch-invite', // inviteUrl\n true, // sendMail\n true // sendSms\n);\n\nprint_r($response);\n```\n\n#### Delete User\n\n```php\n$descopeSDK-\u003emanagement-\u003euser-\u003edelete(\"testuser1\");\n```\n\n#### Search All Users\n\n```php\n$response = $descopeSDK-\u003emanagement-\u003euser-\u003esearchAll(\n \"\", // loginId\n [], // tenantIds\n ['admin', 'viewer'], // roleNames\n 50, // limit\n \"\", // text\n 1, // page\n false, // ssoOnly\n false, // testUsersOnly\n false, // withTestUser\n null, // customAttributes\n ['enabled'], // statuses\n ['user@example.com'], // emails\n ['+1234567890'], // phones\n ['ssoApp123'], // ssoAppIds\n [ // sort\n ['field' =\u003e 'displayName', 'desc' =\u003e true]\n ]\n);\nprint_r($response);\n```\n\n#### Add Tenant\n\n```php\n$response = $descopeSDK-\u003emanagement-\u003euser-\u003eaddTenant(\"testuser1\", \"tenantId1\");\nprint_r($response);\n```\n\n#### Remove Tenant\n\n```php\n$response = $descopeSDK-\u003emanagement-\u003euser-\u003eremoveTenant(\"testuser1\", \"tenantId1\");\nprint_r($response);\n```\n\n#### Set Tenant Roles\n\n```php\n$response = $descopeSDK-\u003emanagement-\u003euser-\u003esetTenantRoles(\"testuser1\", \"tenantId1\", [\"admin\"]);\nprint_r($response);\n```\n\n#### Add Tenant Roles\n\n```php\n$response = $descopeSDK-\u003emanagement-\u003euser-\u003eaddTenantRoles(\"testuser1\", \"tenantId1\", [\"user\"]);\nprint_r($response);\n```\n\n#### Remove Tenant Roles\n\n```php\n$response = $descopeSDK-\u003emanagement-\u003euser-\u003eremoveTenantRoles(\"testuser1\", \"tenantId1\", [\"admin\"]);\nprint_r($response);\n```\n\n#### Set Temporary Password\n\n```php\n$descopeSDK-\u003emanagement-\u003euser-\u003esetTemporaryPassword(\"testuser1\", new UserPassword(cleartext: \"temporaryPassword123\"));\n```\n\n#### Set Active Password\n\n```php\n$descopeSDK-\u003emanagement-\u003euser-\u003esetActivePassword(\"testuser1\", new UserPassword(cleartext: \"activePassword123\"));\n```\n\n#### Set Password\n\n```php\n$descopeSDK-\u003emanagement-\u003euser-\u003esetPassword(\"testuser1\", new UserPassword(cleartext: \"password123\"), true);\n```\n\n## Password Management\n\nThe SDK provides several classes for handling different types of passwords and password hashes. Here's how to use them:\n\n### Cleartext Passwords\n\nFor cleartext (plain text) passwords:\n\n```php\nuse Descope\\SDK\\Management\\Password\\UserPassword;\n\n// Create a password with cleartext\n$password = new UserPassword(cleartext: \"mysecretpassword\");\n\n// Use it in user creation\n$response = $descopeSDK-\u003emanagement-\u003euser-\u003ecreate(\n \"user123\", // loginId\n \"user@example.com\", // email\n \"+1234567890\", // phone\n \"John Doe\", // displayName\n \"John\", // givenName\n null, // middleName\n \"Doe\", // familyName\n null, // picture\n null, // customAttributes\n true, // verifiedEmail\n true, // verifiedPhone\n null, // inviteUrl\n null, // additionalLoginIds\n null, // ssoAppIds\n $password, // password\n [\"user\"], // roleNames\n null // userTenants\n);\n```\n\n### Hashed Passwords\n\nThe SDK supports multiple hash types. Here's how to use each:\n\n#### BCrypt\n\n```php\nuse Descope\\SDK\\Management\\Password\\UserPassword;\nuse Descope\\SDK\\Management\\Password\\UserPasswordBcrypt;\n\n// Create a bcrypt hashed password\n$hashedPassword = new UserPasswordBcrypt('$2a$12$XlQwF3/7ohdzYrE0LC4A.O');\n$password = new UserPassword(null, $hashedPassword);\n\n// Use it in user creation\n$response = $descopeSDK-\u003emanagement-\u003euser-\u003ecreate(\n \"user123\", // loginId\n \"user@example.com\", // email\n null, // phone\n \"John Doe\", // displayName\n null, // givenName\n null, // middleName\n null, // familyName\n null, // picture\n null, // customAttributes\n true, // verifiedEmail\n false, // verifiedPhone\n null, // inviteUrl\n null, // additionalLoginIds\n null, // ssoAppIds\n $password, // password\n [\"user\"], // roleNames\n null // userTenants\n);\n```\n\n#### SHA\n\n```php\nuse Descope\\SDK\\Management\\Password\\UserPassword;\nuse Descope\\SDK\\Management\\Password\\UserPasswordSha;\n\n// Create a SHA hashed password\n$hashedPassword = new UserPasswordSha(\n '5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8', // hash\n 'sha256' // type\n);\n$password = new UserPassword(null, $hashedPassword);\n\n// Use it in user creation or password replacement\n...\n```\n\n#### MD5\n\n```php\nuse Descope\\SDK\\Management\\Password\\UserPassword;\nuse Descope\\SDK\\Management\\Password\\UserPasswordMD5;\n\n// Create an MD5 hashed password\n$hashedPassword = new UserPasswordMD5('87f77988ccb5aa917c93201ba314fcd4');\n$password = new UserPassword(null, $hashedPassword);\n\n// Use it in user creation or password replacement\n...\n```\n\n#### PBKDF2\n\n```php\nuse Descope\\SDK\\Management\\Password\\UserPassword;\nuse Descope\\SDK\\Management\\Password\\UserPasswordPbkdf2;\n\n// Create a PBKDF2 hashed password\n$hashedPassword = new UserPasswordPbkdf2(\n 'hashvalue', // hash\n 'saltvalue', // salt\n 10000, // iterations\n 'sha256' // variant (sha1, sha256, sha512)\n);\n$password = new UserPassword(null, $hashedPassword);\n\n// Use it in user creation or password replacement\n...\n```\n\n#### Django\n\n```php\nuse Descope\\SDK\\Management\\Password\\UserPassword;\nuse Descope\\SDK\\Management\\Password\\UserPasswordDjango;\n\n// Create a Django hashed password\n$hashedPassword = new UserPasswordDjango('pbkdf2_sha256$30000$hashvalue');\n$password = new UserPassword(null, $hashedPassword);\n\n// Use it in user creation or password replacement\n...\n```\n\n#### Firebase\n\n```php\nuse Descope\\SDK\\Management\\Password\\UserPassword;\nuse Descope\\SDK\\Management\\Password\\UserPasswordFirebase;\n\n// Create a Firebase hashed password\n$hashedPassword = new UserPasswordFirebase(\n 'hashvalue', // hash\n 'saltvalue', // salt\n 'saltsep', // salt separator\n 'signerkey', // signer key\n 14, // memory cost\n 8 // rounds\n);\n$password = new UserPassword(null, $hashedPassword);\n\n// Use it in user creation or password replacement\n...\n```\n\n## Unit Testing\n\nThe PHP directory includes unit testing using PHPUnit. You can insert values for session token and refresh tokens in the `src/tests/DescopeSDKTest.php` file, and run to validate whether or not the functions are operating properly.\n\nTo run the tests, run this command:\n\n```\n./vendor/bin/phpunit --bootstrap bootstrap.php --verbose src/tests/DescopeSDKTest.php\n```\n\n## Running the PHP Sample App\n\nIn the `sample/static/descope.js`, replace the **projectId** with your Descope Project ID, which you can find in the [Descope Console](https://app.descope.com/settings/project).\n\nIf you haven't already, make sure you run the composer command listed above, to install the necessary SDK packages.\n\nThen, run this command from the root directory, to start the sample app:\n\n```\nphp -S localhost:3000 -t sample/\n```\n\nThe app should now be accessible at http://localhost:3000/ from your web browser.\n\nThis sample app showcases a Descope Flow using the WebJS SDK and PHP sessions to retain user information across multiple pages. It also showcases initializing the SDK and using it to validate the session token from formData sent from `login.php`.\n\n## Feedback\n\n### Contributing\n\nWe appreciate feedback and contribution to this repository!\n\n### Raise an issue\n\nTo provide feedback or report a bug, please [raise an issue on our issue tracker](https://github.com/descope/php-sdk/issues).\n\nThis project is licensed under the MIT license. See the \u003ca href=\"./LICENSE\"\u003e LICENSE\u003c/a\u003e file for more info.\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdescope%2Fdescope-php","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdescope%2Fdescope-php","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdescope%2Fdescope-php/lists"}