{"id":13711970,"url":"https://github.com/middlewares/http-authentication","last_synced_at":"2026-01-07T23:54:51.666Z","repository":{"id":57037813,"uuid":"69787161","full_name":"middlewares/http-authentication","owner":"middlewares","description":"PSR-15 middleware to implement Basic and Digest Http authentication","archived":false,"fork":false,"pushed_at":"2025-03-26T14:44:07.000Z","size":57,"stargazers_count":35,"open_issues_count":0,"forks_count":4,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-30T11:08:53.268Z","etag":null,"topics":["basic-authentication","digest-authentication","http","http-authentication","middleware","psr-15"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/middlewares.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-10-02T08:39:05.000Z","updated_at":"2025-03-23T10:36:44.000Z","dependencies_parsed_at":"2024-01-12T22:35:45.191Z","dependency_job_id":"fee1ca80-4ad2-4a4e-a11b-fb00322915df","html_url":"https://github.com/middlewares/http-authentication","commit_stats":{"total_commits":50,"total_committers":2,"mean_commits":25.0,"dds":"0.040000000000000036","last_synced_commit":"08ba95e3f4e0cea2659bf3867848e370b978faf1"},"previous_names":[],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/middlewares%2Fhttp-authentication","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/middlewares%2Fhttp-authentication/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/middlewares%2Fhttp-authentication/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/middlewares%2Fhttp-authentication/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/middlewares","download_url":"https://codeload.github.com/middlewares/http-authentication/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252772229,"owners_count":21801882,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["basic-authentication","digest-authentication","http","http-authentication","middleware","psr-15"],"created_at":"2024-08-02T23:01:13.462Z","updated_at":"2026-01-07T23:54:51.615Z","avatar_url":"https://github.com/middlewares.png","language":"PHP","readme":"# middlewares/http-authentication\n\n[![Latest Version on Packagist][ico-version]][link-packagist]\n[![Software License][ico-license]](LICENSE)\n![Testing][ico-ga]\n[![Total Downloads][ico-downloads]][link-downloads]\n\nMiddleware to implement [RFC 2617 Http Authentication](https://tools.ietf.org/html/rfc2617). Contains the following components:\n\n* [BasicAuthentication](#basicauthentication)\n* [DigestAuthentication](#digestauthentication)\n\n## Requirements\n\n* PHP \u003e= 7.2\n* A [PSR-7 http library](https://github.com/middlewares/awesome-psr15-middlewares#psr-7-implementations)\n* A [PSR-15 middleware dispatcher](https://github.com/middlewares/awesome-psr15-middlewares#dispatcher)\n\n## Installation\n\nThis package is installable and autoloadable via Composer as [middlewares/http-authentication](https://packagist.org/packages/middlewares/http-authentication).\n\n```sh\ncomposer require middlewares/http-authentication\n```\n\n## BasicAuthentication\n\nThe [Basic access authentication](https://en.wikipedia.org/wiki/Basic_access_authentication) is the simplest technique.\n\nYou have to provide an `Array` or `ArrayAccess` with the usernames and passwords of all available users. The keys are the usernames and the values the passwords.\n\n```php\nDispatcher::run([\n new Middlewares\\BasicAuthentication([\n 'username1' =\u003e 'password1',\n 'username2' =\u003e 'password2'\n ])\n]);\n```\n\nOptionally, you can provide a `Psr\\Http\\Message\\ResponseFactoryInterface` as the second argument, that will be used to create the error responses (`401`). If it's not defined, [Middleware\\Utils\\Factory](https://github.com/middlewares/utils#factory) will be used to detect it automatically.\n\n```php\n$responseFactory = new MyOwnResponseFactory();\n\n$route = new Middlewares\\BasicAuthentication($users, $responseFactory);\n```\n\n### realm\n\nThe realm value. By default is \"Login\".\n\n### attribute\n\nThe attribute name used to save the username of the user. If it's not defined, it wont be saved. Example:\n\n```php\nDispatcher::run([\n (new Middlewares\\BasicAuthentication([\n 'username1' =\u003e 'password1',\n 'username2' =\u003e 'password2'\n ]))-\u003eattribute('username'),\n\n function ($request) {\n $username = $request-\u003egetAttribute('username');\n\n return new Response('Hello '.$username);\n }\n]);\n```\n\n### verifyHash\n\nThis option verifies the password using [`password_verify`](https://www.php.net/manual/en/function.password-verify.php). Useful if you don't want to provide the passwords in plain text.\n\n```php\n$users = [\n 'username' =\u003e password_hash('secret-password', PASSWORD_DEFAULT);\n]\n\nDispatcher::run([\n (new Middlewares\\BasicAuthentication($users))\n -\u003eattribute('username')\n -\u003everifyHash(),\n\n function ($request) {\n $username = $request-\u003egetAttribute('username');\n\n return new Response('Hello '.$username);\n }\n]);\n```\n\n## DigestAuthentication\n\nThe [Digest access authentication](https://en.wikipedia.org/wiki/Digest_access_authentication) is more secure than basic.\n\nThe constructor signature is the same than `BasicAuthentication`:\n\n```php\n$users = [\n 'username1' =\u003e 'password1',\n 'username2' =\u003e 'password2'\n];\n$responseFactory = new MyOwnResponseFactory();\n\nDispatcher::run([\n new Middlewares\\DigestAuthentication($users, $responseFactory)\n]);\n```\n\n### realm\n\nThe realm value. By default is \"Login\".\n\n### attribute\n\nThe attribute name used to save the username of the user. If it's not defined, it wont be saved.\n\n### nonce\n\nTo configure the nonce value. If its not defined, it's generated with [uniqid](http://php.net/uniqid)\n\n---\n\nPlease see [CHANGELOG](CHANGELOG.md) for more information about recent changes and [CONTRIBUTING](CONTRIBUTING.md) for contributing details.\n\nThe MIT License (MIT). Please see [LICENSE](LICENSE) for more information.\n\n[ico-version]: https://img.shields.io/packagist/v/middlewares/http-authentication.svg?style=flat-square\n[ico-license]: https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square\n[ico-ga]: https://github.com/middlewares/http-authentication/workflows/testing/badge.svg\n[ico-downloads]: https://img.shields.io/packagist/dt/middlewares/http-authentication.svg?style=flat-square\n\n[link-packagist]: https://packagist.org/packages/middlewares/http-authentication\n[link-downloads]: https://packagist.org/packages/middlewares/http-authentication\n","funding_links":[],"categories":["Packages"],"sub_categories":["Security"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmiddlewares%2Fhttp-authentication","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmiddlewares%2Fhttp-authentication","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmiddlewares%2Fhttp-authentication/lists"}