SingleUserPasswordAuthenticationCallback
in package
Single User Password Authentication Callback
A simple example authentication callback which performs authentication itself rather than redirecting to an existing authentication flow.
In some cases, it may make sense for your IndieAuth server to be able to authenticate users itself, rather than redirecting them to an existing authentication flow. This implementation provides a simple single-user password authentication method intended for bootstrapping and testing purposes.
The sign-in form can be customised by making your own template and passing the path to the constructor.
Minimal usage:
// One-off during app configuration:
YOUR_HASHED_PASSWORD = password_hash('my super strong password', PASSWORD_DEFAULT);
// In your app:
use Taproot\IndieAuth;
$server = new IndieAuth\Server([
…
'authenticationHandler' => new IndieAuth\Callback\SingleUserPasswordAuthenticationCallback(
YOUR_SECRET,
['me' => 'https://me.example.com/'],
YOUR_HASHED_PASSWORD
)
…
]);
See documentation for __construct() for information about customising behaviour.
Table of Contents
- DEFAULT_COOKIE_TTL = 60 * 5
- LOGIN_HASH_COOKIE = 'taproot_indieauth_server_supauth_hash'
- PASSWORD_FORM_PARAMETER = 'taproot_indieauth_server_password'
- $csrfKey : string
- $formTemplateCallable : callable
- $hashedPassword : string
- $secret : string
- $ttl : int
- $user : array<string|int, mixed>
- __construct() : mixed
- Constructor
- __invoke() : mixed
Constants
DEFAULT_COOKIE_TTL
public
mixed
DEFAULT_COOKIE_TTL
= 60 * 5
LOGIN_HASH_COOKIE
public
mixed
LOGIN_HASH_COOKIE
= 'taproot_indieauth_server_supauth_hash'
PASSWORD_FORM_PARAMETER
public
mixed
PASSWORD_FORM_PARAMETER
= 'taproot_indieauth_server_password'
Properties
$csrfKey
public
string
$csrfKey
$formTemplateCallable
protected
callable
$formTemplateCallable
$hashedPassword
protected
string
$hashedPassword
$secret
protected
string
$secret
$ttl
protected
int
$ttl
$user
protected
array<string|int, mixed>
$user
Methods
__construct()
Constructor
public
__construct(string $secret, array<string|int, mixed> $user, string $hashedPassword[, string|callable|null $formTemplate = null ][, string|null $csrfKey = null ][, int|null $ttl = null ]) : mixed
Parameters
- $secret : string
-
A secret key used to encrypt cookies. Can be the same as the secret passed to IndieAuth\Server.
- $user : array<string|int, mixed>
-
An array representing the user, which will be returned on a successful authentication. MUST include a 'me' key, may also contain a 'profile' key, or other keys at your discretion.
- $hashedPassword : string
-
The password used to authenticate as $user, hashed by
password_hash($pass, PASSWORD_DEFAULT) - $formTemplate : string|callable|null = null
-
The path to a template used to render the sign-in form, or a template callable with the signature
function (array $context): string. Uses default if null. - $csrfKey : string|null = null
-
The key under which to fetch a CSRF token from
$requestattributes, and as the CSRF token name in submitted form data. Defaults to the Server default, only change if you’re using a custom CSRF middleware. - $ttl : int|null = null
-
The lifetime of the authentication cookie, in seconds. Defaults to five minutes.
Return values
mixed —__invoke()
public
__invoke(ServerRequestInterface $request, string $formAction[, string|null $normalizedMeUrl = null ]) : mixed
Parameters
- $request : ServerRequestInterface
- $formAction : string
- $normalizedMeUrl : string|null = null