Authenticator
Using the HTTP Authenticator
249k Downloads / Month
Open Source MIT License
249k Downloads / Month
Open Source MIT License
The workflow is easy. Just create an authenticator in the first step and secure your resource by checking for credentials with a second step.
I strongly recommend using a library like PHP dotenv to store the credentials and keep usernames and passwords out of version control.
use Intervention\HttpAuth\Authenticator; $auth = new Authenticator( 'basic', // auth type 'Secure Resource', // name of realm 'admin', // username 'secret' // password );
Alternatively use methods to set properties.
use Intervention\HttpAuth\Authenticator; $auth = new Authenticator(); $auth->withType('digest'); $auth->withRealm('Secure'); $auth->withCredentials('admin', 'secret');
The package comes with several static factory methods to create the authenticator.
use Intervention\HttpAuth\Authenticator; // create basic auth by array $auth = Authenticator::make([ 'type' => 'basic', 'realm' => 'Secure Resource', 'username' => 'admin', 'password' => 'secret', ]);
Or create an authenticator by defining the authentication type directly.
use Intervention\HttpAuth\Authenticator; // create basic auth instance $auth = Authenticator::basic('Secured Realm')->withCredentials('admin', 'secret'); // create digest authenticator $auth = Authenticator::digest('Secured Realm')->withCredentials('admin', 'secret');
After you created a HTTP authenticator instance, you have to call secure()
to secure the resource by checking for credentials. Otherwise nothing will happen.
The server will send a HTTP response with the status code 401 and the browser will ask the user for a username and a password.
use Intervention\HttpAuth\Authenticator; // creating authenticator and checking credentials Authenticator::make()->withCredentials('admin', 'secret')->secure();
Optionally you can provide a status message, which will be displayed to the user, when the credential check failed.
use Intervention\HttpAuth\Authenticator; // proving custom message for users with failed credential check Authenticator::basic()->secure('Sorry, no access.');