This repository has been archived on 2023-08-20. You can view files and clone it, but cannot push or open issues or pull requests.
Go to file
2022-01-20 12:11:40 +00:00
.github/workflows Removed composer.lock, set GH action to test against 7.3, 7.4 & 8.0 2021-06-24 13:33:38 +02:00
docs Added to README, php version constraint, doc regen 2021-06-24 13:43:00 +02:00
src Fix wrong log warning message for request_uri validation 2022-01-20 12:11:40 +00:00
templates Excluded templates from test coverage, now up to 89% 2021-06-09 00:26:27 +02:00
tests Minor changes to make tests compatible with PHP 8.0 2021-06-24 13:32:24 +02:00
.gitignore Removed composer.lock, set GH action to test against 7.3, 7.4 & 8.0 2021-06-24 13:33:38 +02:00
composer.json Added to README, php version constraint, doc regen 2021-06-24 13:43:00 +02:00
phpdoc.dist.xml Added phpdoc config, generated documentation 2021-06-12 23:04:51 +02:00
psalm.xml Installed Psalm, set up static analysis 2021-06-15 00:51:04 +02:00
README.md Added v0.1.0 date 2021-06-24 13:48:53 +02:00
run_coverage.sh Regenerated coverage to work with GH pages: 2021-06-13 15:47:54 +02:00

taproot/indieauth

Latest Stable Version License Total Downloads

A PSR-7-compatible implementation of the request-handling logic for IndieAuth authorization endpoints and token endpoints.

Installation

taproot/indieauth is currently tested against and compatible with PHP 7.3, 7.4, and 8.0.

Install taproot/indieauth using composer:

composer.phar require taproot/indieauth
composer.phar install (or composer.phar update)

Versioned releases are GPG signed so you can verify that the code hasnt been tampered with.

gpg --recv-keys 1C00430B19C6B426922FE534BEF8CE58118AD524
cd vendor/taproot/indieauth
git tag -v v0.1.0 # Replace with the version you have installed

Usage

Typical minimal usage looks something like this:

// Somewhere in your app set-up code:
$server = new Taproot\IndieAuth\Server([
	// A secret key, >= 64 characters long.
	'secret' => YOUR_APP_INDIEAUTH_SECRET,

	// A path to store token data, or an object implementing TokenStorageInterface.
	'tokenStorage' => '/../data/auth_tokens/',

	// An authentication callback function, which either returns data about the current user,
	// or redirects to/implements an authentication flow.
	'authenticationHandler' => function (ServerRequestInterface $request, string $authenticationRedirect, ?string $normalizedMeUrl) {
		// If the request is authenticated, return an array with a `me` key containing the
		// canonical URL of the currently logged-in user.
		if ($userUrl = getLoggedInUserUrl($request)) {
			return ['me' => $userUrl];
		}
		
		// Otherwise, redirect the user to a login page, ensuring that they will be redirected
		// back to the IndieAuth flow with query parameters intact once logged in.
		return new Response('302', ['Location' => 'https://example.com/login?next=' . urlencode($authenticationRedirect)]);
	}
]);

// In your authorization endpoint route:
return $server->handleAuthorizationEndpointRequest($request);

// In your token endpoint route:
return $server->handleTokenEndpointRequest($request);

// In another route (e.g. a micropub route), to authenticate the request:
// (assuming $bearerToken is a token parsed from an “Authorization: Bearer XXXXXX” header
// or access_token property from a request body)
if ($accessToken = $server->getTokenStorage()->getAccessToken($bearerToken)) {
	// Request is authenticated as $accessToken['me'], and is allowed to
	// act according to the scopes listed in $accessToken['scope'].
	$scopes = explode(' ', $accessToken['scope']);
}

Refer to the __construct documentation for further configuration options, and to the documentation for both handling methods for further documentation about them, specifically:

Example Application

See the taproot/micropub example app for a working example of how to use taproot/indieauth.

Contributing

If you have any questions about using this library, join the indieweb chatroom and ping barnaby.

If you find a bug or problem with the library, or want to suggest a feature, please create an issue.

If discussions lead to you wanting to submit a pull request, following this process, while not required, will increase the chances of it quickly being accepted:

  • Fork this repo to your own github account, and clone it to your development computer.
  • Run ./run_coverage.sh and ensure that all tests pass — youll need XDebug for code coverage data.
  • If applicable, write failing regression tests e.g. for a bug youre fixing.
  • Make your changes.
  • Run ./run_coverage.sh and open docs/coverage/index.html. Make sure that the changes you made are covered by tests. taproot/indieauth had nearly 100% test coverage from version 0.1.0, and that number should never go down!
  • Run ./vendor/bin/psalm and and fix any warnings it brings up.
  • Install and run ./phpDocumentor.phar to regenerate the documentation if applicable.
  • Push your changes and submit the PR.

Changelog

  • v0.1.0 2021-06-24