Documentation

SingleUserPasswordAuthenticationCallback

Single User Password Authentication Callback

A simple example authentication callback which performs authentication itself rather than redirecting to an existing authentication flow.

In some cases, it may make sense for your IndieAuth server to be able to authenticate users itself, rather than redirecting them to an existing authentication flow. This implementation provides a simple single-user password authentication method intended for bootstrapping and testing purposes.

The sign-in form can be customised by making your own template and passing the path to the constructor.

Minimal usage:

// One-off during app configuration:
YOUR_HASHED_PASSWORD = password_hash('my super strong password', PASSWORD_DEFAULT);

// In your app:
use Taproot\IndieAuth;
$server = new IndieAuth\Server([
  …
  'authenticationHandler' => new IndieAuth\Callback\SingleUserPasswordAuthenticationCallback(
    YOUR_SECRET,
    ['me' => 'https://me.example.com/'],
    YOUR_HASHED_PASSWORD
  )
  …
]);

See documentation for __construct() for information about customising behaviour.

Table of Contents

DEFAULT_COOKIE_TTL  = 60 * 5
LOGIN_HASH_COOKIE  = 'taproot_indieauth_server_supauth_hash'
PASSWORD_FORM_PARAMETER  = 'taproot_indieauth_server_password'
$csrfKey  : string
$formTemplate  : string
$hashedPassword  : string
$secret  : string
$ttl  : int
$user  : array<string|int, mixed>
__construct()  : mixed
Constructor
__invoke()  : mixed

Constants

Properties

Methods

__construct()

Constructor

public __construct(string $secret, array<string|int, mixed> $user, string $hashedPassword[, string|null $formTemplate = null ][, string|null $csrfKey = null ][, int|null $ttl = null ]) : mixed
Parameters
$secret : string

A secret key used to encrypt cookies. Can be the same as the secret passed to IndieAuth\Server.

$user : array<string|int, mixed>

An array representing the user, which will be returned on a successful authentication. MUST include a 'me' key, may also contain a 'profile' key, or other keys at your discretion.

$hashedPassword : string

The password used to authenticate as $user, hashed by password_hash($pass, PASSWORD_DEFAULT)

$formTemplate : string|null = null

The path to a template used to render the sign-in form. Uses default if null.

$csrfKey : string|null = null

The key under which to fetch a CSRF token from $request attributes, and as the CSRF token name in submitted form data. Defaults to the Server default, only change if you’re using a custom CSRF middleware.

$ttl : int|null = null

The lifetime of the authentication cookie, in seconds. Defaults to five minutes.

Return values
mixed

__invoke()

public __invoke(ServerRequestInterface $request, string $formAction[, string|null $normalizedMeUrl = null ]) : mixed
Parameters
$request : ServerRequestInterface
$formAction : string
$normalizedMeUrl : string|null = null
Return values
mixed

Search results