SingleUserPasswordAuthenticationCallback
Single User Password Authentication Callback
A simple example authentication callback which performs authentication itself rather than redirecting to an existing authentication flow.
In some cases, it may make sense for your IndieAuth server to be able to authenticate users itself, rather than redirecting them to an existing authentication flow. This implementation provides a simple single-user password authentication method intended for bootstrapping and testing purposes.
The sign-in form can be customised by making your own template and passing the path to the constructor.
Minimal usage:
// One-off during app configuration:
YOUR_HASHED_PASSWORD = password_hash('my super strong password', PASSWORD_DEFAULT);
// In your app:
use Taproot\IndieAuth;
$server = new IndieAuth\Server([
…
'authenticationHandler' => new IndieAuth\Callback\SingleUserPasswordAuthenticationCallback(
['me' => 'https://me.example.com/'],
YOUR_HASHED_PASSWORD
)
…
]);
See documentation for __construct() for information about customising behaviour.
Table of Contents
- PASSWORD_FORM_PARAMETER = 'taproot_indieauth_server_password'
- $csrfKey : string
- $formTemplate : string
- $hashedPassword : string
- $user : array<string|int, mixed>
- __construct() : mixed
- Constructor
- __invoke() : mixed
Constants
PASSWORD_FORM_PARAMETER
public
mixed
PASSWORD_FORM_PARAMETER
= 'taproot_indieauth_server_password'
Properties
$csrfKey
public
string
$csrfKey
$formTemplate
public
string
$formTemplate
$hashedPassword
protected
string
$hashedPassword
$user
protected
array<string|int, mixed>
$user
Methods
__construct()
Constructor
public
__construct(array<string|int, mixed> $user, string $hashedPassword[, string|null $formTemplate = null ][, string|null $csrfKey = null ]) : mixed
Parameters
- $user : array<string|int, mixed>
-
An array representing the user, which will be returned on a successful authentication. MUST include a 'me' key, may also contain a 'profile' key, or other keys at your discretion.
- $hashedPassword : string
-
The password used to authenticate as $user, hashed by
password_hash($pass, PASSWORD_DEFAULT) - $formTemplate : string|null = null
-
The path to a template used to render the sign-in form. Uses default if null.
- $csrfKey : string|null = null
-
The key under which to fetch a CSRF token from
$requestattributes, and as the CSRF token name in submitted form data. Defaults to the Server default, only change if you’re using a custom CSRF middleware.
Return values
mixed —__invoke()
public
__invoke(ServerRequestInterface $request, string $formAction[, string|null $normalizedMeUrl = null ]) : mixed
Parameters
- $request : ServerRequestInterface
- $formAction : string
- $normalizedMeUrl : string|null = null