iamtartan / laravel-hmac-signature
Laravel HMAC-SHA authentication
v1.1.0
2017-01-22 11:09 UTC
Requires
- php: >=5.4
- illuminate/support: 5.x.x
Requires (Dev)
- phpunit/phpunit: ~4.0
This package is auto-updated.
Last update: 2024-12-20 11:37:53 UTC
README
**A laravel HMAC auth package based on Signature-PHP **
Installation
Add iamtartan/laravel-hmac-signature
as a requirement to composer.json
:
$ composer require iamtartan/laravel-hmac-signature
What is HMAC-SHA authentication?
HMAC-SHA authentication allows you to implement very simple key / secret authentication for your API using hashed signatures.
Making a request for api (version 1.0.0)
use Tartan\Signature\Token; use Tartan\Signature\Request; $data = [ 'first_name' => 'Aboozar', 'last_name' => 'Ghaffari', 'email' => 'iamtartan@gmail.com' ]; $token = new Token('my_public_key', 'my_private_key'); $request = new Request('POST', 'signup', $data, '1.0.0'); $auth = $request->sign($token); $finalData = array_merge($auth, $data); $yourHttpClient->post('signup', $finalData);
Authenticating a response
use Tartan\Signature\Auth; use Tartan\Signature\Token; use Tartan\Signature\Guards\CheckKey; use Tartan\Signature\Guards\CheckVersion; use Tartan\Signature\Guards\CheckTimestamp; use Tartan\Signature\Guards\CheckSignature; use Tartan\Signature\Exceptions\SignatureException; $auth = new Auth($request->method(), $request->url(), '1.0.0', $request->all(), [ new CheckKey, new CheckVersion, new CheckTimestamp, new CheckSignature ]); $token = new Token('my_public_key', 'my_private_key'); try { $auth->attempt($token); } catch (SignatureException $e) { // return 401 } catch (Exception $e) { // return 400; }
Changing the default HTTP request prefix
By default, this package uses auth_*
in requests. You can change this behaviour when signing and and authenticating requests:
// default, the HTTP request uses auth_version, auth_key, auth_timestamp and auth_signature $request->sign($token); // the HTTP request now uses x-version, x-key, x-timestamp and x-signature $request->sign($token, 'x-');
If you changed the default, you will need to authenticate the request accordingly:
$auth->attempt($token, 'x-');