This is an authentication and authorization extension for the php-json-rpc library. It provides the ability to authorize JSON-RPC requests before they reach the endpoint.
First write an authentication Handler
:
namespace Datto\JsonRpc\Auth;
use Datto\JsonRpc;
class BasicAuthHandler implements Handler
{
public function canHandle($method, $arguments)
{
return isset($_SERVER['PHP_AUTH_USER']);
}
public function authenticate($method, $arguments)
{
// Don't do this in production. Using '===' is vulnerable to timing attacks!
return $_SERVER['PHP_AUTH_USER'] === 'phil' && $_SERVER['PHP_AUTH_PW'] === 'superpass!';
}
}
Once you have that, just use it like this. This example uses the Simple\Evaluator
(see php-json-rpc-simple) as underlying mapping mechanism:
$authenticator = new Authenticator(array(
new BasicAuthHandler(),
// ...
));
$server = new Server(new Auth\Evaluator(new Simple\Evaluator(), $authenticator));
echo $server->reply('...');
- PHP >= 5.3
"require": {
"datto/json-rpc-auth": "~4.0"
}
This package is released under an open-source license: LGPL-3.0.
Written by Chad Kosie and Philipp C. Heckel.