Authentication & authorization extension for the JSON-RPC library
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
src
tests
.gitignore
COPYING
README.md
composer.json
composer.lock
phpunit.xml

README.md

JSON-RPC Auth Extension

This is an authentication and authorization extension for the php-json-rpc library. It provides the ability to authorize JSON-RPC requests before they reach the endpoint.

Examples

First write an authentication Handler:

namespace Datto\JsonRpc\Auth;

use Datto\JsonRpc;

class BasicAuthHandler implements Handler
{
    public function canHandle($method, $arguments)
    {
        return isset($_SERVER['PHP_AUTH_USER']);
    }

    public function authenticate($method, $arguments)
    {
        // Don't do this in production. Using '===' is vulnerable to timing attacks!
        return $_SERVER['PHP_AUTH_USER'] === 'phil' && $_SERVER['PHP_AUTH_PW'] === 'superpass!';
    }
}

Once you have that, just use it like this. This example uses the Simple\Evaluator (see php-json-rpc-simple) as underlying mapping mechanism:

$authenticator = new Authenticator(array(
    new BasicAuthHandler(),
    // ...
));

$server = new Server(new Auth\Evaluator(new Simple\Evaluator(), $authenticator));
echo $server->reply('...');

Requirements

  • PHP >= 5.3

Installation

"require": {
  "datto/json-rpc-auth": "~4.0"
}

License

This package is released under an open-source license: LGPL-3.0.

Author

Written by Chad Kosie and Philipp C. Heckel.