Skip to content
/ shield Public

an auth library for ci projects based on sms verification

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ruhafzazahedi/shield

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
bin
bin
 
 
docs
docs
 
 
src
src
 
 
.php-cs-fixer.dist.php
.php-cs-fixer.dist.php
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
UPGRADING.md
UPGRADING.md
 
 
composer-unused.php
composer-unused.php
 
 
composer.json
composer.json
 
 
deptrac.yaml
deptrac.yaml
 
 
infection.json.dist
infection.json.dist
 
 
mkdocs.yml
mkdocs.yml
 
 
phpstan-baseline.php
phpstan-baseline.php
 
 
psalm-baseline.xml
psalm-baseline.xml
 
 
psalm.xml
psalm.xml
 
 
psalm_autoload.php
psalm_autoload.php
 
 
rector.php
rector.php
 
 
roave-bc-check.yaml
roave-bc-check.yaml
 
 

Repository files navigation

CI Shield

Shield is the official authentication and authorization framework for CodeIgniter 4. While it does provide a base set of tools that are commonly used in websites, it is designed to be flexible and easily customizable.

The primary goals for Shield are:

  1. It must be very flexible and allow developers to extend/override almost any part of it.
  2. It must have security at its core. It is an auth lib after all.
  3. To cover many auth needs right out of the box, but be simple to add additional functionality to.

Authentication Methods

Shield provides two primary methods Session-based and Access Token authentication out of the box.

It also provides HMAC SHA256 Token and JSON Web Token authentication.

Session-based

This is your typical phone/username/password system you see everywhere. It includes a secure "remember-me" functionality. This can be used for standard web applications, as well as for single page applications. Includes full controllers and basic views for all standard functionality, like registration, login, forgot password, etc.

Access Token

These are much like the access tokens that GitHub uses, where they are unique to a single user, and a single user can have more than one. This can be used for API authentication of third-party users, and even for allowing access for a mobile application that you build.

HMAC SHA256 Token

This is a slightly more complicated improvement on Access Token authentication. The main advantage with HMAC is the shared Secret Key is not passed in the request, but is instead used to create a hash signature of the request body.

JSON Web Token

JWT or JSON Web Token is a compact and self-contained way of securely transmitting information between parties as a JSON object. It is commonly used for authentication and authorization purposes in web applications.

Important Features

  • Session-based authentication (traditional ID/Password with Remember-me)
  • Stateless authentication using Personal Access Tokens
  • Optional Phone verification on account registration
  • Optional SMS-based Two-Factor Authentication after login
  • Magic Link Login when a user forgets their password
  • Flexible Groups-based access control (think Roles, but more flexible)
  • Users can be granted additional Permissions

See the An Official Auth Library for more Info.

Getting Started

Prerequisites

Usage of Shield requires the following:

Installation

Installation is done through Composer.

composer require ruhafzazahedi/shield

About

an auth library for ci projects based on sms verification

Resources

Readme

License

MIT license

Security policy

Security policy
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 3

v1.0.2 Latest
Jun 19, 2024
+ 2 releases

Packages

 
 
 

Languages