A couple of weeks ago I started porting Solar_Auth to an Aura v2 package, Aura.Auth. It can be difficult to find a truly standalone, authentication-only library, and Aura.Auth fits that bill.

The library is still under development, but the major pieces are all now in place:

Each layer can handle custom implementations. There are instructions for custom adapters, custom session managers (including session-less authentication), and custom services.

Note that the library is purposely limited in scope. It does not do roles, groups, access control, or account management. You give it some credentials, it tells you if the credentials are valid or not, and starts/stops sessions.

As with all Aura libraries, the measurable code quality is very high. It has 100% test coverage, is fully decoupled from all other libraries, and scores very well on Scrutinizer-CI. It is PHP 5.3 compatible, although if you want to use the new and more-secure password_hash() functionality, you will need PHP 5.5 (or a userland implementation such as ircmaxell/password-compat.)

If you are interested in the project, try it out and get in your suggestions on what’s needed. We already have a TODO list, but there may be things we haven’t thought of. Now is the time to make your voice heard – and, of course, pull requests are always welcome for review.

blog comments powered by Disqus