Web Security API: Authenticating and Authorizing

This API is a repository of decoupled solutions for secure authentication and authorization built on OWASP guidelines so that programmers will thus be able to load & use only the sections that apply to their project.

How does it work?

In order to keep things dedicated to a single purpose, it only covers the most common web security patterns, namely those that revolve around user authentication and authorization:

This means:

As mentioned above, the API is nothing more than a repository of components related to authentication and authorization, each built on the principle of atomicity and with its own area of responsibility:

  1. components for security token generation and parsing
  2. components for persisting authenticated state across requests, using #1
  3. components for authenticating users, using #1 & #2
  4. components for authorizing users, using #2

All classes inside API belong to namespace Lucinda\WebSecurity!

Security Token Components

Below classes are used to read and generate tokens necessary to secure authentication and state persistence with:

State Persistence Components

Below classes are used to persist logged in state across requests, implementing PersistenceDriver blueprint:

Authentication Components

Below classes are used to authenticate users, saving results into a AuthenticationResult object:

Architecture by which these components work is best described by this series of graphs:

Authorization Components

Below classes are used to authenticate users, saving results into a AuthorizationResult object:

Architecture by which these components work is best described by this series of graphs:

How can I install it?

To learn how to install and use this API, follow this step-by-step guide!


Share