PHP
Learn how to use the Authsignal PHP SDK.
Installation
- Add
authsignal/authsignal-php
as a dependency in composer.json
"require": {
...
"authsignal/authsignal-php" : "2.0.0"
...
}
- Run composer update
- Now Authsignal will be auto loaded into your project
Initialization
Authsignal::setApiKey("YOUR_SECRET_KEY");
You can find your client or tenant ID in the Authsignal Portal.
You must specify the correct base URL for your tenant’s region.
Region | Base URL |
---|---|
US (Oregon) | https://api.authsignal.com/v1 |
AU (Sydney) | https://au.api.authsignal.com/v1 |
EU (Dublin) | https://eu.api.authsignal.com/v1 |
For example, to set the base URL to use our AU region:
Authsignal::setApiHostname("https://au.api.authsignal.com/v1");
Alternatively, an environment variable can be used to set the base URL:
AUTHSIGNAL_SERVER_API_ENDPOINT=https://au.api.authsignal.com/v1
track
track
lets you record actions performed by users and initiate challenges.
$idempotencyKey = "XXXX-XXXX";.
$redirectUrl = "https://www.yourapp.com/back_to_your_app";
$ipAddress = $_SERVER['HTTP_X_FORWARDED_FOR'] || $_SERVER['HTTP_X_REAL_IP'] || $_SERVER['REMOTE_ADDR'];
$payload = array(
"redirectUrl" => $redirectUrl
);
$result = Authsignal::track(userId: "123345",
action: "signIn",
payload: $payload);
switch ($result["state"]) {
case "ALLOW":
// Carry on with your operation/business logic
break;
case "BLOCK":
// Stop your operations
break;
case "CHALLENGE_REQUIRED":
// Step up authentication required, redirect or pass the url to the front end
$response["url"];
break;
}
Arguments
Returns
validateChallenge
validateChallenge
lets you validate the result of a challenge using the token which is obtained after a redirect (if using the pre-built UI) or returned by a client SDK (if using an embedded flow).
Authsignal::validateChallenge(token: $token);
When performing MFA for a user who has already been authenticated by a primary factor (e.g. username & password), it’s important to check the token belongs to that user. The validateChallenge method will do this check if you pass both the token and the userId.
Arguments
Returns
getUser
getUser
retrieves a user and their MFA enrollment status.
$result = Authsignal::getUser(userId: "usr_123");
$isEnrolled = $result["isEnrolled"];
Arguments
Returns
getAction
getAction
lets you determine the result of a challenge after the user has been redirected back from the Authsignal pre-built UI (or after the popup has been closed, if showing the page in a modal).
$result = Authsignal::getAction(userId: "123",
action: "signIn",
idempotencyKey: "2320ce18-91be-47a8-9bbf-eec642807c34");
if($result["state"] === "CHALLENGE_SUCCEEDED"){
// The user has successfully completed the challenge,
// and you should proceed with the business logic
}
Arguments
Returns
enrollVerifiedAuthenticator
enrollVerifiedAuthenticator
can be used to enroll an authenticator on behalf of a user if it has already been verified.
Authsignal::enrollVerifiedAuthenticator(userId: "1234",
authenticator: array("oobChannel" => "SMS",
"phoneNumber" => "+64270000000"));