Installation

  1. Add authsignal/authsignal-php as a dependency in composer.json
"require": {
    ...
    "authsignal/authsignal-php" : "0.1.2"
    ...
}
  1. Run composer update
  2. Now Authsignal will be auto loaded into your project

Initialization

Authsignal::setApiKey("YOUR_SECRET_KEY");

You can find your client or tenant ID in the Authsignal Portal.

You must specify the correct base URL for your tenant’s region.

RegionBase URL
US (Oregon)https://api.authsignal.com/v1
AU (Sydney)https://au.api.authsignal.com/v1
EU (Dublin)https://eu.api.authsignal.com/v1

For example, to set the base URL to use our AU region:

Authsignal::setApiHostname("https://au.api.authsignal.com/v1");

Alternatively, an environment variable can be used to set the base URL:

AUTHSIGNAL_SERVER_API_ENDPOINT=https://au.api.authsignal.com/v1

track

track lets you record actions performed by users and initiate challenges.

$idempotencyKey = "XXXX-XXXX";.
$redirectUrl = "https://www.yourapp.com/back_to_your_app";
$ipAddress = $_SERVER['HTTP_X_FORWARDED_FOR'] || $_SERVER['HTTP_X_REAL_IP'] ||  $_SERVER['REMOTE_ADDR'];

$payload = array(
            "redirectUrl" => $redirectUrl
          );

$result = Authsignal::track(userId: "123345",
                                  action: "signIn",
                                  payload: $payload);

switch ($result["state"]) {
    case "ALLOW":
        // Carry on with your operation/business logic
        break;
    case "BLOCK":
        // Stop your operations
        break;
    case "CHALLENGE_REQUIRED":
        // Step up authentication required, redirect or pass the challengeUrl to the front end
        $response["challengeUrl"];
        break;
}

Arguments

Returns

validateChallenge

validateChallenge lets you validate the result of a challenge using the token which is obtained after a redirect (if using the pre-built UI) or returned by a client SDK (if using an embedded flow).

Authsignal::validateChallenge(token: $token);

When performing MFA for a user who has already been authenticated by a primary factor (e.g. username & password), it’s important to check the token belongs to that user. The validateChallenge method will do this check if you pass both the token and the userId.

Arguments

Returns

getUser

getUser retrieves a user and their MFA enrollment status.

$result = Authsignal::getUser(userId: "usr_123");

$isEnrolled = $result["isEnrolled"];

Arguments

Returns

getAction

getAction lets you determine the result of a challenge after the user has been redirected back from the Authsignal pre-built UI (or after the popup has been closed, if showing the page in a modal).

$result = Authsignal::getAction(userId: "123",
                                action: "signIn",
                                idempotencyKey: "2320ce18-91be-47a8-9bbf-eec642807c34");

if($result["state"] === "CHALLENGE_SUCCEEDED"){
  // The user has successfully completed the challenge,
  // and you should proceed with the business logic
}

Arguments

Returns

enrollVerifiedAuthenticator

enrollVerifiedAuthenticator can be used to enroll an authenticator on behalf of a user if it has already been verified.

Authsignal::enrollVerifiedAuthenticator(userId: "1234",
                              authenticator: array("oobChannel" => "SMS",
                                                  "phoneNumber" => "+64270000000"));

Arguments

Returns

authenticator
object
recoveryCodes
string[]

Was this page helpful?