PHP
The yorauth/php-sdk package is the official YorAuth SDK for PHP applications. It provides a fluent, typed interface for authentication, authorization, and user management that maps directly to the YorAuth REST API, with first-class support for Laravel.
The PHP SDK is currently in development. This documentation describes the intended API and developer experience. The package is not yet published to Packagist.
Key Features
- PHP 8.1+ with full type hints
- Guzzle-based HTTP client with configurable timeout and retry
- Fluent method interface grouped by resource type
- OIDC Authorization Code + PKCE flow orchestration
- OIDC ID token verification with JWKS
- Webhook signature verification
- Automatic token refresh on 401 responses
- Passkey (WebAuthn) authentication support
- SAML SSO initiation
- User attribute management for ABAC
- Comprehensive exception types with error codes
Installation
Install the package via Composer:
bash
composer require yorauth/php-sdk
See the Installation guide for full setup instructions, Laravel integration, and configuration options.
Quick Example
Standalone PHP
php
use YorAuth\Sdk\YorAuth;
$yorauth = new YorAuth('your-application-id', [
'baseUrl' => env('YORAUTH_BASE_URL'),
'apiKey' => 'your-api-key',
]);
// Register a user
$user = $yorauth->auth()->register([
'email' => 'jane@example.com',
'password' => 'super-secret-password',
'name' => 'Jane Doe',
]);
// Log in
$session = $yorauth->auth()->login('jane@example.com', 'super-secret-password');
echo $session['access_token'];
echo $session['user']['id'];
// Check a permission
$result = $yorauth->permissions()->check(
$session['user']['id'],
'posts:create',
);
var_dump($result['allowed']); // bool(true)
Laravel (with Facade)
php
use YorAuth\Laravel\Facades\YorAuth;
// Log in
$session = YorAuth::auth()->login(request('email'), request('password'));
// Check permission
$allowed = YorAuth::permissions()->check($userId, 'posts:publish');
SDK Structure
| Method Group | Description | Docs |
|---|---|---|
$yorauth->auth() | Registration, login, logout, token refresh, MFA, magic links, CAPTCHA | Authentication |
$yorauth->users() | Profile management, password change, data export, consent withdrawal | Authentication |
$yorauth->roles() | Role CRUD, user-role assignments, computed permissions | Authorization |
$yorauth->permissions() | Single and bulk permission checks | Authorization |
$yorauth->teams() | Team CRUD, member management, team role assignments | Authorization |
$yorauth->sessions() | List, revoke individual or all sessions | Authentication |
$yorauth->mfa() | TOTP setup/confirm/disable, backup codes, MFA status | Authentication |
$yorauth->oidc() | OIDC client management, discovery, JWKS, authorize, token, device auth, client credentials | Authentication |
$yorauth->passkeys() | WebAuthn/passkey authentication and credential management | Authentication |
$yorauth->saml() | SAML SSO initiation and connection listing | Authentication |
$yorauth->userAttributes() | User attribute management for ABAC | Authorization |
$yorauth->webhooks() | Webhook configuration and delivery history | |
$yorauth->apiKeys() | API key management | |
$yorauth->auditLogs() | Audit log viewing with filters |
Error Handling
All SDK methods throw a YorAuth\Sdk\Exceptions\YorAuthException on API errors. The exception exposes public properties that map to the YorAuth error code catalog.
php
use YorAuth\Sdk\YorAuth;
use YorAuth\Sdk\Exceptions\YorAuthException;
try {
$session = $yorauth->auth()->login('user@example.com', 'wrong-password');
} catch (YorAuthException $e) {
echo $e->errorCode; // 'AUTH_INVALID_CREDENTIALS'
echo $e->statusCode; // HTTP status (e.g. 401)
echo $e->getMessage();
}
Next Steps
- Installation — Composer setup and Laravel integration
- Authentication — Login, registration, MFA, magic links
- Authorization — Roles, permissions, and Gate integration