Installation
The yorauth/php-sdk supports any PHP 8.2+ project. Laravel integration is available via the separate yorauth/laravel-sdk package, which provides a service provider, configuration file, and Facade.
The PHP SDK is currently in development. This documentation describes the intended API. The package is not yet published to Packagist.
Requirements
- PHP 8.2 or higher
- Composer
ext-json(standard in most PHP installations)- Guzzle HTTP (
guzzlehttp/guzzle) — installed automatically as a dependency
Install via Composer
composer require yorauth/php-sdk
Standalone Initialization
For non-framework PHP projects, instantiate the client directly. The first argument is your application UUID; the second is a configuration array:
use YorAuth\Sdk\YorAuth;
$yorauth = new YorAuth('your-application-uuid', [
'baseUrl' => 'https://your-yorauth-instance.example.com',
'apiKey' => 'your-api-key',
]);
Store your credentials in environment variables and load them with a library such as vlucas/phpdotenv or via your hosting environment:
use YorAuth\Sdk\YorAuth;
$yorauth = new YorAuth($_ENV['YORAUTH_APPLICATION_ID'], [
'baseUrl' => $_ENV['YORAUTH_BASE_URL'],
'apiKey' => $_ENV['YORAUTH_API_KEY'],
]);
Configuration Options
| Option | Type | Default | Description |
|---|---|---|---|
applicationId | string | required | Your YorAuth application UUID (first constructor argument) |
baseUrl | string | required | API base URL (e.g. env('YORAUTH_BASE_URL')) |
token | string | null | JWT Bearer token |
apiKey | string | null | API key for server-to-server auth |
timeout | int | 30 | Request timeout in seconds |
refreshToken | string | null | Refresh token for auto-refresh on 401 |
Example with All Options
use YorAuth\Sdk\YorAuth;
$yorauth = new YorAuth('your-application-uuid', [
'baseUrl' => 'https://your-yorauth-instance.example.com',
'apiKey' => 'your-api-key',
'token' => 'eyJhbGciOiJSUzI1NiI...', // optional
'refreshToken' => 'refresh-token-value', // optional
'timeout' => 30,
]);
Laravel Integration
Install the Laravel SDK package (it requires the PHP SDK as a dependency):
composer require yorauth/laravel-sdk
Service Provider
For Laravel 10, 11, and 12, the service provider is auto-discovered via Composer's extra.laravel.providers. No manual registration is needed.
Publish Configuration
php artisan vendor:publish --tag=yorauth-config
This creates config/yorauth.php. Add the following to your .env:
YORAUTH_APPLICATION_ID=your-application-uuid
YORAUTH_API_KEY=ya_live_abc123...
YORAUTH_BASE_URL=https://your-yorauth-instance.example.com
YORAUTH_TIMEOUT=30
| Env Variable | Default | Description |
|---|---|---|
YORAUTH_APPLICATION_ID | -- | Your YorAuth application UUID (required) |
YORAUTH_API_KEY | null | API key for server-to-server auth |
YORAUTH_BASE_URL | -- | API base URL (required) |
YORAUTH_TIMEOUT | 30 | Request timeout in seconds |
Facade
The YorAuth Facade is registered automatically. Use it anywhere in your application without manual injection:
use YorAuth\Laravel\Facades\YorAuth;
$login = YorAuth::auth()->login('user@example.com', 'secret');
Dependency Injection
The YorAuth\Sdk\YorAuth class is bound as a singleton in the service container and can be type-hinted in controllers and services:
use YorAuth\Sdk\YorAuth;
class AuthController extends Controller
{
public function __construct(
private readonly YorAuth $yorauth,
) {}
public function login(Request $request): JsonResponse
{
$login = $this->yorauth->auth()->login(
$request->input('email'),
$request->input('password'),
);
return response()->json($login);
}
}
Middleware
The Laravel SDK registers the following middleware aliases automatically:
| Alias | Class | Description |
|---|---|---|
yorauth.authenticated | YorAuth\Laravel\Http\Middleware\RequireAuthenticated | Verifies user authenticated via YorAuth OIDC (returns 401) |
yorauth.permission | YorAuth\Laravel\Http\Middleware\RequirePermission | Checks YorAuth permissions (returns 401/403) |
yorauth.verify-webhook | -- | Verifies webhook signatures |
// routes/api.php
Route::middleware('yorauth.authenticated')->group(function () {
Route::get('/profile', [ProfileController::class, 'show']);
});
// In a controller -- use standard Laravel Auth
public function show(Request $request): JsonResponse
{
$user = $request->user(); // or Auth::user()
return response()->json([
'id' => $user->id,
'email' => $user->email,
]);
}
Next Steps
- Authentication — Register users, log in, handle MFA
- Authorization — Check permissions, manage roles