Skip to main content

PHP

Installation

  1. Add authsignal/authsignal-php as a dependency in composer.json
"require": {
    ...
    "authsignal/authsignal-php" : "0.1.2"
    ...
}
  1. Run composer update
  2. Now Authsignal will be auto loaded into your project

Initialization

Authsignal::setApiKey("YOUR_SECRET_KEY");

You can find your client or tenant ID in the Authsignal Portal.

You must specify the correct base URL for your tenant's region.

RegionBase URL
US (Oregon)https://api.authsignal.com/v1
AU (Sydney)https://au.api.authsignal.com/v1
EU (Dublin)https://eu.api.authsignal.com/v1

For example, to set the base URL to use our AU region:

Authsignal::setApiHostname("https://au.api.authsignal.com/v1");

Alternatively, an environment variable can be used to set the base URL:

AUTHSIGNAL_SERVER_API_ENDPOINT=https://au.api.authsignal.com/v1

track

track lets you record actions performed by users and initiate challenges.

$idempotencyKey = "XXXX-XXXX";.
$redirectUrl = "https://www.yourapp.com/back_to_your_app";
$ipAddress = $_SERVER['HTTP_X_FORWARDED_FOR'] || $_SERVER['HTTP_X_REAL_IP'] ||  $_SERVER['REMOTE_ADDR'];

$payload = array(
            "redirectUrl" => $redirectUrl
          );

$result = Authsignal::track(userId: "123345",
                                  action: "signIn",
                                  payload: $payload);

switch ($result["state"]) {
    case "ALLOW":
        // Carry on with your operation/business logic
        break;
    case "BLOCK":
        // Stop your operations
        break;
    case "CHALLENGE_REQUIRED":
        // Step up authentication required, redirect or pass the challengeUrl to the front end
        $response["challengeUrl"];
        break;
}

Arguments

Refer to the Server API's Track action request object.

Returns

Refer to the Server API's Track action response object.

validateChallenge

validateChallenge lets you validate the result of a challenge using the token which is obtained after a redirect (if using the pre-built UI) or returned by a client SDK (if using an embedded flow).

Authsignal::validateChallenge(token: $token);
caution

When performing MFA for a user who has already been authenticated by a primary factor (e.g. username & password), it's important to check the token belongs to that user. The validateChallenge method will do this check if you pass both the token and the userId.

Arguments

NameTypeDescription
tokenstringThe token obtained after a redirect (if using the pre-built UI) or returned by a client SDK (if using an embedded flow).
userIdstring(Optional) The ID of the user. Only pass this if doing step-up auth on an existing user session (i.e. not for login).

Returns

NameTypeDescription
successbooleanTrue if the challenge was completed successfully.
statestringThe state of the action associated with the challenge. Possible values are CHALLENGE_REQUIRED, CHALLENGE_SUCCEEDED, CHALLENGE_FAILED, ALLOW, or BLOCK.
userIdstringThe ID of the user.

getUser

getUser retrieves a user and their MFA enrollment status.

$result = Authsignal::getUser(userId: "usr_123");

$isEnrolled = $result["isEnrolled"];

Arguments

Refer to the Server API's Retrieve user request object.

Returns

Refer to the Server API's Retrieve user response object.

getAction

getAction lets you determine the result of a challenge after the user has been redirected back from the Authsignal pre-built UI (or after the popup has been closed, if showing the page in a modal).

$result = Authsignal::getAction(userId: "123",
                                action: "signIn",
                                idempotencyKey: "2320ce18-91be-47a8-9bbf-eec642807c34");

if($result["state"] === "CHALLENGE_SUCCEEDED"){
  // The user has successfully completed the challenge,
  // and you should proceed with the business logic
}

Arguments

Refer to the Server API's Get action status request object.

Returns

Refer to the Server API's Get action status response object.

enrollVerifiedAuthenticator

enrollVerifiedAuthenticator can be used to enroll an authenticator on behalf of a user if it has already been verified.

Authsignal::enrollVerifiedAuthenticator(userId: "1234",
                              authenticator: array("oobChannel" => "SMS",
                                                  "phoneNumber" => "+64270000000"));

Arguments

Refer to the Server API's Enroll verified authenticator request object.

Returns

Refer to the Server API's Enroll verified authenticator response object.