The bearer authenticator class authorizes a user using the bearer authentication
scheme. The credentials are read from the Authorization
header of a request.
Authorization: Bearer <token>
The token can be any hash associated with a user that you can match against.
Authorization: Bearer XYpXAuNn9hXnfHCTJaHhhc3sN7nYjKpQ
Example
use Psr\Http\Message\ServerRequestInterface;
use Pyncer\Access\BearerAuthenticator;
use Pyncer\Data\Mapper\MapperAdaptor;
use Pyncer\Http\Server\RequestHandlerInterface;
use Vendor\Site\Identifier as ID;
use Vendor\Site\Table\Token\TokenMapper;
use Vendor\Site\Table\User\UserMapper;
// $request: ServerRequestInterface
// $handler: RequestHandlerInterface
$connection = $handler->get(ID::DATABASE);
$tokenMapperAdaptor = new MapperAdaptor(
mapper: new TokenMapper($connection),
);
$userMapperAdaptor = new MapperAdaptor(
mapper: new UserMapper($connection),
);
$access = new BearerAuthenticator(
tokenMapperAdaptor: $tokenMapperAdaptor,
userMapperAdaptor: $userMapperAdaptor,
request: $request,
realm: 'my-app',
);
$response = $access->getResponse($handler);
if ($response !== null) {
// WWW-Authenticate response
} elseif ($access->hasAuthenticated()) {
// Authenticated
var_dump($access->getUser());
} else {
// No Authorization header
}