This component provides authorization middleware for PSR-7 and PSR-15 applications.

An authorization system first needs authentication: to verify that an identity has access to something (i.e., is authorized) we first need the identity, which is provided during authentication.

Authentication is provided via the package zend-expressive-authentication. That library provides an AuthenticationMiddleware class that verify credentials using the HTTP request, and stores the identity via a PSR-7 request attribute.

The identity generated by zend-expressive-authentication is stored as the request attribute Zend\Expressive\Authentication\UserInterface as a UserInterface implementation. That interface looks like the following:

namespace Zend\Expressive\Authentication;

interface UserInterface
     * Get the unique user identity (id, username, email address or ...)
    public function getIdentity() : string;

     * Get all user roles
     * @return Iterable
    public function getRoles() : iterable;

     * Get a detail $name if present, $default otherwise
    public function getDetail(string $name, $default = null);

     * Get all the details, if any
    public function getDetails() : array;

zend-expressive-authorization consumes this identity attribute. It checks if a user's role (as retrieved from the UserInterface object) is authorized (granted) to the perform the current HTTP request.

Authorization is performed using the isGranted() method of the AuthorizationInterface.

We offer two adapters:

If you want to know more about authentication using middleware in PHP, we suggest reading the blog post "Authorize users using Middleware".

Found a mistake or want to contribute to the documentation? Edit this page on GitHub!