VOOZH about

URL: https://deepwiki.com/hypervel/auth/2-authentication-system

⇱ Authentication System | hypervel/auth | DeepWiki

Loading...
Loading...
Menu

Authentication System

The authentication system verifies user identities in Hyperf applications through a factory pattern that manages different authentication strategies. The system is built around three core components: the AuthManager factory, authentication guards, and user providers.

This page provides an overview of the authentication subsystem architecture and flow. For detailed information about specific components:

For authorization and access control, see Authorization System. For HTTP middleware integration, see Middleware.

Core Components

The authentication system consists of three primary layers that work together to verify user identities:

Component Architecture



Sources: src/AuthManager.php22-255 src/Guards/SessionGuard.php15-149 src/Guards/JwtGuard.php19-203 src/Guards/RequestGuard.php16-75


Component Responsibilities




















































ComponentFileResponsibility
AuthManagersrc/AuthManager.phpFactory for creating and managing guards
SessionGuardsrc/Guards/SessionGuard.phpStateful authentication using sessions
JwtGuardsrc/Guards/JwtGuard.phpStateless authentication using JWT tokens
RequestGuardsrc/Guards/RequestGuard.phpCustom callback-based authentication
GuardHelperssrc/Guards/GuardHelpers.phpShared guard functionality trait
EloquentUserProvidersrc/Providers/EloquentUserProvider.phpUser retrieval via Eloquent ORM
DatabaseUserProvidersrc/Providers/DatabaseUserProvider.phpUser retrieval via Query Builder
CreatesUserProviderssrc/CreatesUserProviders.phpUser provider factory trait


Sources: src/AuthManager.php1-255 src/Guards/SessionGuard.php1-149 src/Guards/JwtGuard.php1-203 src/Guards/RequestGuard.php1-75


Authentication Flow


The authentication process follows a consistent flow regardless of the guard type used:


Request Authentication Flow




Sources: src/Guards/JwtGuard.php98-122 src/Guards/SessionGuard.php103-126 src/AuthManager.php60-65


Login Flow




Sources: src/Guards/JwtGuard.php36-49 src/Guards/SessionGuard.php30-43


Guard Types


The authentication system provides three guard implementations, each designed for different authentication scenarios:


Guard Comparison




Sources: src/Guards/SessionGuard.php15-149 src/Guards/JwtGuard.php19-203 src/Guards/RequestGuard.php16-75


Guard Feature Matrix























































FeatureSessionGuardJwtGuardRequestGuard
State ManagementStatefulStatelessStateless
Storage LocationServer-side sessionClient-side tokenCustom callback
Authentication MethodSession cookieJWT in Authorization headerDeveloper-defined
Token ExpirationSession lifetimeTTL in token (exp claim)Callback-dependent
Token RefreshSession regenerationrefresh() methodCallback-dependent
Typical Use CaseTraditional web appsREST APIsCustom auth schemes
Implementation Filesrc/Guards/SessionGuard.phpsrc/Guards/JwtGuard.phpsrc/Guards/RequestGuard.php


Sources: src/Guards/SessionGuard.php1-149 src/Guards/JwtGuard.php1-203 src/Guards/RequestGuard.php1-75


Common Guard Interface


All guards implement common methods through the GuardHelpers trait:




















































MethodReturn TypeDescription
user()?AuthenticatableRetrieves authenticated user
check()boolDetermines if user is authenticated
guest()boolDetermines if user is not authenticated
id()int|string|nullGets user identifier
validate()boolValidates credentials without login
authenticate()AuthenticatableGets user or throws exception
hasUser()boolChecks if user is loaded
setUser()voidManually sets authenticated user


Sources: src/Guards/GuardHelpers.php1-115


For detailed documentation on each guard type, see Guards.


User Providers


User providers abstract user data retrieval from various storage mechanisms. Guards use providers to load user data during authentication.


Provider Architecture




Sources: src/AuthManager.php24 src/Guards/SessionGuard.php20-24 src/Guards/JwtGuard.php24-30 src/Guards/RequestGuard.php31-38


Provider Methods


The UserProvider contract defines methods for user retrieval and credential validation:











































MethodParametersReturn TypePurpose
retrieveById()mixed $identifier?AuthenticatableRetrieves user by primary key
retrieveByToken()mixed $identifier, string $token?AuthenticatableRetrieves user by remember token
retrieveByCredentials()array $credentials?AuthenticatableRetrieves user by login credentials
validateCredentials()Authenticatable $user, array $credentialsboolValidates user's password
updateRememberToken()Authenticatable $user, string $tokenvoidUpdates remember token


The AuthManager creates providers via the CreatesUserProviders trait based on configuration. For detailed provider implementations, see User Providers.


Sources: src/AuthManager.php24


Context and User Resolution


The authentication system integrates with Hyperf's context system to provide per-request authentication state and user resolution. The AuthManager maintains user resolvers that can be customized for different authentication scenarios.




Sources: src/AuthManager.php52-55 src/AuthManager.php166-175 src/AuthManager.php212-217 src/AuthManager.php251-254


The context system enables:


    

  • Per-request guard selection: Different routes can use different authentication guards
    • 

  • Dynamic user resolution: Custom logic for determining the authenticated user
    • 

  • Request-scoped defaults: Authentication state that persists throughout a request lifecycle
    • 



For detailed information about specific guard implementations, see Guards. For user provider implementations, see User Providers. For the central factory management, see AuthManager.