Introduction

This component provides authorization middleware for PSR-7 and PSR-15 applications.

An authorization system first needs authentication: to verify that an identity has access to something (i.e., is authorized) we first need the identity, which is provided during authentication.

Authentication is provided via the package mezzio-authentication. That library provides an AuthenticationMiddleware class that verify credentials using the HTTP request, and stores the identity via a PSR-7 request attribute.

The identity generated by mezzio-authentication is stored as the request attribute Mezzio\Authentication\UserInterface as a UserInterface implementation. That interface looks like the following:

namespace Mezzio\Authentication;

interface UserInterface
{
    /**
     * Get the unique user identity (id, username, email address or ...)
     */
    public function getIdentity() : string;

    /**
     * Get all user roles
     *
     * @return Iterable
     */
    public function getRoles() : iterable;

    /**
     * Get a detail $name if present, $default otherwise
     */
    public function getDetail(string $name, $default = null);

    /**
     * Get all the details, if any
     */
    public function getDetails() : array;
}

mezzio-authorization consumes this identity attribute. It checks if a user's role (as retrieved from the UserInterface object) is authorized (granted) to the perform the current HTTP request.

Authorization is performed using the isGranted() method of the AuthorizationInterface.

We offer two adapters:

• mezzio-authorization-rbac, which implements Role-Based Access Controls (RBAC)
• mezzio-authorization-acl, which implements an Access Control List (ACL).

If you want to know more about authentication using middleware in PHP, we suggest reading the blog post "Authorize users using Middleware".