Shield is the official authentication and authorization framework for CodeIgniter 4. While it does provide a base set of tools that are commonly used in websites, it is designed to be flexible and easily customizable.
The primary goals for Shield are:
Shield provides two primary methods Session-based and Access Token authentication out of the box.
It also provides HMAC SHA256 Token and JSON Web Token authentication.
This is your typical email/username/password system you see everywhere. It includes a secure "remember-me" functionality. This can be used for standard web applications, as well as for single page applications. Includes full controllers and basic views for all standard functionality, like registration, login, forgot password, etc.
These are much like the access tokens that GitHub uses, where they are unique to a single user, and a single user can have more than one. This can be used for API authentication of third-party users, and even for allowing access for a mobile application that you build.
This is a slightly more complicated improvement on Access Token authentication. The main advantage with HMAC is the shared Secret Key is not passed in the request, but is instead used to create a hash signature of the request body.
JWT or JSON Web Token is a compact and self-contained way of securely transmitting information between parties as a JSON object. It is commonly used for authentication and authorization purposes in web applications.
See the An Official Auth Library for more Info.
Usage of Shield requires the following:
Installation is done through Composer.
composer require codeigniter4/shield
See the docs for more specific instructions on installation and usage recommendations.
Shield does accept and encourage contributions from the community in any shape. It doesn't matter whether you can code, write documentation, or help find bugs, all contributions are welcome. See the CONTRIBUTING.md file for details.
This project is licensed under the MIT License - see the LICENSE file for details.
Every open-source project depends on its contributors to be a success. The following users have contributed in one manner or another in making Shield:
Made with contrib.rocks.
The following articles/sites have been fundamental in shaping the security and best practices used within this library, in no particular order: