Security

Overview

Authentication is up to your application, but Resonance offers http Session Management (alongside the Session Authentication) is compatible with Swoole (based on Redis).

Authorization is handled by using the internal Gatekeeper library. It offers resource access control based on PHP gates (sort of firewall rules) you can code in your application.

Enforcement of Security Rules

In some crucial places, the framework enforces the use of authorization gates. For example, Controllers always check if the user can read or modify the model referenced in the URL.

That means sometimes you must provide an authorization gate (and possibly an authentication mechanism - unless you want to explicitly enable guest access to all resources).

Authentication

Learn how to provide authentication.

Authorization

Learn about firewall gates and other authorization features.

Content Security Policy (CSP)

Learn how to manage Content Security Policy headers and CSP Nonces.

CSRF Protection

Learn how to use Distantmagic\Resonance's built-in CSRF protection.

OAuth 2.0

OAuth 2.0 is a security protocol that incorporates some authentication and authorization features. Learn how to use it with Resonance.

Last updated on May 6, 2024

Edit on GitHub