Skip to content

Development#401

Merged
mehmet-yoti merged 13 commits intomasterfrom
development
Mar 2, 2026
Merged

Development#401
mehmet-yoti merged 13 commits intomasterfrom
development

Conversation

@mehmet-yoti
Copy link
Contributor

@mehmet-yoti mehmet-yoti commented Feb 25, 2026

Central Auth Token Support (SDK-2767) and Central Auth Token Support (SDK-2767)

Adds OAuth2-based central authentication tokens alongside the existing signed-request (PEM) authentication

What Changed

  • New AuthStrategy abstraction (BearerTokenStrategy, SignedRequestStrategy, NoAuthStrategy)
  • New Auth module for generating tokens via OAuth2 client_credentials grant with PS384-signed JWT
  • DocScanClient and DigitalIdentityClient now support a fluent builder() pattern with two auth modes
  • Full backward compatibility — existing PEM-based constructors continue to work unchanged
  • New dependency: firebase/php-jwt ^6.0

Auth Modes

The two modes are mutually exclusive:

Mode Method Description
Token Auth (new) withAuthenticationToken($token) Use a pre-obtained bearer token
Signed Request (legacy) withClientSdkId($id) + withPemFilePath($path) Use SDK ID and PEM key pair

Usage

Generating a Token

$generator = AuthenticationTokenGenerator::builder()
    ->withSdkId('your-sdk-id')
    ->withPemFilePath('/path/to/key.pem')
    ->build();

$response = $generator->generate(['scope1', 'scope2']);
$token = $response->getAccessToken();

DocScan Client — Token Auth (new)

$client = DocScanClient::builder()
    ->withAuthenticationToken($token)
    ->build();

DocScan Client — Signed Request (existing)

$client = DocScanClient::builder()
    ->withClientSdkId('your-sdk-id')
    ->withPemFilePath('/path/to/key.pem')
    ->build();

Digital Identity Client — Token Auth (new)

$client = DigitalIdentityClient::builder()
    ->withAuthenticationToken($token)
    ->build();

Central Auth Token Support (SDK-2767)

Adds OAuth2-based central authentication tokens alongside the existing signed-request (PEM) authentication, mirroring the Java SDK's yoti-sdk-auth module.

What Changed

  • New AuthStrategy abstraction (BearerTokenStrategy, SignedRequestStrategy, NoAuthStrategy)
  • New Auth module for generating tokens via OAuth2 client_credentials grant with PS384-signed JWT
  • DocScanClient and DigitalIdentityClient now support a fluent builder() pattern with two auth modes
  • Full backward compatibility — existing PEM-based constructors continue to work unchanged
  • New dependency: firebase/php-jwt ^6.0

Auth Modes

The two modes are mutually exclusive:

Mode Method Description
Token Auth (new) withAuthenticationToken($token) Use a pre-obtained bearer token
Signed Request (legacy) withClientSdkId($id) + withPemFilePath($path) Use SDK ID and PEM key pair

Usage

Generating a Token

$generator = AuthenticationTokenGenerator::builder()
    ->withSdkId('your-sdk-id')
    ->withPemFilePath('/path/to/key.pem')
    ->build();

$response = $generator->generate(['scope1', 'scope2']);
$token = $response->getAccessToken();

DocScan Client — Token Auth (new)

$client = DocScanClient::builder()
    ->withAuthenticationToken($token)
    ->build();

DocScan Client — Signed Request (existing)

$client = DocScanClient::builder()
    ->withClientSdkId('your-sdk-id')
    ->withPemFilePath('/path/to/key.pem')
    ->build();

Digital Identity Client — Token Auth (new)

$client = DigitalIdentityClient::builder()
    ->withAuthenticationToken($token)
    ->build();

mehmet-yoti and others added 13 commits November 27, 2025 15:29
@mehmet-yoti
docs: add implementation plan for SDK-2767
a32cc33
@mehmet-yoti
SDK-2767 added support central auth tokens
b2014c9
@mehmet-yoti
SDK-2767 added support central auth tokens
478fbbd
@mehmet-yoti
Upgrade firebase/php-jwt to ^7.0 to resolve security advisory PKSA-y2…
f9f55eb 
…cr-5h3j-g3ys
@mehmet-yoti
SDK-2767 fixed for php 7.4 firebase/php-jwt
6b8dffb
@mehmet-yoti
Refactor AuthTokenGenerator to use Guzzle PSR-18, fix trailing query …
9de4322 
…string and null PEM guard
@mehmet-yoti
SDK-2767 organized for unneccessary files
4b75de5
@mehmet-yoti
Add support for requesting and retrieving SHARE_CODE resources and tasks
388eccf
@mehmet-yoti
Replace firebase/php-jwt with phpseclib3 for PS384 signing, fix geten…
ecde9a9 
…v inconsistency
@mehmet-yoti
refactor: parse date fields as DateTime objects and add @throws annot…
10836d5 
…ations
@mehmet-yoti
Add advanced identity profile support to DocScan session create/retri…
499954e 
…eve and rename withAdvIdentityProfileReqs for consistency
@mehmet-yoti
Merge pull request #400 from getyoti/SDK-2757-php-add-support-for-req…
cae25cb 
…uesting-and-retrieving-share-code-resources-tasks

Add support for requesting and retrieving SHARE_CODE resources and tasks
@mehmet-yoti
Merge pull request #399 from getyoti/SDK-2767-support-central-auth-to…
a2433ef 
…kens

Sdk 2767 support central auth tokens
@mehmet-yoti mehmet-yoti merged commit e6f0d54 into master Mar 2, 2026
36 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mehmet-yoti