Links

PHP SDK

Corbado provides you with a PHP SDK that eases the integration.

Overview

To proceed with the following steps, you will require your project ID and API secret. If you don't have this information yet, please follow steps 1-3 of the Getting Started guide.
The PHP SDK is commonly referred to as a private client, specifically designed for usage within closed backend applications. This particular SDK should exclusively be utilized in such environments, as it is crucial to ensure that the API secret remains strictly confidential and is never shared.

Installation

The PHP SDK is hosted on GitHub and its installation is quite easy:
composer require corbado/php-sdk

Instantiation

Next you can create an instance of the PHP SDK:
1
$config = new \Corbado\Configuration('<Project ID>', '<API secret>');
2
$corbado = new \Corbado\SDK($config);

Instantiation with session management

To employ the PHP SDK for Corbado's session management, it is necessary to extend the provided configuration with a cache implementation. The rationale behind this requirement is straightforward:
Corbado utilizes the RS256 algorithm for JWT verification of the short-term session (for more details, please refer to the JWT security section). The JWKS (basically a list of public keys), which is required for verification, needs to be loaded from Corbado. To avoid repetitive loading of the JWKS during each JWT verification, the JWKS must be cached locally.
To enable JWKS caching in the PHP SDK, you can utilize the PSR-6 standard. A recommended implementation for PSR-6 caching is the Symfony cache component, which offers excellent features and ease of use. The installation process for Symfony cache is straightforward:
composer require symfony/cache
Next you can create an instance of the PHP SDK with using the cache:
1
$jwksCache = new \Symfony\Component\Cache\Adapter\FilesystemAdapter();
2
3
$config = new \Corbado\Configuration('<Project ID>', '<API secret>');
4
$config->setJwksCachePool($jwksCache);
5
6
$corbado = new \Corbado\SDK($config);

Instantiation with session management to go live with CNAME

If you want to go live with an own CNAME, you need to update the Frontend API URL to be your CNAME in order to avoid JWT claim errors with the iss JWT claim:
1
$jwksCache = new \Symfony\Component\Cache\Adapter\FilesystemAdapter();
2
3
$config = new \Corbado\Configuration('<Project ID>', '<API secret>');
4
$config->setJwksCachePool($jwksCache);
5
$config->setFrontendAPI(<CNAME>);
6
7
$corbado = new \Corbado\SDK($config);