Skip to content
docsv0.1.0

SecurityPrincipal

The authenticated caller behind a request, as resolved by a {@see \Milpa\Live\Contracts\Security\TokenVerifierInterface} and consulted by {@see \Milpa\Live\Contracts\Security\InteractionAuthorizerInterface}. There is no "principal not authenticated" state modeled here — an unauthenticated caller is represented by the *absence* of a `SecurityPrincipal` (a `null` where one is expected), not an instance with empty scopes.

SecurityPrincipal::__construct()

public function __construct(string $id, array $scopes = [], array $claims = []):

Parameters

Parameters of __construct()
NameTypeDescription
$idstringThe principal's stable identifier.
$scopesarray<int, string>Granted scope strings (e.g. `'milpa:component:autocomplete:search'`); the wildcard `'milpa:*'` grants every scope, see {@see can()}.
$claimsarray<string, mixed>Additional caller-defined claims about this principal.

SecurityPrincipal::can()

public function can(string $scope): bool

Whether this principal has the given scope, either directly or via the `'milpa:*'` wildcard scope.

Parameters

Parameters of can()
NameTypeDescription
$scopestring