-
Notifications
You must be signed in to change notification settings - Fork 3
Authentication Layer
EvanDotPro edited this page Dec 27, 2011
·
2 revisions
Ultimately, the end-goal of the EdpUser authentication layer is to verify the identity of a user of a system (thus it can be trusted that the user is indeed who they are claiming to be). The method in which this happens should be fully customizable via third part modules, but ultimately the process should always result in an "identity" which is an instance of the configured user class.
- User is not authenticated (guest) and wishes to authenticate.
- ???
- User is authenticated with their corresponding user model/entity as their Zend\Authentication identity.
- An authenticated user must have been proven to be authentic via some customizable process.
- An authenticated user must have a Zend\Authentication "identity" in their session which is the entity/model for that user.
- The user's "identity" (the entity/model class) must be capable of being persisted in the configured database.
- A user must not have an authenticated identity until all conditions of authentication have been met. For example, if you have a two-factor authentication module enabled which allows users to enable a setting that requires an SMS code to be validated when they authenticate, a user with that setting enabled should not be considered authenticated until after their credentials are verified and they've provided the SMS code which was sent to them.