Skip to content
rw3iss Auth

HttpTransport

class rw3iss\AuthServer\Http\HttpTransport src/Http/HttpTransport.php ↗

Default Transport implementation. PSR-18 client + PSR-17 factories.

Responsibilities:

  • Build absolute URLs from Config + path.
  • JSON-encode bodies + decode responses.
  • Auto-attach the bearer token when an access token is passed in.
  • Inject Idempotency-Key on unsafe methods (POST/PUT/PATCH/DELETE) so retries (when caller chooses to retry) hit the server’s idempotency middleware idempotently. AUTH-PHP-LARAVEL-DESIGN §3.10.
  • Redact sensitive fields from any log emission.
  • Map non-2xx via ErrorMapper.

Note: TwoFactorRequiredException is intentionally NOT thrown by this transport — LoginFlow checks for the requires_2fa flag and returns the AuthResponse directly so the caller can prompt the user. ErrorMapper does produce the exception class for callers that prefer the thrown shape, but flows skip the throw on that one specific case.

Methods

redact()

function redact(array $payload): array

Annotations

  • @var array<string,list> $h / $h = []; foreach ($resp->getHeaders() as $name => $values) { $h[$name] = $values; } $exception = ErrorMapper::fromResponse($status, $decoded, $h); // Flows that care about requires_2fa intercept before throw — but // by default a thrown TwoFactorRequiredException is fine for app- // level middleware. We always throw, never swallow. throw $exception; } /* Visible-for-tests: redact sensitive keys before logging.