It's a requirement now that Guzzle is gone, so we better be sure the installation supports it.

You have added the signature to the params array in your commit
f12e259. Now a + in the signature is
encoded twice because in generateSignature() you replace + already with
%2B and http_build_query($params) encodes it too.

When validating a YubiKey OTP using the latest version of the software, I encountered an error. When providing an incorrect OTP value, I receive the following deprecated warning:

Deprecated: Creation of dynamic property Yubikey\Validate::$clientId is deprecated in /Users/Shared/www/inc/vendor/enygma/yubikey/src/Yubikey/Validate.php on line 145.

This error occurs even though I previously passed the correct Secret Code and API Code that I obtained beforehand.

Steps to Reproduce:

1. Use the latest version of the software.
   

2. Generate an invalid YubiKey OTP.
   

3. Pass the OTP value to the validation process.
   

4. Observe the deprecated warning that occurs.
   

Expected Behavior:
The software should correctly identify the error and provide a meaningful error message instead of generating a deprecated warning.

Additional Information:

• Operating System: MAC OS - Ventura 13.4
  

• Software Version: 13.4
  

hash_equals()? :)

A different PHPUnit version is needed for PHP 7.1 and also requires a different usage.

It seems (according to composer.json) that this library is released under MIT license, would it be possible to make this more explicit in the README, as well as adding a LICENSE file and/or specify in the headers of the PHP files?

Providers similar to this could be quite handy to introduce. In this case it's Laravel 5 but it could easily also be things like a Symfony2 plugin.

The current release on packagist (3.1) has an intermittent error with signatures failing, which was fixed shortly after the release was made. The current version of master works fine.

If openssl support is enabled, it should use openssl_random_pseudo_bytes to generate the nonce.

Hello,

I like the library a lot, for production use we need to fix the dependency to a release version in composer. Could you please create a release tag we can fix it on?

Thank you!

Experienced this odd quirk toady and was able to confirm it with WSL.
Inside WSL the code works as expected but, let me give a brief introduction.

Environment details:
Windows:

C:\Users\elyci\PhpstormProjects\disblog>php -v
PHP 7.2.2 (cli) (built: Jan 31 2018 19:31:15) ( NTS MSVC15 (Visual C++ 2017) x64 )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies

WSL:

elycin@DESKTOP-67FBEPH:/mnt/c/Users/elyci/PhpstormProjects/disblog$ php -v
PHP 7.2.3-1+ubuntu16.04.1+deb.sury.org+1 (cli) (built: Mar  6 2018 11:18:25) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.2.3-1+ubuntu16.04.1+deb.sury.org+1, Copyright (c) 1999-2018, by Zend Technologies

I have a windows development machine that has an instance of php 7.2.2 installed via chocolatey with a modified php.ini to support curl and pdo_mysql extensions, upon testing some of the example code inside a laravel project I've determined in a windows environment that using the dd debugger with the validator's ->success() function, that I get different results.

Windows 10 (Native Environment)

C:\Users\elyci\PhpstormProjects\disblog>php artisan add:yubikey ccccccfrkvvreeivddjvfgrgftttlutbuvftgefnence
false

Windows 10 Subsystem for Linux (with different freshly generated OTP token)

elycin@DESKTOP-67FBEPH:/mnt/c/Users/elyci/PhpstormProjects/disblog$ php artisan add:yubikey ccccccfrkvvreulghldgtcfbhfunvccrnnhifnbhhkut
true

I wish I could provide more details since this seems to be a platform specific bug, maybe even a extension problem but I hope this helps find a possible solution for others.

is there some way to install this software without some obnoxious alpha software like composer?

Do you plan on adding support for multi-servers? That is, talking to all servers at the same time and using the first answer?

I'm going through our existing "php-yubico" client and updating it, and started "yubico-php-client" for that, but it was pointed out that your project existed. Generally, do you plan on maintaining and working on this going forward? I'd like to see a "good" PHP library for talking to the YubiCloud, and that it is properly packaged.

The request generates a signature with the api key, but the response class does not validate the server signature.

If the connection to the server fails the responses array in the
ResponseCollection class is empty and the success function returns true.
Perhaps the default value of $success should be false and set to true if
at least one response was successful.

    public function success($first = false)
    {
        $success = false;
        if ($first === true) {
            // Sort them by timestamp, pop the first one and return pass/fail
            usort($this->responses, function($r1, $r2) {
                return $r1->getMt() > $r2->getMt();
            });
            $response = $this->responses[0];
            return $response->success();
        } else {
            foreach ($this->responses as $response) {
                if ($response->success() === false) {
                    return false;
                } else {
                    $success = true;
                }
            }
        }
        return $success;
    }

Could you make a new release with a requirement to guzzle ~3.8 instead of 3.8.*

I'm trying to install but I'm getting errors because of dependencies of other packages to guzzle with bigger stable versions.

https://www.dropbox.com/s/tw6oc3jp9lji3s0/Screenshot%202014-09-24%2016.07.08.png?dl=0

Currently missing inside of this implementation of the Yubikey, is a function that parses out the public key. Commonly used within "two factor authentication".

The first 12 characters of the string according to the Yubico documentation and also known as "prefix" within the data array of Yubico's own php implementation.

With that, dont forget the password. So parsing out the first 12 characters, wont work in every situation.

SL = Sync level in percentage between 0 and 100 or "fast" or "secure".
TIMEOUT = Max number of seconds to wait for responses

Should these have default settings?

Using this code

            $otp = $_GET['otp'];

            $validator = new Validate(
                $secret,
                $id
            );

            try {
                $response = $validator->check($otp);
            }
            catch (\Exception) {
                die('Access denied!');
            }

            if ($response->success()) {
                die('Access granted!');
            }
            else {
                die('Access denied!');
            }

yields the following response

Deprecated: Function utf8_encode() is deprecated in /var/www/html/vendor/enygma/yubikey/src/Yubikey/Validate.php on line 257

Deprecated: Function utf8_encode() is deprecated in /var/www/html/vendor/enygma/yubikey/src/Yubikey/Validate.php on line 257
Access granted!

I am using PHP 8.2 and enygma/yubikey 3.6