SDK-2767: Add token-based authentication strategy alongside PEM signing

[Copilot]

Implements Central Auth token support while maintaining backward compatibility with existing PEM-based request signing.

Implementation

Authentication Strategy Pattern

• AuthStrategyInterface with two implementations:
  • SignedRequestAuthStrategy - wraps existing PEM signing (adds X-Yoti-Auth-Digest header + nonce/timestamp)
  • TokenAuthStrategy - adds Authorization: Bearer {token} header
• RequestBuilder auto-selects strategy: token if Config::AUTH_TOKEN set, otherwise PEM signing

Configuration

• Added Config::AUTH_TOKEN constant for token-based auth
• Config::getAuthToken() returns configured token or null

Backward Compatibility

• Zero breaking changes - existing PEM-based authentication unchanged
• Auto-detection means no code changes required for existing applications

Usage

Token-based authentication:

use Yoti\YotiClient;
use Yoti\Util\Config;

$client = new YotiClient(
    'sdk-id',
    '', // Empty PEM when using token
    [Config::AUTH_TOKEN => 'your-auth-token']
);

Traditional PEM authentication (unchanged):

$client = new YotiClient('sdk-id', '/path/to/app.pem');

Explicit strategy override:

$builder = (new RequestBuilder())
    ->withAuthStrategy(new TokenAuthStrategy('token'))
    ->withBaseUrl('https://api.yoti.com')
    ->withEndpoint('/endpoint')
    ->build();

Documentation

• docs/AUTHENTICATION.md - comprehensive guide covering both auth methods, migration path, and best practices
• Updated README.md to reference authentication options

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[Copilot]

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/phpstan/extension-installer/zipball/66c7adc9dfa38b6b5838a9fb728b68a7d8348051
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/SrJvws /usr/bin/composer install --no-interaction (http block)
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/bKBeVI /usr/bin/composer install --prefer-dist --no-progress (http block)
• https://api.github.com/repos/phpstan/phpstan/zipball/48236ddf823547081b2b153d1cd2994b784328c3
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/SrJvws /usr/bin/composer install --no-interaction (http block)
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/bKBeVI /usr/bin/composer install --prefer-dist --no-progress (http block)
• https://api.github.com/repos/symfony/deprecation-contracts/zipball/63afe740e99a13ba87ec199bb07bbdee937a5b62
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/SrJvws /usr/bin/composer install --no-interaction (http block)
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/bKBeVI /usr/bin/composer install --prefer-dist --no-progress (http block)
• https://api.github.com/repos/symfony/polyfill-ctype/zipball/a3cc8b044a6ea513310cbd48ef7333b384945638
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/SrJvws /usr/bin/composer install --no-interaction (http block)
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/bKBeVI /usr/bin/composer install --prefer-dist --no-progress (http block)
• https://api.github.com/repos/symfony/polyfill-intl-grapheme/zipball/380872130d3a5dd3ace2f4010d95125fde5d5c70
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/SrJvws /usr/bin/composer install --no-interaction (http block)
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/bKBeVI /usr/bin/composer install --prefer-dist --no-progress (http block)
• https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/3833d7255cc303546435cb650316bff708a1c75c
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/SrJvws /usr/bin/composer install --no-interaction (http block)
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/bKBeVI /usr/bin/composer install --prefer-dist --no-progress (http block)
• https://api.github.com/repos/symfony/polyfill-mbstring/zipball/6d857f4d76bd4b343eac26d6b539585d2bc56493
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/SrJvws /usr/bin/composer install --no-interaction (http block)
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/bKBeVI /usr/bin/composer install --prefer-dist --no-progress (http block)
• https://api.github.com/repos/symfony/polyfill-php73/zipball/0f68c03565dcaaf25a890667542e8bd75fe7e5bb
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/SrJvws /usr/bin/composer install --no-interaction (http block)
• https://api.github.com/repos/symfony/string/zipball/5621f039a71a11c87c106c1c598bdcd04a19aeea
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/SrJvws /usr/bin/composer install --no-interaction (http block)
  • Triggering command: /usr/bin/php8.3 /usr/bin/php8.3 -n -c /tmp/bKBeVI /usr/bin/composer install --prefer-dist --no-progress (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)