There are, at the moment, several PSRs (PHP Standard Recommendations) involving HTTP:
- PSR-7: HTTP messages. These are the Request, Response, and Uri interfaces.
- PSR-17: HTTP message factories. These are the interfaces for “a thing that creates PSR-7 messages.”
- PSR-18: HTTP clients. These are the interfaces for sending out a PSR-7 request to an HTTP server, and getting a PSR-7 response in return.
- PSR-15: HTTP handlers. These are interfaces for adding “middleware” layers in a server-side framework. The middleware sits “between” application code and the actual Web server, and can process, forward, and/or modify requests and responses.
I will avoid PSR-15 from here on; the inspiration for this post was dealing with the client side of the stack, not the server.
As for the rest, the the two ending in 7 are related: PSR-17 is about creating PSR-7 objects, without the caller knowing the specific PSR-7 objects. However, it’s a kind of recursive problem: how does the caller know the specific PSR-17 object to use?
There's also some confusion caused by having “Guzzle” potentially refer to multiple packages. There’s the guzzlehttp/guzzle
HTTP client, and there’s a separate guzzlehttp/psr7
HTTP message implementation. Unrelated packages may use guzzle
in their name, but not be immediately clear on which exact package they work with.
php-http/guzzle7-adapter
is related to the client.
http-interop/http-factory-guzzle
provides PSR-17 factories for the Guzzle PSR-7 classes, and has nothing to do with the client.
Additionally, whether these packages are needed has changed somewhat over time. guzzlehttp/psr7
version 2 has PSR-17 support built in, and guzzlehttp/guzzle
version 7 is compatible with PSR-18. Previous major versions of these packages lacked those features.
Discovery
The problem of finding PSR-compatible objects is solved by an important non-PSR library from the HTTPlug (HTTP plug) project: php-http/discovery
(and its documentation.)
- It lets code ask for a concrete class by interface, and Discovery takes care of finding which class is available, constructing it, and returning it.
- It includes its own list of PSR-17 factories and PSR-18 clients, and can return those directly, where applicable. When Guzzle 7 is installed, Discovery (of a recent enough version) can return the actual
\GuzzleHttp\Client
when asked to find a PSR-18 client.
- It has additional interfaces for defining and finding asynchronous HTTP clients, where code is not required to wait for the response before processing continues.
At its most basic, Discovery can find PSR-17 factories and PSR-18 HTTP clients. These would be loaded through the Psr17FactoryDiscovery
and Psr18ClientDiscovery
classes. For the more advanced features like asynchronous clients, the additional adapter packages are required.
For example, to use Guzzle 7 asynchronously, php-http/guzzle7-adapter
is required. At that point, it can be loaded using HttpAsyncClientDiscovery::find()
. This method then returns an adapter class, which implements php-http's asynchronous client interface, and passes the actual work to Guzzle.
In any case, library code itself would only require php-http/discovery
in its composer.json file; a project making use of the library would need to choose the concrete implementation to use in its composer.json file.
An Important Caveat
Discovery happens at run time. Since Discovery supports a lot of ways to find a number of packages, it doesn't depend on them all, and it doesn't even have a hard dependency on, say, the PSR-17 interfaces themselves. This means that Composer MAY install packages, even though requirements aren't fully met to make all of them usable.
To be sure the whole thing will actually work in practice, it's important to make some simple, safe HTTP request. In my case, I use the Mailgun client to fetch recent log events.
When code using Discovery fails, the error message may suggest installing “one of the packages” from a list, and providing a link to Packagist. That link may include the name of a package that is installed. Why doesn’t it work? It’s probably the version that is the culprit. If guzzlehttp/psr7
version 1 is installed, but not http-interop/http-factory-guzzle
, then the error is raised because there is genuinely no PSR-17 implementation available with the installed versions. However, the guzzlehttp/psr7
package will be shown on Packagist as providing the necessary support, because the latest version does, indeed, support PSR-17.
Things Have Changed a Bit Over Time
As noted above, prior to widespread support for PSR-17 and PSR-18, using the php-http
adapters was crucial for having a functioning stack. So was installing http-interop/http-factory-guzzle
to get a PSR-17 adapter for the guzzlehttp/psr7
version 1 code.
For code relying only on PSR-17 and PSR-18, and using the specific Discovery classes for those PSRs, the latest Guzzle components should not need any other packages installed to work.
However, things can be different, if there is another library in use that causes the older version of guzzlehttp/psr7
to be used. This happens for me: the AWS SDK for PHP specifically depends on guzzlehttp/psr7
version 1, so I need to include http-interop/http-factory-guzzle
as well, for Mailgun to coexist with it.
One Last Time
If you’re writing a library, use and depend on php-http/discovery
.
If you’re writing an application, you must also depend on specific components for Discovery to find, such as guzzlehttp/guzzle
. Depending on how the libraries you are using fit together, you may also need http-interop/http-factory-guzzle
for an older guzzlehttp/psr7
version, or a package like php-http/guzzle7-adapter
if a simple PSR-18 client isn’t suitable.
There are alternatives to Guzzle, but since my projects are frequently AWS-based, and their SDK depends on Guzzle directly, that’s the one I end up having experience with. I want all of the libraries to share dependencies, where possible.