{"id":19901008,"url":"https://github.com/m-thalmann/laravel-token-auth","last_synced_at":"2026-03-06T09:02:25.935Z","repository":{"id":57710874,"uuid":"511686184","full_name":"m-thalmann/laravel-token-auth","owner":"m-thalmann","description":"Provides a token-based authentication system for Laravel REST APIs","archived":false,"fork":false,"pushed_at":"2024-08-24T11:04:16.000Z","size":178,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-01T13:00:07.322Z","etag":null,"topics":["authentication","laravel","laravel-package","refresh-tokens","tokens"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/m-thalmann.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-07-07T22:03:15.000Z","updated_at":"2024-08-24T11:01:46.000Z","dependencies_parsed_at":"2024-08-24T17:19:40.622Z","dependency_job_id":null,"html_url":"https://github.com/m-thalmann/laravel-token-auth","commit_stats":{"total_commits":30,"total_committers":1,"mean_commits":30.0,"dds":0.0,"last_synced_commit":"70d483f3105647752454ab92e53644b998223a4a"},"previous_names":[],"tags_count":10,"template":false,"template_full_name":null,"purl":"pkg:github/m-thalmann/laravel-token-auth","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m-thalmann%2Flaravel-token-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m-thalmann%2Flaravel-token-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m-thalmann%2Flaravel-token-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m-thalmann%2Flaravel-token-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/m-thalmann","download_url":"https://codeload.github.com/m-thalmann/laravel-token-auth/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m-thalmann%2Flaravel-token-auth/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30168608,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-06T07:56:45.623Z","status":"ssl_error","status_checked_at":"2026-03-06T07:55:55.621Z","response_time":250,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","laravel","laravel-package","refresh-tokens","tokens"],"created_at":"2024-11-12T20:13:52.355Z","updated_at":"2026-03-06T09:02:25.898Z","avatar_url":"https://github.com/m-thalmann.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003eLaravel Token Auth\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n\u003ca href=\"https://github.com/m-thalmann/laravel-token-auth/actions\"\u003e\u003cimg src=\"https://github.com/m-thalmann/laravel-token-auth/workflows/tests/badge.svg\" alt=\"Build Status\"\u003e\u003c/a\u003e\n\u003ca href=\"https://codecov.io/gh/m-thalmann/laravel-token-auth\"\u003e\u003cimg src=\"https://codecov.io/gh/m-thalmann/laravel-token-auth/branch/main/graph/badge.svg?token=TIFI7QGGMB\" alt=\"codecov\"\u003e\u003c/a\u003e\n\u003ca href=\"https://packagist.org/packages/m-thalmann/laravel-token-auth\"\u003e\u003cimg src=\"https://img.shields.io/packagist/dt/m-thalmann/laravel-token-auth\" alt=\"Total Downloads\"\u003e\u003c/a\u003e\n\u003ca href=\"https://packagist.org/packages/m-thalmann/laravel-token-auth\"\u003e\u003cimg src=\"https://img.shields.io/packagist/v/m-thalmann/laravel-token-auth\" alt=\"Latest Stable Version\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/m-thalmann/laravel-token-auth\"\u003e\u003cimg src=\"https://img.shields.io/github/license/m-thalmann/laravel-token-auth\" alt=\"License\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n## Table of contents\n\n- [Introduction](#introduction)\n- [Installation](#installation)\n- [Quick start](#quick-start)\n  - [Protect routes](#protect-routes)\n  - [Revoke tokens](#revoke-tokens)\n  - [Prune revoked / expired tokens](#prune-revoked--expired-tokens)\n\n\u003e **See the detailed documentation at: [/docs](/docs/README.md)**\n\n## Introduction\n\nLaravel Token Auth provides functionality to authenticate Laravel APIs using access and refresh tokens.\n\nIt is heavily inspired by [Laravel Sanctum](https://github.com/laravel/sanctum).\n\n### Refresh tokens\n\nRefresh tokens are used to create new access tokens. This way an access token can have only a short expiration time without the need for the user to login again.\n\nTo keep these refresh tokens save we can implement refresh token rotation. When a new access token is requested using a refresh token, the new access token and a new refresh token is returned. The used refresh token is then revoked but kept in the database. This way it can be detected if a refresh token is reused.\n\nFor more details see: https://auth0.com/blog/refresh-tokens-what-are-they-and-when-to-use-them/\n\n## Installation\n\n**[`^ back to top ^`](#)**\n\n```\ncomposer require m-thalmann/laravel-token-auth\n```\n\nIf you want to customize the migrations, configuration run the publish command:\n\n```\nphp artisan vendor:publish --provider=\"TokenAuth\\TokenAuthServiceProvider\"\n```\n\nIf you only want to customize parts you can run the following:\n\n- **Migrations**: `php artisan vendor:publish --tag=\"token-auth-migrations\"`\n\n- **Configuration**: `php artisan vendor:publish --tag=\"token-auth-config\"`\n\nNext you should run the migrations:\n\n```\nphp artisan migrate\n```\n\n## Quick start\n\n**[`^ back to top ^`](#)**\n\nAdd the `HasAuthTokens` trait to the Eloquent user model:\n\n```php\nuse TokenAuth\\Concerns\\HasAuthTokens;\n\nclass User extends Authenticatable\n{\n  use HasAuthTokens;\n\n  // ...\n}\n```\n\nAdd the following routes for authentication:\n\n\u003e **Info:** Of course you should create your own controllers for this. This is just a simplification.\n\n```php\nuse TokenAuth\\Enums\\TokenType;\nuse TokenAuth\\Facades\\TokenAuth;\nuse TokenAuth\\Models\\AuthToken;\n\nRoute::post('/login', function (Request $request) {\n  $credentials = $request-\u003evalidate([\n    'email' =\u003e 'required',\n    'password' =\u003e 'required',\n  ]);\n\n  if (!Auth::once($credentials)) {\n    throw new HttpException(401);\n  }\n\n  $tokenPair = TokenAuth::createTokenPair(auth()-\u003euser())-\u003ebuildPair();\n\n  return [\n    'refresh_token' =\u003e $tokenPair-\u003erefreshToken-\u003eplainTextToken,\n    'access_token' =\u003e $tokenPair-\u003eaccessToken-\u003eplainTextToken,\n  ];\n});\n\nRoute::post('/logout', function () {\n  AuthToken::deleteTokensFromGroup(TokenAuth::currentToken()-\u003egetGroupId());\n})-\u003emiddleware('auth:token-access');\n\nRoute::post('/refresh', function () {\n  // ...\n\n  $tokenPair = TokenAuth::rotateTokenPair(\n    TokenAuth::currentToken()\n  )-\u003ebuildPair();\n\n  return [\n    'refresh_token' =\u003e $tokenPair-\u003erefreshToken-\u003eplainTextToken,\n    'access_token' =\u003e $tokenPair-\u003eaccessToken-\u003eplainTextToken,\n  ];\n})-\u003emiddleware('auth:token-refresh');\n\nRoute::post('/tokens', function () {\n  // ...\n\n  /**\n   * @var \\TokenAuth\\Concerns\\HasAuthTokens\n   */\n  $user = auth()-\u003euser();\n\n  $accessToken = $user-\u003ecreateToken(TokenType::ACCESS)-\u003ebuild();\n\n  return [\n    'access_token' =\u003e $accessToken-\u003eplainTextToken,\n  ];\n})-\u003emiddleware('auth:token-refresh');\n```\n\n### Protect routes\n\n```php\nRoute::get('/private', function () {\n  // only allows access tokens ...\n})-\u003emiddleware('auth:token-access');\n\nRoute::get('/private-refresh-token', function () {\n  // only allows refresh tokens ...\n})-\u003emiddleware('auth:token-refresh');\n```\n\n### Revoke tokens\n\n```php\nRoute::get('/revoke/{token}', function (AuthToken $token) {\n  $token-\u003erevoke()-\u003estore();\n})-\u003emiddleware('auth:token-refresh');\n```\n\n#### Prune revoked / expired tokens\n\n```php\n// app/Console/Kernel.php\n\nprotected function schedule(Schedule $schedule) {\n  // ...\n  $schedule-\u003ecommand('model:prune')-\u003edaily();\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fm-thalmann%2Flaravel-token-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fm-thalmann%2Flaravel-token-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fm-thalmann%2Flaravel-token-auth/lists"}