{"id":24714435,"url":"https://github.com/ml-opensource/laravel-oauth","last_synced_at":"2025-10-09T12:31:33.918Z","repository":{"id":62508391,"uuid":"62830629","full_name":"ml-opensource/laravel-oauth","owner":"ml-opensource","description":"An OAuth wrapper to bridge lucadegasperi/oauth2-server-laravel and Laravel's authentication system","archived":false,"fork":false,"pushed_at":"2020-03-09T14:23:47.000Z","size":120,"stargazers_count":4,"open_issues_count":2,"forks_count":0,"subscribers_count":27,"default_branch":"master","last_synced_at":"2025-09-30T05:55:50.641Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ml-opensource.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-07-07T18:47:39.000Z","updated_at":"2024-05-02T06:41:46.000Z","dependencies_parsed_at":"2022-11-02T12:46:12.505Z","dependency_job_id":null,"html_url":"https://github.com/ml-opensource/laravel-oauth","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/ml-opensource/laravel-oauth","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ml-opensource%2Flaravel-oauth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ml-opensource%2Flaravel-oauth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ml-opensource%2Flaravel-oauth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ml-opensource%2Flaravel-oauth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ml-opensource","download_url":"https://codeload.github.com/ml-opensource/laravel-oauth/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ml-opensource%2Flaravel-oauth/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279001443,"owners_count":26083078,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-09T02:00:07.460Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-27T08:16:35.556Z","updated_at":"2025-10-09T12:31:33.570Z","avatar_url":"https://github.com/ml-opensource.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"Laravel OAuth [![Build Status](https://img.shields.io/travis/fuzz-productions/laravel-oauth/master.svg?style=flat)](https://travis-ci.org/fuzz-productions/laravel-oauth)\n=========================================================================================================================================================================\nAn OAuth wrapper to bridge `lucadegasperi/oauth2-server-laravel` and Laravel's authentication system while providing optional support for `fuzz/magic-box` repositories\n\n## Setup\n1. Require the composer package\n1. Set up your project `AuthServiceProvider` to extend `Fuzz\\Auth\\Providers\\AuthServiceProvider`\n1. Follow instructions in `lucadegasperi/oauth2-server-laravel` to set it up.\n1. Configure the `grant_types` array in `config/oauth2.php` to use the Fuzz grants (or extend/create your own)\n\n\t```\n\t'grant_types'             =\u003e [\n\t\t'password' =\u003e [\n\t\t\t'class' =\u003e \\Fuzz\\Auth\\OAuth\\Grants\\PasswordGrant::class,\n\t\t\t'callback' =\u003e '\\Fuzz\\Auth\\OAuth\\Grants\\PasswordGrantVerifier@verify',\n\t\t\t'access_token_ttl' =\u003e 7600,\n\t\t],\n\t\t'refresh_token' =\u003e [\n\t\t\t'class' =\u003e \\Fuzz\\Auth\\OAuth\\Grants\\RefreshTokenGrant::class,\n\t\t\t'access_token_ttl' =\u003e 7600,\n\t\t\t'refresh_token_ttl' =\u003e 14600,\n\t\t],\n\t],\n\t```\n1. Set up `config/auth.php`\n\n\tSet the default guard to `api`\n\n\t```\n\t'defaults' =\u003e [\n\t    'guard' =\u003e 'api',\n\t    'passwords' =\u003e 'users',\n\t],\n\t```\n\tSet the `api` guard to use `\\Fuzz\\Auth\\Guards\\OAuthGuard::class` as its\n\tdriver\n\n\t```\n\t'api' =\u003e [\n\t    'driver' =\u003e \\Fuzz\\Auth\\Guards\\OAuthGuard::class,\n\t    'provider' =\u003e 'users',\n\t],\n\t```\n\tSet Laravel to use the `oauth` user provider and set your project's User class\n\n\t```\n\t'providers' =\u003e [\n\t    'users' =\u003e [\n\t        'driver' =\u003e 'oauth',\n\t        'model' =\u003e \\App\\User::class,\n\t        'token_key' =\u003e 'access_token',\n\t    ],\n\t],\n\t```\n\n1. Create `app/Http/Middleware/OAuthMiddleware.php` and extend `Fuzz\\Auth\\Middleware\\OAuthenticateMiddleware`. Add it to the `$routeMiddleware` array in `app/Http/Kernel.php\n1. Your User class should implement the `Fuzz\\Auth\\Models\\AgentInterface` and `Illuminate\\Contracts\\Auth\\Authenticatable` and their required methods\n\n## Usage\n### Protecting routes\nRoutes that require authentication can now be protected with the `auth` middleware:\n\n```\n$router-\u003egroup(\n    ['middleware' =\u003e 'auth'], function (Router $router) {\n        $router-\u003eget('locations', 'LocationsController@index');\n});\n```\nWithin any authenticated route, you can use all the default Laravel `Auth` methods such as `Auth::user()` to resolve the currently authenticated user. `lucadegasperi/oauth2-server-laravel` provides a way to protect routes based on scope, but you can also use `Fuzz\\Auth\\Policies\\RepositoryModelPolicy@requireScopes` to throw `League\\OAuth2\\Server\\Exception\\AccessDeniedException` exceptions when a user does not have the required scopes.\n\n### Protecting resources\nLaravel OAuth comes with a base `Fuzz\\Auth\\Policies\\RepositoryModelPolicy` but you may create your own (implementing the `Fuzz\\Auth\\Policies\\RepositoryModelPolicyInterface` might be helpful). Extending `Fuzz\\Auth\\Policies\\RepositoryModelPolicy` will provide some base methods to ease writing policies for repositories.\n\nOnce a policy is set up and mapped to its model class, you may use it to check user permissions according to your policy:\n\n```\n if (policy(ModelClass::class)-\u003eindex($user, $postRepository)) {\n \t\t// Index stuff\n }\n```\n\n### Resolving the current user\nAll of Laravel's `Auth` methods will work, so resolving the current user is as simple as `$user = Auth::user()`. `https://laravel.com/docs/5.2/authentication`.\n\n`Auth` will use your default guard unless specified. A typical guard set up for an OAuth specced API would be having one for users accessing via a client and another for client-only requests. Currently there is only `Fuzz\\Auth\\Guards\\OAuthGuard` which is responsible for resolving the user for a request.\n\n\n## TODOs\n1. Separate `fuzz/laravel-oauth` from `fuzz/magic-box`\n1. Support client requests in their own guard and be compatible with the current user `OAuthGuard`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fml-opensource%2Flaravel-oauth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fml-opensource%2Flaravel-oauth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fml-opensource%2Flaravel-oauth/lists"}