Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/spatie/laravel-passkeys

Use passkeys in your Laravel app
https://github.com/spatie/laravel-passkeys

authentication laravel passkeys php

Last synced: 5 days ago
JSON representation

Use passkeys in your Laravel app

Host: GitHub
URL: https://github.com/spatie/laravel-passkeys
Owner: spatie
License: mit
Created: 2024-08-06T12:17:13.000Z (6 months ago)
Default Branch: main
Last Pushed: 2024-09-23T08:23:39.000Z (4 months ago)
Last Synced: 2025-01-20T18:08:36.506Z (12 days ago)
Topics: authentication, laravel, passkeys, php
Language: PHP
Homepage: https://spatie.be/open-source
Size: 84 KB
Stars: 130
Watchers: 13
Forks: 11
Open Issues: 2
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Funding: .github/FUNDING.yml
- License: LICENSE.md

Awesome Lists containing this project

README

        **THIS PACKAGE IS IN DEVELOPMENT, DO NOT USE (YET)**

# Use passkeys in your Laravel app

[![Latest Version on Packagist](https://img.shields.io/packagist/v/spatie/laravel-passkeys.svg?style=flat-square)](https://packagist.org/packages/spatie/laravel-passkeys)

[![GitHub Tests Action Status](https://img.shields.io/github/actions/workflow/status/spatie/laravel-passkeys/run-tests.yml?branch=main&label=tests&style=flat-square)](https://github.com/spatie/laravel-passkeys/actions?query=workflow%3Arun-tests+branch%3Amain)

[![GitHub Code Style Action Status](https://img.shields.io/github/actions/workflow/status/spatie/laravel-passkeys/fix-php-code-style-issues.yml?branch=main&label=code%20style&style=flat-square)](https://github.com/spatie/laravel-passkeys/actions?query=workflow%3A"Fix+PHP+code+style+issues"+branch%3Amain)

[![Total Downloads](https://img.shields.io/packagist/dt/spatie/laravel-passkeys.svg?style=flat-square)](https://packagist.org/packages/spatie/laravel-passkeys)

Passkeys let you log in without needing a password. The process can be compared to how SSH keys work.

A passkey is a unique key pair that is generated by a password manager or hardware security key. One key is public and stored on in your Laravel app, and the other is private and stored in the password manager.

When logging using a passkey, the Laravel app will generate a challenge that your password manager can solve using the stored private key. The password manager will create a secure response and sends it back to Laravel app. If the challenge is solved correctly, you're logged in.

You can learn more about how passkeys work [here](https://www.dashlane.com/blog/what-is-a-passkey-and-how-does-it-work#).

This package provides a simple way to generate passkey using a Livewire component. It also contains a Blade component that can authenticate using passkeys.

## Support us

[](https://spatie.be/github-ad-click/laravel-passkeys)

We invest a lot of resources into creating [best in class open source packages](https://spatie.be/open-source). You can support us by [buying one of our paid products](https://spatie.be/open-source/support-us).

We highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using. You'll find our address on [our contact page](https://spatie.be/about-us). We publish all received postcards on [our virtual postcard wall](https://spatie.be/open-source/postcards).

## Requirements

This package contains a Livewire component to generate passkeys. Make sure you have Livewire installed in your Laravel app.

## Installation

You can install the package via composer:

```bash

composer require spatie/laravel-passkeys

```

Next, you must set the `AUTH_MODEL` in your `.env` file to the class name of the model that should be authenticated using passkeys.

```bash

AUTH_MODEL=App\Models\User

```

Next, you publish the migration by the package with:

```bash

php artisan vendor:publish --tag="passkeys-migrations"

```

After the migration has been published you can create the `passkeys` table by running the migrations:

```bash

php artisan migrate

```

Optionally, you can publish the config file using:

```bash

php artisan vendor:publish --tag="passkeys-config"

```

This is the contents of the published config file:

```php

return [

    /*

     * After a successful authentication attempt using a passkey

     * we'll redirect to this URL.

     */

    'redirect_to_after_login' => '/dashboard',

    /*

     * These class are responsible for performing core tasks regarding passkeys.

     * You can customize them by creating a class that extends the default, and

     * by specify your custom class name here

     */

    'actions' => [

        'generate_passkey_register_options' => Spatie\LaravelPasskeys\Actions\GeneratePasskeyRegisterOptionsAction::class,

        'store_passkey' => Spatie\LaravelPasskeys\Actions\StorePasskeyAction::class,

        'generate_passkey_authentication_options' => \Spatie\LaravelPasskeys\Actions\GeneratePasskeyAuthenticationOptionsAction::class,

        'find_passkey' => \Spatie\LaravelPasskeys\Actions\FindPasskeyToAuthenticateAction::class,

    ],

    /*

     * These properties will be used to generate the passkey.

     */

    'relying_party' => [

        'name' => config('app.name'),

        'id' => parse_url(config('app.url'), PHP_URL_HOST),

        'icon' => null,

    ],

    /*

     * The models used by the package. 

     * You can override this by specifying your own models

     */

    'models' => [

        'passkey' => Spatie\LaravelPasskeys\Models\Passkey::class,

        'authenticatable' => env('AUTH_MODEL', App\Models\User::class),

    ],

];

```

Optionally, you can publish the views using

```bash

php artisan vendor:publish --tag="passkeys-views"

```

## Usage

There are two parts to using passkeys in your Laravel app: creating a passkey and authenticating using a passkey.

### Creating a passkey

The package provides a Livewire component to generate a passkey. It is able to create a passkey for the currently logged in user. It will also show all generated passkeys.

You can include this component in your views.

```html

```

Here's how the component looks like:

// TODO: insert image

### Authenticating using a passkey

To let your users authenticate using a passkey, you can include the `authenticate-passkey` Blade component in your view, typically on your login view.

```html 

```

// TODO: insert image

This component will show a link that, when clicked, will start the passkey authentication process. 

If the authentication is successful, the user will be redirected to the URL specified in the  `redirect_to_after_login` key of the `passkeys` config file.

#### Customizing the look and feel of the component

To customize the look and feel of the component, you can pass HTML to the component.

```html

    Authenticate using passkey

```

To customize where the user is redirected after a successful login, you can pass a URL to the `redirect` prop of component.

```html

```    

### Events

The package fires the `Spatie\LaravelPasskeys\Events\PasskeyUsedToAuthenticateEvent` when a passkey is used to authenticate. It has a property `passkey` that contains the `Passkey` model that was used to authenticate.

## Testing

```bash

composer test

```

## Changelog

Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently.

## Contributing

Please see [CONTRIBUTING](CONTRIBUTING.md) for details.

## Security Vulnerabilities

Please review [our security policy](../../security/policy) on how to report security vulnerabilities.

## Credits

This code is based on the [Laracast course on passkeys](https://laracasts.com/series/add-passkeys-to-a-laravel-app) by the amazing [Luke Downing](https://github.com/lukeraymonddowning).

- [Freek Van der Herten](https://github.com/freekmurze)

- [All Contributors](../../contributors)

## License

The MIT License (MIT). Please see [License File](LICENSE.md) for more information.