PHPackages                             acidjazz/humble - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. acidjazz/humble

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

acidjazz/humble
===============

passwordless authentication and detailed sessioning for laravel

v3.3.0(1y ago)15136.5k↓31.1%4[1 issues](https://github.com/fumeapp/humble/issues)[2 PRs](https://github.com/fumeapp/humble/pulls)MITPHPPHP ^8.1

Since Aug 31Pushed 1y ago1 watchersCompare

[ Source](https://github.com/fumeapp/humble)[ Packagist](https://packagist.org/packages/acidjazz/humble)[ RSS](/packages/acidjazz-humble/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (10)Dependencies (8)Versions (56)Used By (0)

 [![](https://github.com/fumeapp/humble/raw/master/logo.jpg)](https://github.com/fumeapp/humble/raw/master/logo.jpg)

> Ideal Sessioning and authentication for Laravel

[![Packagist License](https://camo.githubusercontent.com/8b1d1a041ab0613abdccd7e0e40f23905d199dcb1e6a425b26b6c8f72263d624/68747470733a2f2f706f7365722e707567782e6f72672f616369646a617a7a2f68756d626c652f6c6963656e73652e706e67)](https://choosealicense.com/licenses/apache-2.0/)[![Latest Stable Version](https://camo.githubusercontent.com/8dbca1de2fcf713ef195e07e4917894bfc434a0981ed5873f7b35b1214f06ff9/68747470733a2f2f706f7365722e707567782e6f72672f616369646a617a7a2f68756d626c652f76657273696f6e2e706e67)](https://packagist.org/packages/acidjazz/humble)[![Total Downloads](https://camo.githubusercontent.com/3d0511d0a433c1eddb19909dfd291aa7a8f07784426348fc14ab4720df8ba7c1/68747470733a2f2f706f7365722e707567782e6f72672f616369646a617a7a2f68756d626c652f642f746f74616c2e706e67)](https://packagist.org/packages/acidjazz/humble)

Features
--------

[](#features)

- Passwordless authentication
    - Ability to store and compare a cookie, securing the magic link sent out
    - Link expiration
    - Able to store "action" objects passed through for completing tasks the user was doing before prompted
- Detailed sessions using [whichbrowser](https://github.com/WhichBrowser/Parser-PHP)

```
"device": {
  "string": "Chrome 68 on a Google Pixel 2 XL running Android 9",
  "platform": "Android 9",
  "browser": "Chrome 68",
  "name": "Google Pixel 2 XL",
  "desktop": false,
  "mobile": true
}
```

- Detailed location using [lyften](https://github.com/Torann/laravel-geoip)'s adapter for [GeoIP2](https://github.com/maxmind/GeoIP2-php)

```
"location": {
  "ip": "86.222.88.167",
  "country": "France",
  "city": "Lons",
  "state": "NAQ",
  "postal_code": "64140",
  "lat": 43.3167,
  "lon": -0.4,
  "timezone": "Europe\/Paris",
  "currency": "EUR"
}
```

Installation
------------

[](#installation)

Install humble with [composer](https://getcomposer.org/doc/00-intro.md):

```
composer require acidjazz/humble
```

Add Humble's trait to your user model:

```
use Fumeapp\Humble\Traits\Humble;
...
class User extends Authenticatable
{
  use Humble, Notifiable;
}
```

### Publish Humble's migrations (sessions table)

[](#publish-humbles-migrations-sessions-table)

```
php artisan vendor:publish --tag="humble.migrations"
```

Run the migration

```
php artisan migrate
```

Change your guard in your config, to the 'humble' guard in `config/auth.php`, in my case since I mainly use Laravel as an API

```
    'guards' => [
        'web' => [
            'driver' => 'session',
            'provider' => 'users',
        ],

        'api' => [
            'driver' => 'humble',
            'provider' => 'users',
        ],
    ],
```

> Check your defaults as well, if it's not api, you'll need to change that

If your user class is not `App\Models\User`, we need to tell humble what it is:

### Publish Humble's configuration

[](#publish-humbles-configuration)

```
 php artisan vendor:publish --tag="humble.config"

```

Modify `config/humble.php` and specify your user class

Usage
-----

[](#usage)

Humble is similar to [Laravel Sanctum](https://laravel.com/docs/9.x/sanctum#introduction) in the way you can also assign abilties to sessions.

Primarily humble sessions are stored for user sessions which by default would inherit all session abilities. You can also think of Humble Session as Personal Access Tokens, inside your application your users could create multiple session tokens for various services and integrations like: GitHub actions, CLI Applications, Slack Tokens, etc...

With these addtional session tokens your users can create, you still have access to the session `source` where you can attach certain Gates &amp; Policy behaviors based on that. If your are fine with leaving these session tokens as-is with same access as the user you can stick with that. If you need more granularity you can also assign abilites.

With abilites you can addtionally set specific rules these session tokens can have. For example you might want to have a session tokens for a GitHub action that only has the abilty to peform READ events and not WRITE.

These abilites can be user defined in your app, meaing its up to you to declare these rules in your app and check/valdiate them. The default ability is set to `["*"]` which means full access, but when creating a session you can pass a parameter to only set this to READ, and which your database record would show as `["READ"]`

For valdiating these abilites we provide a few helpers and middlewares to make this easier.

To validate the middleware level you first need to add the following to your `$routeMiddleware` inside of `app/Http/Kernel.php`

```
// ...
'abilities' => \Fumeapp\Humble\Http\Middleware\CheckAbilities::class,
'ability' => \Fumeap\Humble\Http\Middleware\CheckForAnyAbility::class,
// ...
```

Once you add those, you can apply them in your routes middleware like so:

```
Route::get('admin', function () {
    return response()->json([
        'success' => true
    ]);
})->middleware(['auth:api', 'ability:admin']);
```

> The example would pass if that session token had the abilites as: `["*"]` or `["admin"]`

You can also use `abilities` as middleware which is a strict check that the token must have all the given abilites.

Other ways of checking/valdiating abilites inside of your app in areas like Gates &amp; Polciies

1. `auth()->user()->tokenCan('write')`
2. `auth()->session()->can('write')`
3. `$user()->tokenCan('write')`
4. `$request->user()->tokenCan('write')`

We also provide an easy way to create new session tokens with the following method

```
 $user->createToken('action', ['write'])
```

> This would also work with either `auth()->user()->createToken(...)` or `$request->user()->createToken(...)`

###  Health Score

50

—

FairBetter than 96% of packages

Maintenance42

Moderate activity, may be stable

Popularity41

Moderate usage in the ecosystem

Community14

Small or concentrated contributor base

Maturity84

Battle-tested with a long release history

 Bus Factor1

Top contributor holds 81.9% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~43 days

Recently: every ~232 days

Total

55

Last Release

455d ago

Major Versions

v1.1.0 → v2.0.02020-07-14

v2.1.5 → v3.0.02022-08-04

PHP version history (8 changes)v1.0.0PHP ~7.0

v1.0.24PHP ^7.1.3

v1.0.30PHP ^7.2 || ^7.3 || ^7.4

v2.0.11PHP ^7.2 || ^7.3 || ^7.4 || ^8.0

v2.0.12PHP ^7.2|^8.0

v2.1.0PHP ^8.0

v2.1.4PHP ^8.0|^8.1

v3.1.0PHP ^8.1

### Community

Maintainers

![](https://www.gravatar.com/avatar/533437b7015d87ef685c7fd29533d27b0ba063e3418543b72c7b480bd2966bf5?d=identicon)[acidjazz](/maintainers/acidjazz)

![](https://www.gravatar.com/avatar/f490cd1213d7b5ec01ab09e341f6495f18e9be860beb6daf3fad7991f560da2b?d=identicon)[tcamp](/maintainers/tcamp)

---

Top Contributors

[![acidjazz](https://avatars.githubusercontent.com/u/967369?v=4)](https://github.com/acidjazz "acidjazz (86 commits)")[![tcampbPPU](https://avatars.githubusercontent.com/u/25044744?v=4)](https://github.com/tcampbPPU "tcampbPPU (17 commits)")[![laravel-shift](https://avatars.githubusercontent.com/u/15991828?v=4)](https://github.com/laravel-shift "laravel-shift (2 commits)")

---

Tags

authenticationlaravelphpphpapilaravelAuthenticationPasswordless

###  Code Quality

TestsPHPUnit

Code StyleLaravel Pint

### Embed Badge

![Health badge](/badges/acidjazz-humble/health.svg)

```
[![Health](https://phpackages.com/badges/acidjazz-humble/health.svg)](https://phpackages.com/packages/acidjazz-humble)
```

###  Alternatives

[auth0/login

Auth0 Laravel SDK. Straight-forward and tested methods for implementing authentication, and accessing Auth0's Management API endpoints.

2745.0M3](/packages/auth0-login)[hasinhayder/tyro

Tyro - The ultimate Authentication, Authorization, and Role &amp; Privilege Management solution for Laravel 12 &amp; 13

6712.1k2](/packages/hasinhayder-tyro)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)