PHPackages ahmedbenkrarayc/larasecurestart - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. ahmedbenkrarayc/larasecurestart ActiveProject[Authentication & Authorization](/categories/authentication) ahmedbenkrarayc/larasecurestart =============================== A secure Laravel JWT authentication starter kit with HttpOnly cookies, built by Ahmed Benkrara. v1.0.2(11mo ago)05CC-BY-4.0BladePHP ^8.2 Since Jun 15Pushed 11mo agoCompare [ Source](https://github.com/ahmedbenkrarayc/larasecurestart)[ Packagist](https://packagist.org/packages/ahmedbenkrarayc/larasecurestart)[ RSS](/packages/ahmedbenkrarayc-larasecurestart/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (8)Versions (4)Used By (0) LaraSecureStart =============== [](#larasecurestart) **LaraSecureStart** is a secure, scalable Laravel 12+ starter kit developed by **Ahmed Benkrara** that brings modern JWT-based authentication with **HTTP-only cookies** and built-in **role-based access control**. It's built with clarity, security, and real-world API architecture in mind. --- βš™οΈ Features ----------- [](#️-features) - βœ… JWT authentication via **secure HTTP-only cookies** - πŸ”„ Automatic token **refresh endpoint** - πŸ” Pre-configured **middlewares**: - `jwt.api` β†’ Auth guard via access token (cookie-based) - `jwt.refreshtoken` β†’ Refresh token validation - `role` β†’ Role-based route restrictions - πŸ‘₯ Multi-role support (`admin`, `storeowner`, `customer`, etc.) - πŸ“© Forgot and reset password endpoints - 🌍 CORS fully configured for SPA/frontend interaction - πŸ“¦ Easy installation via **Composer** or **Laravel Installer** - πŸš€ Production-ready out of the box (automated `.env`, `APP_KEY`, and `JWT_SECRET` generation) --- πŸš€ Installation -------------- [](#-installation) ### Option 1: Laravel Installer (Recommended) [](#option-1-laravel-installer-recommended) ``` laravel new your-app-name --using=ahmedbenkrarayc/larasecurestart ``` ### Option 2: Composer [](#option-2-composer) ``` composer create-project ahmedbenkrarayc/larasecurestart your-app-name ``` πŸ›  After installation: ``` cd your-app-name php artisan migrate php artisan serve ``` > βœ… `.env`, `APP_KEY`, and `JWT_SECRET` are all generated automatically. --- πŸ” Authentication Flow --------------------- [](#-authentication-flow) EndpointMethodDescriptionMiddleware`/api/register`POSTRegister a new user–`/api/login`POSTAuthenticate and issue tokens–`/api/logout`POSTClear tokens from HTTP-only cookie`jwt.api``/api/refresh`POSTGet a new access token`jwt.refreshtoken``/api/forgot-password`POSTSend reset link via email–`/api/reset-password`POSTReset password with email token–`/api/user`GETGet authenticated user`jwt.api`--- πŸ” Role-Based Access Middleware ------------------------------ [](#-role-based-access-middleware) Use the `role` middleware to restrict access to routes by user role: ``` Route::middleware(['jwt.api', 'role:admin'])->get('/admin/dashboard', ...); Route::middleware(['jwt.api', 'role:storeowner'])->post('/products', ...); Route::middleware(['jwt.api', 'role:storeowner,superadmin'])->delete('/stores/{id}', ...); ``` Middleware logic is located in: ``` app/Http/Middleware/ β”œβ”€β”€ JwtMiddleware.php β”œβ”€β”€ JwtRefreshMiddleware.php └── RoleMiddleware.php ``` --- 🧠 Example Route Group Usage --------------------------- [](#-example-route-group-usage) Your `api.php` might look like this: ``` // Public Route::post('/login', [AuthController::class, 'login']); Route::post('/register', [AuthController::class, 'register']); // Refresh Route::post('/refresh', [AuthController::class, 'refresh'])->middleware('jwt.refreshtoken'); // Authenticated Route::middleware(['jwt.api'])->group(function () { Route::post('/logout', [AuthController::class, 'logout']); Route::get('/user', [AuthController::class, 'user']); }); // Role-protected Route::get('/storeowners', [AuthController::class, 'storeOwnersList'])->middleware(['jwt.api', 'role:superadmin']); ``` --- 🌐 CORS Configuration -------------------- [](#-cors-configuration) Preconfigured and located at: ``` config/cors.php ``` Supports: - Multiple domains - `withCredentials: true` for HTTP-only cookie handling - Safe for SPAs like Vue, React, Nuxt, etc. --- πŸ§‘β€πŸ’» About the Creator --------------------- [](#‍-about-the-creator) **Ahmed Benkrara** πŸ“§ πŸ”— [GitHub: ahmedbenkrarayc](https://github.com/ahmedbenkrarayc) --- πŸ“ License --------- [](#-license) This project is licensed under the Creative Commons Attribution 4.0 International License (CC BY 4.0). ### Health Score 30 β€” LowBetter than 64% of packages Maintenance52 Moderate activity, may be stable Popularity4 Limited adoption so far Community6 Small or concentrated contributor base Maturity51 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits β€” single point of failure How is this calculated?**Maintenance (25%)** β€” Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** β€” Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** β€” Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** β€” Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 3 Last Release 332d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/4a9b6b853bc13ee343406acba635e17271caa06eabbfc75adbed8ed2cdfb3ed3?d=identicon)[ahmedbenkrarayc](/maintainers/ahmedbenkrarayc) --- Top Contributors [![ahmedbenkrarayc](https://avatars.githubusercontent.com/u/180205931?v=4)](https://github.com/ahmedbenkrarayc "ahmedbenkrarayc (4 commits)") --- Tags jwtlaravelauthsecurestarter-kithttpOnly ### Code Quality TestsPHPUnit Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/ahmedbenkrarayc-larasecurestart/health.svg) ``` [![Health](https://phpackages.com/badges/ahmedbenkrarayc-larasecurestart/health.svg)](https://phpackages.com/packages/ahmedbenkrarayc-larasecurestart) ``` ### Alternatives [auth0/login Auth0 Laravel SDK. Straight-forward and tested methods for implementing authentication, and accessing Auth0's Management API endpoints. 2745.0M3](/packages/auth0-login)[auth0/auth0-php PHP SDK for Auth0 Authentication and Management APIs. 40820.2M68](/packages/auth0-auth0-php) PHPackages Β© 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)