PHPackages amreljako/secure-sanctum - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. amreljako/secure-sanctum ActiveLibrary amreljako/secure-sanctum ======================== Extended Laravel Sanctum authentication with advanced token security and management. v0.1.0(9mo ago)10MITPHPPHP ^8.0 Since Aug 5Pushed 8mo agoCompare [ Source](https://github.com/amreljako/secure-sanctum)[ Packagist](https://packagist.org/packages/amreljako/secure-sanctum)[ RSS](/packages/amreljako-secure-sanctum/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (2)Versions (2)Used By (0) SecureSanctum ============= [](#securesanctum) **SecureSanctum** is a Laravel package that extends the capabilities of [Laravel Sanctum](https://laravel.com/docs/sanctum) by providing enhanced token management, device control, expiration handling, and advanced authentication flow. --- Features -------- [](#features) - Secure personal access token generation - Token expiration (configurable) - Device name storage - Token abilities (scopes) - Token revocation & cleanup - Limit maximum devices per user - Optional support for refresh tokens (configurable) - Fully integrated with Laravel out of the box --- Installation ------------ [](#installation) ``` composer require amreljako/secure-sanctum ``` > Make sure you already have Laravel Sanctum installed. --- Configuration ------------- [](#configuration) 1. Publish the configuration file: ``` php artisan vendor:publish --tag=secure-sanctum-config ``` 2. The published config file: `config/secure_sanctum.php` ``` return [ 'token_expiry_days' => 30, 'allow_multiple_devices' => true, 'refresh_token_enabled' => true, 'max_devices_per_user' => 3, ]; ``` --- Migration --------- [](#migration) Run the built-in migration to create the `user_tokens` table: ``` php artisan migrate ``` --- Routes ------ [](#routes) The package registers these routes automatically (under `/api/secure-auth`): MethodEndpointDescriptionPOST`/login`Issue a new tokenPOST`/logout`Revoke current tokenGET`/tokens`List all user tokens--- Login Example ------------- [](#login-example) ### Request [](#request) ``` POST /api/secure-auth/login Content-Type: application/json { "email": "user@example.com", "password": "secret" } ``` ### Response [](#response) ``` { "access_token": "plain-text-token", "expires_in_days": 30 } ``` --- Token Usage ----------- [](#token-usage) Add the token to your API requests using the `Authorization` header: ``` Authorization: Bearer plain-text-token ``` --- Token Schema ------------ [](#token-schema) Table: `user_tokens` ColumnTypeDescriptionuser\_idforeign keyLinked usertokenstring(64)Hashed tokendevice\_namestringDevice/browser identifierabilitiesJSONToken permissionsexpires\_attimestampExpiry datelast\_used\_attimestampLast used timecreated\_attimestampCreated timeupdated\_attimestampUpdated time--- Programmatic Usage ------------------ [](#programmatic-usage) You can create and validate tokens using the `TokenManager` service: ``` use Amreljako\SecureSanctum\Services\TokenManager; $token = app(TokenManager::class)->createToken($user, 'MyDevice', ['*'], 7); ``` Validate a token manually: ``` $record = app(TokenManager::class)->validateToken($plainToken); ``` --- Contributing ------------ [](#contributing) Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change. --- License ------- [](#license) This package is open-sourced software licensed under the [MIT license](LICENSE). ### Health Score 25 — LowBetter than 37% of packages Maintenance58 Moderate activity, may be stable Popularity2 Limited adoption so far Community6 Small or concentrated contributor base Maturity31 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 279d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/402b06c86e2b864bfa76b7cb27c3d78072dacb43fd685c9f2987e53f5afc05ac?d=identicon)[amreljako](/maintainers/amreljako) --- Top Contributors [![amreljako](https://avatars.githubusercontent.com/u/101364453?v=4)](https://github.com/amreljako "amreljako (1 commits)") ### Embed Badge ![Health badge](/badges/amreljako-secure-sanctum/health.svg) ``` [![Health](https://phpackages.com/badges/amreljako-secure-sanctum/health.svg)](https://phpackages.com/packages/amreljako-secure-sanctum) ``` ### Alternatives [hasinhayder/tyro Tyro - The ultimate Authentication, Authorization, and Role & Privilege Management solution for Laravel 12 & 13 6712.1k2](/packages/hasinhayder-tyro)[fleetbase/core-api Core Framework and Resources for Fleetbase API 1225.0k10](/packages/fleetbase-core-api)[aedart/athenaeum Athenaeum is a mono repository; a collection of various PHP packages 255.2k](/packages/aedart-athenaeum)[a2insights/filament-saas Filament Saas for A2Insights 161.1k](/packages/a2insights-filament-saas) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)