PHPackages arhamlabs/authenticator - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. arhamlabs/authenticator ActiveLibrary[Authentication & Authorization](/categories/authentication) arhamlabs/authenticator ======================= 2.9.8(2y ago)0137PHP Since Jan 20Pushed 2y agoCompare [ Source](https://github.com/arham-labs/Janus-laravel)[ Packagist](https://packagist.org/packages/arhamlabs/authenticator)[ RSS](/packages/arhamlabs-authenticator/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (1)Dependencies (3)Versions (41)Used By (0) Laravel Authentication Package ============================== [](#laravel-authentication-package) This package will provide APIs for user authentication that is registration and login APIs with routes. Installation ------------ [](#installation) In order to install the package use the command specified below - ``` composer require arhamlabs/authenticator ``` Required Packages ----------------- [](#required-packages) While installing package you have enable sodium extension in PHP ini file. Configuration ------------- [](#configuration) Get inside the **config/app.php** file then add socialite services in providers ``` 'providers' => [ .... .... Arhamlabs\Authentication\AuthenticationServiceProvider::class ], ``` The defaults configuration settings are set in the **config/al\_auth\_config.php** file. Copy this file to your own config directory to modify the values or you can publish the config using this command: ``` php artisan vendor:publish --provider="Arhamlabs\Authentication\AuthenticationServiceProvider" ``` Finally, you should run your database migrations. This package will create following tables into database: 1.temp\_registrations 2.auth\_settings 3.temp\_otp Also for mobile otp authentication one more migration is used.Which will add columns into the user table. **Command:** ``` php artisan migrate ``` Laravel provide default migration for sanctum name as create\_personal\_access\_tokens\_table.Simply edit or create new migration for alter personal\_access\_tokens table.Add following column name as "expires\_at". ``` $table->timestamp('expires_at')->nullable(); ``` **Sanctum Token Ability Middleware Setup:** Sanctum also includes two middleware that may be used to verify that an incoming request is authenticated with a token that has been granted a given ability. To get started, add the following middleware to the $routeMiddleware property of your application's **app/Http/Kernel.php** file: ``` 'abilities' => \Laravel\Sanctum\Http\Middleware\CheckAbilities::class, 'ability' => \Laravel\Sanctum\Http\Middleware\CheckForAnyAbility::class ``` **Sanctum Token authentication exception handling on route:** To handle default exception on api routes such as AuthenticationException/AccessDeniedHttpException add following code into the register function of your application's **app/Exception/Handler.php** file: ``` $this->renderable(function (AuthenticationException $e, $request) { $errorResponse = new ApiResponse; if ($request->is('api/*')) { $customUserMessageTitle = 'Sorry, we were unable to authenticate your request'; $errorResponse->setCustomResponse($customUserMessageTitle); return $errorResponse->getResponse(401, []); } }); $this->renderable(function (AccessDeniedHttpException $e, $request) { $errorResponse = new ApiResponse; if ($request->is('api/*')) { return $errorResponse->getResponse(403, []); } }); $this->renderable(function (NotFoundHttpException $e, $request) { $errorResponse = new ApiResponse; if ($request->is('api/*')) { return $errorResponse->getResponse(404, []); } }); ``` **Update default App\\Models\\User.php:** ``` use Arhamlabs\Authentication\Models\AuthSetting; protected $fillable = [ 'uuid', 'name', 'sso_type', 'first_name', 'last_name', 'username', 'email', 'mobile', 'country_code', 'password', 'email_verified_at', ]; public function settings() { return $this->hasOne(AuthSetting::class, 'model_id', 'id')->where('model_name', 'App\Models\User'); } ``` API Reference ------------- [](#api-reference) *Registration* -------------- [](#registration) #### User registration [](#user-registration) - Users can register using email and password.Data will be saved in a temporary table. - Next If the config flag email\_verification=false then details will be saved in the main table i.e users table as well as user\_setting table will be updated. - If the config set to email\_verification=true then verification mail will send to users email. ``` POST /api/package/auth/register ``` ParameterTypeDescription`first_name``string``last_name``string``user_type``string``username``string``email``string`*Required*`password``string`*Required*`mobile``number``country_code``number``user_type``string`--- ### User Register with Mobile and OTP [](#user-register-with-mobile-and-otp) - Users can register using mobile and otp. OTP will be sent to the user via sms. - Once otp send temp\_otp table will be used for maintaining the verification details. - If mobile number already register then it will not allow to user register with same mobile number. ``` POST /api/package/auth/mobile-register ``` ParameterTypeDescription`first_name``string``last_name``string``user_type``string``username``string``email``string``password``string``mobile``number`*Required*`country_code``number`*Required*`user_type``string`--- ### Mobile OTP Verification [](#mobile-otp-verification) - This api is used to verify OTP. - Once OTP gets verified a sanctum token will be generated. - If mobile number already register then it will not allow to user register with same mobile number. ``` POST /api/package/auth/mobile-register-verify-otp ``` ParameterTypeDescription`otp``number`*Required*`mobile``string`*Required*`country_code``string`*Required*--- *User Login* ============ [](#user-login) ### User Login using Username and Password [](#user-login-using-username-and-password) - Users can login with Email/Mobile/Username and password. - Once user gets authenticated then laravel sanctum token will be generated. ``` POST /api/package/auth/login ``` ParameterTypeDescription`username``string`*Required*`password``string`*Required*--- ### User Login with Email and OTP [](#user-login-with-email-and-otp) - Users can login using email and otp. OTP will be sent to the user via email. - Once otp send temp\_otp table will be used for maintaining the verification details. ``` POST /api/package/auth/sent-email-otp ``` ParameterTypeDescription`email``string`*Required*--- ### Mail OTP Verification [](#mail-otp-verification) - This api is used to verify OTP. - Once OTP gets verified a token will be generated. Number of attempts will be added to the function. ``` POST /api/package/auth/mail-verify-otp ``` ParameterTypeDescription`otp``number`*Required*`email``string`*Required*--- ### User Register/Login with Mobile and OTP with same end point [](#user-registerlogin-with-mobile-and-otp-with-same-end-point) - Users can login using sms and otp. OTP will be sent to the user via sms. - Once otp send temp\_otp table will be used for maintaining the verification details. - If mobile number already register then it will allow user to login - If mobile number is not register then it will allow user to register and then login. ``` POST /api/package/auth/sent-mobile-otp ``` ParameterTypeDescription`mobile``string`*Required*`country_code``string`*Required*--- ### Mobile OTP Verification [](#mobile-otp-verification-1) - This api is used to verify OTP. - Once OTP gets verified a token will be generated. Number of attempts will be added to the function. - In config file if allow\_login\_or\_registration\_through\_mobile\_number flag set to be true then following scenario will be applied. - If mobile number already register then it will allow user to login - If mobile number is not register then it will allow user to register and then login. ``` POST /api/package/auth/sms-verify-otp ``` ParameterTypeDescription`otp``number`*Required*`mobile``string`*Required*`country_code``string`*Required*--- ### Forgot Password [](#forgot-password) - Users can reset password using email. Reset link will be sent to the user via email.User can change his password via reset link. - For blocked user package will not generate reset link. ``` POST /api/package/auth/forgot-password ``` ParameterTypeDescription`email``string`*Required*--- ### Logout [](#logout) - This api is used to logout user and it will destroy sanctum token of that user. ``` POST /api/package/auth/logout ``` ### Set/Change Password [](#setchange-password) - Users can set/change password using sanctum token. If user login via sso or otp then user can set their password for first time.For next time user have to provide current password to change his password. ``` POST /api/package/auth/update-password ``` ParameterTypeDescription`password``string`*Required*`password_confirmation``string`*Required*`current_password``string`*Required* (for set password)--- *Social Media Login/Registration* ================================= [](#social-media-loginregistration) ### Google [](#google) - Users can login via google account using id token.For google account validation package will validate id token and aud(client id) using [Google Client](https://packagist.org/packages/google/apiclient) package. ``` POST /api/package/auth/sso-login ``` ParameterTypeDescription`email``string`*Required*`idToken``string`*Required*`sso_type``string`*Required*`aud``string`*Required*### Linkedin- For Mobile [](#linkedin--for-mobile) - Users can login via linkedin account using id token.Package will validate id token. - *sso\_type must* be 'linkedin-mobile' ``` POST /api/package/auth/sso-login ``` ParameterTypeDescription`email``string`*Required*`idToken``string`*Required*`sso_type``string`*Required*### Linkedin- For Web [](#linkedin--for-web) - Users can login via linkedin account using authorization code.Package will validate authorization code and will fetch access token from linked in server. - Package will update user details by fetching details from linkedin server. - *sso\_type must* be 'linkedin-web' - *idToken* must be authorization code. ``` POST /api/package/auth/sso-login ``` ParameterTypeDescription`email``string`*Required*`idToken``string`*Required*`sso_type``string`*Required*### Apple [](#apple) - Users can login via apple account using id token.For linkedin account validation package will validate id token. ``` POST /api/package/auth/sso-login ``` ParameterTypeDescription`email``string`*Required*`idToken``string`*Required*`sso_type``string`*Required**Package config file* ===================== [](#package-config-file) ### al\_auth\_config.php [](#al_auth_configphp) - Developer can change configuration using al\_auth\_config.php file as follows. ``` //check email verification requirement 'email_verification' => true, //check mobile verification requirement 'mobile_verification' => true, /* If this flag is set true then user can login or register using the same endpoint based on the below scenario 1. If the user is registered initially and the api is fired then he will be logged in. 2. If the user is not registered initially and the api is fired then he will be registered. */ 'allow_login_or_registration_through_mobile_number' => false, //length for otp 'otp_length' => 4, //otp expire in minutes 'otp_expire' => 5, //SMS OTP Configuration 'sms' => [ 'delay' => 60, //in seconds 'per_day_count' => 5 //per day sms limit for user ], //allow multi login with same credentials 'user_multi_login' => true, //default user type 'user_Type' => 'app_user', //if true then it will check user block status 'is_check_user_block' => true, //email verification mail expiry in hours 'email_verification_mail_expiry' => 48, //forgot password mail expiry in hours 'forgot_password_mail_expiry' => 48, //email link encryption key 'email_encryption_key' => env('EMAIL_ENCRYPTION_KEY', 'ALAUTH'), //social media login linkedin config setup 'linkedin' => [ 'LINKEDIN_REDIRECT_URI' => env('LINKEDIN_REDIRECT_URI'), 'LINKEDIN_CLIENT_ID' => env('LINKEDIN_CLIENT_ID'), 'LINKEDIN_CLIENT_SECRET' => env('LINKEDIN_CLIENT_SECRET'), 'CURLOPT_SSL_VERIFYPEER' => env('CURLOPT_SSL_VERIFYPEER') ], //social media login apple config setup 'apple' => [ 'TOKEN_ISS' => env('TOKEN_ISS', "https://appleid.apple.com"), 'TOKEN_AUD' => env('TOKEN_AUD', "com.example.co.app"), ] ``` ### Health Score 27 — LowBetter than 49% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity11 Limited adoption so far Community6 Small or concentrated contributor base Maturity58 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~12 days Recently: every ~77 days Total 40 Last Release 746d ago Major Versions 1.2.5 → 2.02023-03-09 ### Community Maintainers ![](https://www.gravatar.com/avatar/316ab3989a98e09c181970866b2bd1e75affeb999e34ea6b9412490e7cfec246?d=identicon)[Arham Labs](/maintainers/Arham%20Labs) --- Top Contributors [![arhamlabs](https://avatars.githubusercontent.com/u/55409977?v=4)](https://github.com/arhamlabs "arhamlabs (1 commits)") ### Embed Badge ![Health badge](/badges/arhamlabs-authenticator/health.svg) ``` [![Health](https://phpackages.com/badges/arhamlabs-authenticator/health.svg)](https://phpackages.com/packages/arhamlabs-authenticator) ``` ### Alternatives [hasinhayder/tyro Tyro - The ultimate Authentication, Authorization, and Role & Privilege Management solution for Laravel 12 & 13 6712.1k2](/packages/hasinhayder-tyro)[daniel-de-wit/lighthouse-sanctum Laravel Sanctum support for Laravel Lighthouse. 61115.9k](/packages/daniel-de-wit-lighthouse-sanctum)[mohamedgaber-intake40/sanctum-refresh-token add refresh token feature to laravel sanctum official package 4573.9k](/packages/mohamedgaber-intake40-sanctum-refresh-token)[phhung1901/google_one_tap Login with google one tap/google popup login 2716.1k](/packages/phhung1901-google-one-tap)[fleetbase/core-api Core Framework and Resources for Fleetbase API 1225.0k10](/packages/fleetbase-core-api) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)