PHPackages arietimmerman/laravel-oauth-introspect-middleware - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. arietimmerman/laravel-oauth-introspect-middleware ActiveLibrary[Authentication & Authorization](/categories/authentication) arietimmerman/laravel-oauth-introspect-middleware ================================================= Laravel Middleware for letting a resource owner verify a OAuth2 access tokens with a remote authorization server v0.5.4(4y ago)173489MITPHPPHP ^7.0|^8.0CI failing Since Dec 23Pushed 4y ago2 watchersCompare [ Source](https://github.com/arietimmerman/laravel-oauth-introspect-middleware)[ Packagist](https://packagist.org/packages/arietimmerman/laravel-oauth-introspect-middleware)[ RSS](/packages/arietimmerman-laravel-oauth-introspect-middleware/feed)WikiDiscussions master Synced yesterday READMEChangelogDependencies (4)Versions (8)Used By (0) [![](https://github.com/arietimmerman/laravel-oauth-introspect-middleware/workflows/CI/badge.svg)](https://github.com/arietimmerman/laravel-oauth-introspect-middleware/workflows/CI/badge.svg)[![Latest Stable Version](https://camo.githubusercontent.com/15c43d6411c402eb5886f9bc8acc03e2b192e4a2f79691b347691ac0f3c65643/68747470733a2f2f706f7365722e707567782e6f72672f6172696574696d6d65726d616e2f6c61726176656c2d6f617574682d696e74726f73706563742d6d6964646c65776172652f762f737461626c65)](https://packagist.org/packages/arietimmerman/laravel-oauth-introspect-middleware)[![Total Downloads](https://camo.githubusercontent.com/e204f17ac626bdae5fc7b500963788fd3da56479ebfcc68857e6fcf88628969b/68747470733a2f2f706f7365722e707567782e6f72672f6172696574696d6d65726d616e2f6c61726176656c2d6f617574682d696e74726f73706563742d6d6964646c65776172652f646f776e6c6f616473)](https://packagist.org/packages/arietimmerman/laravel-oauth-introspect-middleware) Especially for a microservices architecture, authentication and authorization functions should be delegated. Protecting resources is best done by implementing the web services as a pure OAuth2 resource server, relying on token verification on a remote authorization server. Laravel Middleware for OAuth 2.0 Token Introspection ==================================================== [](#laravel-middleware-for-oauth-20-token-introspection) Laravel Passport provides a full OAuth2 server implementation, yet misses optional OAuth2 functionalties as defined in OAuth 2.0 Token Introspection (RFC7662). The Introspection endpoint is provided by [ipunkt/laravel-oauth-introspection](https://github.com/ipunkt/laravel-oauth-introspection). This package provides the middleware required for verifying an access token against a remote Introspection endpoint. **Note**: To prevent token scanning attacks, the endpoint MUST also require some form of authorization to access this endpoint. The provided middleware assumes the introspection endpoint requires an OAuth2 Bearer token retrieved using a client credentials grant. Therefore, you MUST provide a valid *client id* and *client secret*. Installation ============ [](#installation) Install the package on your resource server ``` composer require arietimmerman/laravel-oauth-introspect-middleware ``` and add the Service Provider in your `config/app.php` ``` 'providers' => [ // [..] \ArieTimmerman\Laravel\OAuth2\ServiceProvider::class // [..] ]; ``` and add the MiddleWare in your `App/Http/Kernel.php` ``` protected $routeMiddleware = [ // [..] 'verifyaccesstoken' => \ArieTimmerman\Laravel\OAuth2\VerifyAccessToken::class, // Or 'verifyaccesstoken_has_any' => \ArieTimmerman\Laravel\OAuth2\VerifyAccessTokenHasAnyScope::class, // [..] ]; ``` publish the configuration ``` php artisan vendor:publish ``` Configuration ============= [](#configuration) In your `.env` file, define the following properties ``` # Url of the authorization server AUTHORIZATION_SERVER_URL="https://authorization.server.dom" # Client Identifier as defined in https://tools.ietf.org/html/rfc6749#section-2.2 AUTHORIZATION_SERVER_CLIENT_ID="123" # The client secret AUTHORIZATION_SERVER_CLIENT_SECRET="abcdefg" # Endpoint for requesting the access token AUTHORIZATION_SERVER_TOKEN_URL="${AUTHORIZATION_SERVER_URL}/oauth/token" # The OAuth2 Introspection endpoint https://tools.ietf.org/html/rfc7662 AUTHORIZATION_SERVER_INTROSPECT_URL="${AUTHORIZATION_SERVER_URL}/oauth/introspect" # Optional configuration for requesting an OAuth2 access tokens using the implicit grant flow AUTHORIZATION_SERVER_AUTHORIZATION_URL="${AUTHORIZATION_SERVER_URL}/oauth/authorize" AUTHORIZATION_SERVER_REDIRECT_URL=https://my.machine.dom ``` Now, use the middleware. ``` Route::group(['middleware'=>'verifyaccesstoken:required-scope1,required-scope2'], function () { Route::get('/endpoint1', 'UserController@index'); Route::resource('/resource', 'OrderController'); }); // or if only one of the scopes from the list is required Route::group(['middleware'=>'verifyaccesstoken_has_any:required-scope1,required-scope2'], function () { Route::get('/endpoint1', 'UserController@index'); Route::resource('/resource', 'OrderController'); }); ``` ### Health Score 30 — LowBetter than 64% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity24 Limited adoption so far Community11 Small or concentrated contributor base Maturity53 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~95 days Total 5 Last Release 1587d ago PHP version history (2 changes)v0.5.0PHP ^7.0 v0.5.1PHP ^7.0|^8.0 ### Community Maintainers ![](https://www.gravatar.com/avatar/957298e7676d3a0e0fc0836e1374738ef5c407884f6b1b2e8c7998e27e4667d0?d=identicon)[arietimmerman](/maintainers/arietimmerman) --- Top Contributors [![arietimmerman](https://avatars.githubusercontent.com/u/2026675?v=4)](https://github.com/arietimmerman "arietimmerman (20 commits)") ### Code Quality Code StylePHP\_CodeSniffer ### Embed Badge ![Health badge](/badges/arietimmerman-laravel-oauth-introspect-middleware/health.svg) ``` [![Health](https://phpackages.com/badges/arietimmerman-laravel-oauth-introspect-middleware/health.svg)](https://phpackages.com/packages/arietimmerman-laravel-oauth-introspect-middleware) ``` ### Alternatives [josiasmontag/laravel-recaptchav3 Recaptcha V3 for Laravel package 2641.6M2](/packages/josiasmontag-laravel-recaptchav3)[rahul900day/laravel-captcha Different types of Captcha implementation for Laravel Application. 10715.9k](/packages/rahul900day-laravel-captcha)[truckersmp/steam-socialite Laravel Socialite provider for Steam OpenID. 1516.7k](/packages/truckersmp-steam-socialite)[aedart/athenaeum Athenaeum is a mono repository; a collection of various PHP packages 245.2k](/packages/aedart-athenaeum)[pitchanon/facebook-connect A Laravel package for connecting to the Meta (Facebook) Graph API. 264.3k1](/packages/pitchanon-facebook-connect) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)