PHPackages                             codebot/laravel-usub - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. codebot/laravel-usub

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

codebot/laravel-usub
====================

Laravel package for authenticated user substitution to login as other users.

0.1.7(6y ago)12.3k↓100%1[1 PRs](https://github.com/hakobyansen/laravel-usub/pulls)MITPHPPHP ^7.1

Since Jan 27Pushed 3y ago1 watchersCompare

[ Source](https://github.com/hakobyansen/laravel-usub)[ Packagist](https://packagist.org/packages/codebot/laravel-usub)[ RSS](/packages/codebot-laravel-usub/feed)WikiDiscussions master Synced 1mo ago

READMEChangelogDependencies (3)Versions (11)Used By (0)

[![Build Status](https://camo.githubusercontent.com/44c9e3271d3dd48ec252cd9121a6dfeb1c2288b755672c54e7de6f7bc74cfb51/68747470733a2f2f7472617669732d63692e636f6d2f633064336230742f6c61726176656c2d757375622e7376673f6272616e63683d6d6173746572)](https://travis-ci.com/c0d3b0t/laravel-usub)

About laravel-usub
==================

[](#about-laravel-usub)

Laravel package for authenticated user substitution to login as other users. You will find this package useful when your client says "As an admin I want to be authenticated and act as chosen user without typing password, and want to back to my admin dashboard by single click.".

Installation
============

[](#installation)

- Install the package using composer - run command `composer require codebot/laravel-usub:0.1.*`
- Publish vendors using `php artisan vendor:publish --tag=laravel-usub` command. You will get published config file **config/usub.php**, middleware **app/Http/Middleware/UsubSignIn.php**, command **app/Console/Commands/ClearUsubTokens.php**, directory **views/vendor/usub**and migration to create usub\_tokens table.
- Run `php artisan migrate` to create usub\_tokens table.
- If auto-discovery doesn't work for you then register service provider by adding `Usub\Core\UsubServiceProvider::class` to providers in config/app.php file.
- Add the `UsubSignIn` middleware to the `$routeMiddleware` array in the `App\Http\Kernel.php` class.

***You need complete UsubSignIn middleware to implement permissions. For example:***

```
    public function handle( $request, Closure $next )
    {
        if ( !$request->user()->hasRole( 'admin' ) )
        {
            abort( 401 );
        }

        return $next( $request );
    }
```

Configuration
-------------

[](#configuration)

*expiration* - Usub token expiration time in minutes.

*length* - Length of generated usub token.

*redirect\_to\_on\_sign\_in* - Default URL where user will be redirected on sign in whenever it's not overridden by redirect\_to\_on\_sign\_in key in request, e.g. by hidden input field.

*redirect\_to\_on\_sign\_out* - Default URL where user will be redirected on sign out whenever it's not overridden by redirect\_to\_on\_sign\_out key in request, e.g. by hidden input field.

*redirect\_to\_on\_cookie\_expiration* - URL where user will be redirected when token cookie expired.

*forget\_cookies\_on\_sign\_out* - **Array** of cookie names that will be removed from browser on sign out and usub token expiration.

You can change the configuration in your .env file if you need to.

```
USUB_TOKEN_EXPIRATION=120
USUB_TOKEN_LENGTH=100
USUB_REDIRECT_TO_ON_SIGN_IN="/"
USUB_REDIRECT_TO_ON_SIGN_OUT="/"
USUB_REDIRECT_TO_ON_COOKIE_EXPIRATION="/"

```

Usage
-----

[](#usage)

Once you have package installed, following routes are registered:

- `POST /usub/sign-in` - used to sign up as given user id.

    - Fields
        - **user2** *(required)*
        - **redirect\_to\_on\_sign\_in** (optional, once set - overrides redirect\_to\_on\_sign\_in config variable )
        - **redirect\_to\_on\_sign\_out** (optional, once set - overrides redirect\_to\_on\_sign\_out config variable )
- `POST /usub/sign-out` - used to "sign up back" to administrator account.

    - No field needs to be specified.

An example of html form that can be used to sign in as specific user:

```
@if( \Auth::user()->hasRole('admin') )
    @include('vendor.usub.partials.sign_in', [
        'user_id' => $user->id,
        'on_sign_in' => route('home'),
        'on_sign_out' => route('backend.user.index')
    ])
@endif
```

If you won't specify `on_sign_in` and `on_sign_out` values, then it will use defaults from the `config/usub.php` config file.

An example of html form that can be used to sign out and back to admin dashboard (or whatever page you need):

```
@if( \Illuminate\Support\Facades\Cookie::get('usub_token') )

            @csrf
            Back to Admin

@endif
```

Cleanup
-------

[](#cleanup)

To delete expired tokens from the `usub_tokens` database table, you can use `php artisan usub:clear` command.

###  Health Score

28

—

LowBetter than 54% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity20

Limited adoption so far

Community11

Small or concentrated contributor base

Maturity51

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 97.3% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~77 days

Recently: every ~96 days

Total

7

Last Release

2196d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/46efdc41146809a879b858eb0fa5bbf94c34f931866a1237e7467eeaa5f752e1?d=identicon)[sen.hakobyan](/maintainers/sen.hakobyan)

---

Top Contributors

[![hakobyansen](https://avatars.githubusercontent.com/u/43189667?v=4)](https://github.com/hakobyansen "hakobyansen (110 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (2 commits)")[![xnf4o](https://avatars.githubusercontent.com/u/24823255?v=4)](https://github.com/xnf4o "xnf4o (1 commits)")

---

Tags

authenticationlaravelphp7

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/codebot-laravel-usub/health.svg)

```
[![Health](https://phpackages.com/badges/codebot-laravel-usub/health.svg)](https://phpackages.com/packages/codebot-laravel-usub)
```

###  Alternatives

[namshi/jose

JSON Object Signing and Encryption library for PHP.

1.8k99.6M99](/packages/namshi-jose)[league/oauth1-client

OAuth 1.0 Client Library

99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield

Filament support for `spatie/laravel-permission`.

2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle

Implements a refresh token system over Json Web Tokens in Symfony

70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google

Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client

41721.2M117](/packages/league-oauth2-google)[illuminate/auth

The Illuminate Auth package.

9327.3M1.0k](/packages/illuminate-auth)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)