PHPackages danilopolani/laravel-fusionauth-jwt - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. danilopolani/laravel-fusionauth-jwt ActiveLibrary danilopolani/laravel-fusionauth-jwt =================================== Laravel Auth guard for FusionAuth JWT v3.4.0(2mo ago)1118.4k↓25%6MITPHPPHP ^8.2CI passing Since Jul 30Pushed 2mo ago2 watchersCompare [ Source](https://github.com/danilopolani/laravel-fusionauth-jwt)[ Packagist](https://packagist.org/packages/danilopolani/laravel-fusionauth-jwt)[ Docs](https://github.com/danilopolani/laravel-fusionauth-jwt)[ Fund](https://www.buymeacoffee.com/theraloss)[ GitHub Sponsors](https://github.com/danilopolani)[ RSS](/packages/danilopolani-laravel-fusionauth-jwt/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (10)Dependencies (8)Versions (15)Used By (0) Laravel FusionAuth JWT ====================== [](#laravel-fusionauth-jwt) [![Latest Version on Packagist](https://camo.githubusercontent.com/da1bc9bcf62da8a0f78a953d5ae40530093db2ee2348f56c7ca65910e491a006/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f64616e696c6f706f6c616e692f6c61726176656c2d667573696f6e617574682d6a77742e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/danilopolani/laravel-fusionauth-jwt)[![Total Downloads](https://camo.githubusercontent.com/d9c241459eb2c25ccc871b1a86d4bcad8c449903f7a9abb4194a3f9066f2fe06/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f64616e696c6f706f6c616e692f6c61726176656c2d667573696f6e617574682d6a77742e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/danilopolani/laravel-fusionauth-jwt)[![GitHub Actions](https://github.com/danilopolani/laravel-fusionauth-jwt/actions/workflows/main.yml/badge.svg)](https://github.com/danilopolani/laravel-fusionauth-jwt/actions/workflows/main.yml/badge.svg) Implement an Auth guard for FusionAuth JWTs in Laravel. It ships with also a middleware to check against the user role. Installation ------------ [](#installation) You can install the package via composer: ``` composer require danilopolani/laravel-fusionauth-jwt ``` Then publish its config file: ``` php artisan vendor:publish --tag=fusionauth-jwt-config ``` Configuration ------------- [](#configuration) There are a few notable configuration options for the package. KeyTypeDescription`domain`StringYour FusionAuth domain, e.g. `auth.myapp.com` or `sandbox.fusionauth.io`.`client_id`StringThe Client ID of the current application.`client_secret`StringThe Client Secret of the current application.`issuers`ArrayA list of authorized issuers for the incoming JWT.`audience`String | NullThe ID/Name of the authorized audience. If null, the **Client ID** will be used.`supported_algs`ArrayThe supported algorithms of the JWT. Supported: `RS256` and `HS256`.`default_role`String | NullThe default role to be checked if you're using the [`CheckRole`](#role-middleware) middleware.Usage ----- [](#usage) To start protecting your APIs you need to add the Guard and the Auth Provider to your `config/auth.php` configuration file: ``` 'guards' => [ // ... 'fusionauth' => [ 'driver' => 'fusionauth', 'provider' => 'fusionauth', ], ], 'providers' => [ // ... 'fusionauth' => [ 'driver' => 'fusionauth', ], ], ``` Then you can use the `auth:fusionauth` guard to protect your endpoints; you can apply it to a group or a single route: ``` // app\Http\Kernel.php protected $middlewareGroups = [ 'api' => [ 'auth:fusionauth', // ... ], ]; // or routes/api.php Route::get('users', [UserController::class, 'index']) ->middleware('auth:fusionauth'); ``` Now requests for those endpoints will check if the given JWT (given as **Bearer token**) is valid. To retrieve the current logged in user - or to check if it's logged in - you can use the usual `Auth` facade methods, specifying the `fusionauth` guard: ``` Auth::guard('fusionauth')->check(); /** @var \DaniloPolani\FusionAuthJwt\FusionAuthJwtUser $user */ $user = Auth::guard('fusionauth')->user(); ``` ### Role middleware [](#role-middleware) The package ships with a handy middleware to check for user role (stored in the `roles` key). You can apply it on a middleware group inside the `Kernel.php` or to specific routes: ``` // app\Http\Kernel.php protected $middlewareGroups = [ 'api' => [ 'auth:fusionauth', \DaniloPolani\FusionAuthJwt\Http\Middleware\CheckRole::class, // ... ], ]; // or routes/api.php Route::get('users', [UserController::class, 'index']) ->middleware(['auth:fusionauth', 'fusionauth.role']); ``` By default the middleware will check that the current user has the `default_role` specified in the configuration file, but you can use as well a specific role, different from the default: ``` // routes/api.php Route::get('users', [UserController::class, 'index']) ->middleware(['auth:fusionauth', 'fusionauth.role:admin']); ``` For more complex cases we suggest you to take a look on how the [`CheckRole`](https://github.com/danilopolani/laravel-fusionauth-jwt/blob/master/src/Http/Middleware/CheckRole.php) middleware is written (using the [`RoleManager`](https://github.com/danilopolani/laravel-fusionauth-jwt/blob/master/src/Helpers/RoleManager.php) class) and write your own. ### Usage in tests [](#usage-in-tests) When you need to test your endpoints in Laravel, you can take advantage of the [`actingAs`](https://laravel.com/docs/8.x/http-tests#session-and-authentication) method to set the current logged in user. You can pass any property you want to the `FusionAuthJwtUser` class, like `email`, `user` etc. Take a look at this example where we specify the user roles: ``` use DaniloPolani\FusionAuthJwt\FusionAuthJwtUser; $this ->actingAs( new FusionAuthJwtUser([ 'roles' => ['user', 'admin'], ]), 'fusionauth', ) ->get('/api/users') ->assertOk(); ``` If you need to set the authenticated user outside HTTP testing (therefore you can't use `actingAs()`), you can use the `setUser()` method of the `Auth` facade: ``` use DaniloPolani\FusionAuthJwt\FusionAuthJwtUser; use Illuminate\Support\Facades\Auth; Auth::guard('fusionauth')->setUser( new FusionAuthJwtUser([ 'roles' => ['user', 'admin'], ]) ); ``` ### Changelog [](#changelog) Please see [CHANGELOG](CHANGELOG.md) for more information what has changed recently. Contributing ------------ [](#contributing) Please see [CONTRIBUTING](CONTRIBUTING.md) for details. ### Security [](#security) If you discover any security related issues, please email instead of using the issue tracker. Credits ------- [](#credits) - [Danilo Polani](https://github.com/danilopolani) - [All Contributors](../../contributors) License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. Laravel Package Boilerplate --------------------------- [](#laravel-package-boilerplate) This package was generated using the [Laravel Package Boilerplate](https://laravelpackageboilerplate.com). ### Health Score 55 — FairBetter than 98% of packages Maintenance83 Actively maintained with recent releases Popularity35 Limited adoption so far Community14 Small or concentrated contributor base Maturity71 Established project with proven stability Bus Factor1 Top contributor holds 90.9% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~139 days Recently: every ~95 days Total 13 Last Release 87d ago Major Versions v1.0.0 → v2.0.02022-02-21 2.x-dev → v3.0.02024-03-10 PHP version history (3 changes)1.x-devPHP ^7.4|^8.0 v2.0.0PHP ^8.0.2 v3.0.0PHP ^8.2 ### Community Maintainers ![](https://www.gravatar.com/avatar/8ed568a3c0ca4ca3d3b7d199371b455e3a50347dcffc39ec01c94e04743bdcd6?d=identicon)[Theraloss](/maintainers/Theraloss) --- Top Contributors [![danilopolani](https://avatars.githubusercontent.com/u/6277291?v=4)](https://github.com/danilopolani "danilopolani (20 commits)")[![licinifilippo](https://avatars.githubusercontent.com/u/30898051?v=4)](https://github.com/licinifilippo "licinifilippo (1 commits)")[![vip-pana](https://avatars.githubusercontent.com/u/96469762?v=4)](https://github.com/vip-pana "vip-pana (1 commits)") --- Tags danilopolanilaravel-fusionauth-jwt ### Code Quality TestsPest ### Embed Badge ![Health badge](/badges/danilopolani-laravel-fusionauth-jwt/health.svg) ``` [![Health](https://phpackages.com/badges/danilopolani-laravel-fusionauth-jwt/health.svg)](https://phpackages.com/packages/danilopolani-laravel-fusionauth-jwt) ``` ### Alternatives [laravel/passport Laravel Passport provides OAuth2 server support to Laravel. 3.4k85.0M532](/packages/laravel-passport)[laravel/socialite Laravel wrapper around OAuth 1 & OAuth 2 libraries. 5.7k96.9M674](/packages/laravel-socialite)[laravel/pulse Laravel Pulse is a real-time application performance monitoring tool and dashboard for your Laravel application. 1.7k12.1M99](/packages/laravel-pulse)[roots/acorn Framework for Roots WordPress projects built with Laravel components. 9682.1M97](/packages/roots-acorn)[laravel/mcp Rapidly build MCP servers for your Laravel applications. 74310.9M66](/packages/laravel-mcp)[omniphx/forrest A Laravel library for Salesforce 2724.4M8](/packages/omniphx-forrest) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)