PHPackages                             designmynight/laravel-oauth-introspect-middleware - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. designmynight/laravel-oauth-introspect-middleware

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

designmynight/laravel-oauth-introspect-middleware
=================================================

Laravel package for letting a resource owner verify OAuth2 access tokens with a remote authorization server

v4.0.1(1y ago)253.1k↓35.6%1MITPHPPHP ^8.3

Since Jan 29Pushed 5mo ago3 watchersCompare

[ Source](https://github.com/designmynight/laravel-oauth-introspect-middleware)[ Packagist](https://packagist.org/packages/designmynight/laravel-oauth-introspect-middleware)[ RSS](/packages/designmynight-laravel-oauth-introspect-middleware/feed)WikiDiscussions master Synced 3d ago

READMEChangelog (10)Dependencies (4)Versions (32)Used By (0)

Especially for a microservices architecture, authentication and authorization functions should be delegated. Protecting resources is best done by implementing the web services as a pure OAuth2 resource server, relying on token verification on a remote authorization server.

Laravel Middleware for OAuth 2.0 Token Introspection
====================================================

[](#laravel-middleware-for-oauth-20-token-introspection)

Laravel Passport provides a full OAuth2 server implementation, yet misses optional OAuth2 functionalties as defined in OAuth 2.0 Token Introspection (RFC7662).

The Introspection endpoint is provided by [ipunkt/laravel-oauth-introspection](https://github.com/ipunkt/laravel-oauth-introspection). This package provides the middleware required for verifying an access token against a remote Introspection endpoint.

**Note**: To prevent token scanning attacks, the endpoint MUST also require some form of authorization to access this endpoint. The provided middleware assumes the introspection endpoint requires an OAuth2 Bearer token retrieved using a client credentials grant. Therefore, you MUST provide a valid *client id* and *client secret*.

Installation
============

[](#installation)

Install the package on your resource server

```
composer require designmynight/laravel-oauth-introspect-middleware

```

and add the Service Provider in your `config/app.php`

```
'providers' => [
     // [..]
    \DesignMyNight\Laravel\OAuth2\IntrospectMiddlewareServiceProvider::class
     // [..]
];
```

and add the MiddleWare in your `App/Http/Kernel.php`

```
protected $routeMiddleware = [
    // [..]
    'verifyaccesstoken' => \DesignMyNight\Laravel\OAuth2\VerifyAccessToken::class,
    // [..]
];
```

publish the configuration

```
php artisan vendor:publish

```

Finally in your `.env` file, define the following properties

```
# Url of the authorization server
AUTHORIZATION_SERVER_URL="https://authorization.server.dom"
# Client Identifier as defined in https://tools.ietf.org/html/rfc6749#section-2.2
AUTHORIZATION_SERVER_CLIENT_ID="123"
# The client secret
AUTHORIZATION_SERVER_CLIENT_SECRET="abcdefg"
# Endpoint for requesting the access token
AUTHORIZATION_SERVER_TOKEN_URL="${AUTHORIZATION_SERVER_URL}/oauth/token"
# The OAuth2 Introspection endpoint https://tools.ietf.org/html/rfc7662
AUTHORIZATION_SERVER_INTROSPECT_URL="${AUTHORIZATION_SERVER_URL}/oauth/introspect"

# Optional configuration for requesting an OAuth2 access tokens using the implicit grant flow
AUTHORIZATION_SERVER_AUTHORIZATION_URL="${AUTHORIZATION_SERVER_URL}/oauth/authorize"
AUTHORIZATION_SERVER_REDIRECT_URL=https://my.machine.dom
```

Now, use the middleware.

```
Route::group(['middleware'=>'verifyaccesstoken:required-scope1,required-scope2'], function () {
	Route::get('/endpoint1', 'UserController@index');
	Route::resource('/resource', 'OrderController');
});
```

###  Health Score

54

—

FairBetter than 96% of packages

Maintenance58

Moderate activity, may be stable

Popularity33

Limited adoption so far

Community19

Small or concentrated contributor base

Maturity89

Battle-tested with a long release history

 Bus Factor1

Top contributor holds 76% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~116 days

Recently: every ~151 days

Total

23

Last Release

508d ago

Major Versions

v1.0.4 → v2.0.02018-08-21

v2.0.11 → v3.0.02023-06-19

v2.0.13 → v3.2.02025-01-03

v3.2.0 → v4.0.12025-02-11

PHP version history (3 changes)v1.0.0PHP ^7.0

v3.0.0PHP ^8.0

v2.0.12PHP ^8.3

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/6871504?v=4)[Dan](/maintainers/danjohnson95)[@danjohnson95](https://github.com/danjohnson95)

![](https://avatars.githubusercontent.com/u/12199424?v=4)[Steve Porter](/maintainers/StevePorter92)[@StevePorter92](https://github.com/StevePorter92)

![](https://avatars.githubusercontent.com/u/465569?v=4)[Will Taylor-Jackson](/maintainers/willtj)[@willtj](https://github.com/willtj)

![](https://avatars.githubusercontent.com/u/9197954?v=4)[James](/maintainers/jmosul)[@jmosul](https://github.com/jmosul)

![](https://avatars.githubusercontent.com/u/1786811?v=4)[Ally](/maintainers/alasdairmackenzie)[@alasdairmackenzie](https://github.com/alasdairmackenzie)

---

Top Contributors

[![robbytaylor](https://avatars.githubusercontent.com/u/2005679?v=4)](https://github.com/robbytaylor "robbytaylor (38 commits)")[![RobJenkinson](https://avatars.githubusercontent.com/u/15452139?v=4)](https://github.com/RobJenkinson "RobJenkinson (4 commits)")[![arietimmerman](https://avatars.githubusercontent.com/u/2026675?v=4)](https://github.com/arietimmerman "arietimmerman (3 commits)")[![jmosul](https://avatars.githubusercontent.com/u/9197954?v=4)](https://github.com/jmosul "jmosul (3 commits)")[![alasdairmackenzie](https://avatars.githubusercontent.com/u/1786811?v=4)](https://github.com/alasdairmackenzie "alasdairmackenzie (1 commits)")[![MihailProcudin](https://avatars.githubusercontent.com/u/19872423?v=4)](https://github.com/MihailProcudin "MihailProcudin (1 commits)")

---

Tags

shared

### Embed Badge

![Health badge](/badges/designmynight-laravel-oauth-introspect-middleware/health.svg)

```
[![Health](https://phpackages.com/badges/designmynight-laravel-oauth-introspect-middleware/health.svg)](https://phpackages.com/packages/designmynight-laravel-oauth-introspect-middleware)
```

###  Alternatives

[unopim/unopim

UnoPim Laravel PIM

10.5k2.4k](/packages/unopim-unopim)[backpack/crud

Quickly build admin interfaces using Laravel, Bootstrap and JavaScript.

3.4k3.7M223](/packages/backpack-crud)[grumpydictator/firefly-iii

Firefly III: a personal finances manager.

23.9k69.5k](/packages/grumpydictator-firefly-iii)[statamic/cms

The Statamic CMS Core Package

4.8k3.6M986](/packages/statamic-cms)[jeremy379/laravel-openid-connect

OpenID Connect support to the PHP League's OAuth2 Server. Compatible with Laravel Passport.

59437.0k9](/packages/jeremy379-laravel-openid-connect)[eslazarev/wildberries-sdk

Wildberries OpenAPI clients (generated).

273.0k](/packages/eslazarev-wildberries-sdk)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
