PHPackages                             fuzz/laravel-oauth - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. fuzz/laravel-oauth

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

fuzz/laravel-oauth
==================

auth

1.0.0-p1(9y ago)320.1k[2 issues](https://github.com/fuzz-productions/laravel-oauth/issues)1MITPHP

Since Jul 7Pushed 6y ago27 watchersCompare

[ Source](https://github.com/fuzz-productions/laravel-oauth)[ Packagist](https://packagist.org/packages/fuzz/laravel-oauth)[ RSS](/packages/fuzz-laravel-oauth/feed)WikiDiscussions master Synced 4w ago

READMEChangelogDependencies (10)Versions (11)Used By (1)

Laravel OAuth [![Build Status](https://camo.githubusercontent.com/9423058f5ec2bc2333417b92181c87fe17ec700d6b61b743f538584be889dd72/68747470733a2f2f696d672e736869656c64732e696f2f7472617669732f66757a7a2d70726f64756374696f6e732f6c61726176656c2d6f617574682f6d61737465722e7376673f7374796c653d666c6174)](https://travis-ci.org/fuzz-productions/laravel-oauth)
===============================================================================================================================================================================================================================================================================================================================================================

[](#laravel-oauth-)

An OAuth wrapper to bridge `lucadegasperi/oauth2-server-laravel` and Laravel's authentication system while providing optional support for `fuzz/magic-box` repositories

Setup
-----

[](#setup)

1. Require the composer package
2. Set up your project `AuthServiceProvider` to extend `Fuzz\Auth\Providers\AuthServiceProvider`
3. Follow instructions in `lucadegasperi/oauth2-server-laravel` to set it up.
4. Configure the `grant_types` array in `config/oauth2.php` to use the Fuzz grants (or extend/create your own)

    ```
    'grant_types'             => [
    	'password' => [
    		'class' => \Fuzz\Auth\OAuth\Grants\PasswordGrant::class,
    		'callback' => '\Fuzz\Auth\OAuth\Grants\PasswordGrantVerifier@verify',
    		'access_token_ttl' => 7600,
    	],
    	'refresh_token' => [
    		'class' => \Fuzz\Auth\OAuth\Grants\RefreshTokenGrant::class,
    		'access_token_ttl' => 7600,
    		'refresh_token_ttl' => 14600,
    	],
    ],

    ```
5. Set up `config/auth.php`

    Set the default guard to `api`

    ```
    'defaults' => [
        'guard' => 'api',
        'passwords' => 'users',
    ],

    ```

    Set the `api` guard to use `\Fuzz\Auth\Guards\OAuthGuard::class` as its driver

    ```
    'api' => [
        'driver' => \Fuzz\Auth\Guards\OAuthGuard::class,
        'provider' => 'users',
    ],

    ```

    Set Laravel to use the `oauth` user provider and set your project's User class

    ```
    'providers' => [
        'users' => [
            'driver' => 'oauth',
            'model' => \App\User::class,
            'token_key' => 'access_token',
        ],
    ],

    ```
6. Create `app/Http/Middleware/OAuthMiddleware.php` and extend `Fuzz\Auth\Middleware\OAuthenticateMiddleware`. Add it to the `$routeMiddleware` array in `app/Http/Kernel.php
7. Your User class should implement the `Fuzz\Auth\Models\AgentInterface` and `Illuminate\Contracts\Auth\Authenticatable` and their required methods

Usage
-----

[](#usage)

### Protecting routes

[](#protecting-routes)

Routes that require authentication can now be protected with the `auth` middleware:

```
$router->group(
    ['middleware' => 'auth'], function (Router $router) {
        $router->get('locations', 'LocationsController@index');
});

```

Within any authenticated route, you can use all the default Laravel `Auth` methods such as `Auth::user()` to resolve the currently authenticated user. `lucadegasperi/oauth2-server-laravel` provides a way to protect routes based on scope, but you can also use `Fuzz\Auth\Policies\RepositoryModelPolicy@requireScopes` to throw `League\OAuth2\Server\Exception\AccessDeniedException` exceptions when a user does not have the required scopes.

### Protecting resources

[](#protecting-resources)

Laravel OAuth comes with a base `Fuzz\Auth\Policies\RepositoryModelPolicy` but you may create your own (implementing the `Fuzz\Auth\Policies\RepositoryModelPolicyInterface` might be helpful). Extending `Fuzz\Auth\Policies\RepositoryModelPolicy` will provide some base methods to ease writing policies for repositories.

Once a policy is set up and mapped to its model class, you may use it to check user permissions according to your policy:

```
 if (policy(ModelClass::class)->index($user, $postRepository)) {
 		// Index stuff
 }

```

### Resolving the current user

[](#resolving-the-current-user)

All of Laravel's `Auth` methods will work, so resolving the current user is as simple as `$user = Auth::user()`. `https://laravel.com/docs/5.2/authentication`.

`Auth` will use your default guard unless specified. A typical guard set up for an OAuth specced API would be having one for users accessing via a client and another for client-only requests. Currently there is only `Fuzz\Auth\Guards\OAuthGuard` which is responsible for resolving the user for a request.

TODOs
-----

[](#todos)

1. Separate `fuzz/laravel-oauth` from `fuzz/magic-box`
2. Support client requests in their own guard and be compatible with the current user `OAuthGuard`

###  Health Score

31

—

LowBetter than 66% of packages

Maintenance7

Infrequent updates — may be unmaintained

Popularity23

Limited adoption so far

Community11

Small or concentrated contributor base

Maturity69

Established project with proven stability

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~335 days

Total

5

Last Release

2304d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/00415e4fac75ee392fb49e37fb7fb412b908687d4da0eb3ff0e942c944d619c9?d=identicon)[Fuzzpro](/maintainers/Fuzzpro)

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/fuzz-laravel-oauth/health.svg)

```
[![Health](https://phpackages.com/badges/fuzz-laravel-oauth/health.svg)](https://phpackages.com/packages/fuzz-laravel-oauth)
```

###  Alternatives

[symfony/security-bundle

Provides a tight integration of the Security component into the Symfony full-stack framework

2.5k181.3M2.2k](/packages/symfony-security-bundle)[symfony/security-http

Symfony Security Component - HTTP Integration

1.7k172.8M351](/packages/symfony-security-http)[web-auth/webauthn-framework

FIDO2/Webauthn library for PHP and Symfony Bundle.

51390.8k3](/packages/web-auth-webauthn-framework)[web-auth/webauthn-symfony-bundle

FIDO2/Webauthn Security Bundle For Symfony

65474.5k9](/packages/web-auth-webauthn-symfony-bundle)[2lenet/crudit-bundle

The easy like Crud'it Bundle.

1615.6k12](/packages/2lenet-crudit-bundle)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
