PHPackages gomu/gomuauth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. gomu/gomuauth ActiveLibrary[Authentication & Authorization](/categories/authentication) gomu/gomuauth ============= GomuAuth package for authentication 01PHP Since Dec 31Pushed 4mo agoCompare [ Source](https://github.com/gomu-group/gomu-auth)[ Packagist](https://packagist.org/packages/gomu/gomuauth)[ RSS](/packages/gomu-gomuauth/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) GomuAuth ======== [](#gomuauth) GomuAuth package for Laravel authentication with support for internal and external users. Installation ------------ [](#installation) ``` composer require gomu/gomuauth ``` Features -------- [](#features) - Token-based authentication using Laravel Sanctum - OAuth 2.0 integration with external Passport server - Device-aware token creation with automatic naming - Comprehensive token management (list, revoke) - Support for internal (HRIS) and external users - Role-based access control - Employee management integration - Stateful domains support for SPA authentication User Types ---------- [](#user-types) - **Internal Users**: For HRIS and internal applications (user\_type = 'internal') - **External Users**: For public APIs and external applications (user\_type = 'external') Authentication Methods ---------------------- [](#authentication-methods) ### 1. Sanctum Token Authentication [](#1-sanctum-token-authentication) #### Login [](#login) ``` POST /auth/token { "email": "john@example.com", "password": "password123" } Response: { "data": { "access_token": "1|abc123...", "token_type": "Bearer" } } ``` #### Logout [](#logout) ``` DELETE /auth/token Authorization: Bearer {token} Response: { "message": "Token revoked successfully" } ``` ### 2. OAuth 2.0 Authentication [](#2-oauth-20-authentication) #### Initiate OAuth Flow [](#initiate-oauth-flow) ``` GET /auth/oauth/passport/redirect ``` Redirects to external OAuth server #### OAuth Callback [](#oauth-callback) ``` GET /auth/oauth/passport/callback?code={auth_code}&state={state} ``` Handles OAuth callback and creates user session ### 3. Token Management [](#3-token-management) #### List User Tokens [](#list-user-tokens) ``` GET /auth/user-token Authorization: Bearer {token} Response: { "data": { "tokens": [ { "id": 1, "name": "Chrome - Windows (Chrome 120.0)", "abilities": ["*"], "created_at": "2025-01-01T00:00:00Z", "last_used_at": null, "expires_at": null } ] } } ``` #### Revoke Specific Token [](#revoke-specific-token) ``` DELETE /auth/user-token/{tokenId} Authorization: Bearer {token} Response: { "message": "Token revoked successfully" } ``` Authentication Endpoints ------------------------ [](#authentication-endpoints) ### General (Any User Type) [](#general-any-user-type) - `POST /auth/token` - Login (any user type) - `POST /auth/register` - Register (specify user\_type) - `DELETE /auth/token` - Logout - `GET /user-information` - Get user profile ### Internal Users [](#internal-users) - `POST /auth/internal/token` - Login (internal only) - `POST /auth/internal/register` - Register internal user - `GET /internal/user-information` - Get internal user profile ### External Users [](#external-users) - `POST /auth/external/token` - Login (external only) - `POST /auth/external/register` - Register external user - `GET /external/user-information` - Get external user profile ### Token Management [](#token-management) - `GET /auth/user-token` - List user tokens - `DELETE /auth/user-token/{tokenId}` - Revoke specific token ### OAuth Integration [](#oauth-integration) - `GET /auth/oauth/passport/redirect` - Initiate OAuth flow - `GET /auth/oauth/passport/callback` - Handle OAuth callback Configuration ------------- [](#configuration) Add to your `.env` file: ``` # Database AUTH_DB_CONNECTION=pgsql AUTH_DB_SCHEMA=account # Password hashing (legacy support) AUTH_HASH_PASSWORD=true # OAuth Passport (optional) AUTH_PASSPORT_ENABLED=false AUTH_PASSPORT_BASE_URL=https://passport.example.com AUTH_PASSPORT_CLIENT_ID=your-client-id AUTH_PASSPORT_CLIENT_SECRET=your-client-secret AUTH_PASSPORT_CALLBACK_URL=https://yourapp.com/auth/oauth/passport/callback ``` Usage ----- [](#usage) ### Register User [](#register-user) ``` POST /auth/register { "username": "johndoe", "email": "john@example.com", "password": "password123", "user_type": "internal", "role_id": "uuid-of-role" } ``` ### Login User [](#login-user) ``` POST /auth/token { "email": "john@example.com", "password": "password123" } ``` ### Using Authentication in Requests [](#using-authentication-in-requests) ``` curl -X GET \ https://yourapp.com/user-information \ -H "Authorization: Bearer {access_token}" \ -H "Accept: application/json" ``` ### OAuth Flow [](#oauth-flow) 1. Redirect user to `/auth/oauth/passport/redirect` 2. User authenticates on external OAuth server 3. OAuth server redirects back to `/auth/oauth/passport/callback` 4. Package creates/updates user and returns access token Middleware ---------- [](#middleware) ### Check User Type [](#check-user-type) ``` Route::middleware('gomu.internal')->get('/internal-only', function () { // Only internal users can access }); Route::middleware('gomu.external')->get('/external-only', function () { // Only external users can access }); ``` Security Features ----------------- [](#security-features) - **Device Tracking**: Automatic token naming based on device/browser - **Token Scoping**: Ability-based token permissions - **User Type Isolation**: Separate endpoints for internal/external users - **OAuth State Protection**: CSRF protection for OAuth flows - **Password Hashing**: Configurable legacy MD5 support Testing ------- [](#testing) Run the test suite: ``` vendor/bin/phpunit ``` Test files include: - `TokenAuthControllerTest.php` - Token authentication tests - `UserTokenControllerTest.php` - Token management tests - `PassportControllerTest.php` - OAuth integration tests ### Health Score 18 — LowBetter than 8% of packages Maintenance51 Moderate activity, may be stable Popularity1 Limited adoption so far Community6 Small or concentrated contributor base Maturity12 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/3b0744bf9f7cd2b03d818e3360be9ccc8d75380db98b336cbf325a48f43311cb?d=identicon)[irurudev](/maintainers/irurudev) --- Top Contributors [![fakhirula](https://avatars.githubusercontent.com/u/61000091?v=4)](https://github.com/fakhirula "fakhirula (10 commits)") ### Embed Badge ![Health badge](/badges/gomu-gomuauth/health.svg) ``` [![Health](https://phpackages.com/badges/gomu-gomuauth/health.svg)](https://phpackages.com/packages/gomu-gomuauth) ``` ### Alternatives [namshi/jose JSON Object Signing and Encryption library for PHP. 1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client OAuth 1.0 Client Library 99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 41721.2M118](/packages/league-oauth2-google)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)