PHPackages                             hamedov/passport-multiauth - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. hamedov/passport-multiauth

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

hamedov/passport-multiauth
==========================

Multiauth and custom grants for laravel passport

2.2.5(4y ago)52.5k↓100%1[1 issues](https://github.com/hamedov93/passport-multiauth/issues)MITPHPPHP ^7.2

Since Mar 21Pushed 4y ago2 watchersCompare

[ Source](https://github.com/hamedov93/passport-multiauth)[ Packagist](https://packagist.org/packages/hamedov/passport-multiauth)[ RSS](/packages/hamedov-passport-multiauth/feed)WikiDiscussions master Synced 1mo ago

READMEChangelogDependencies (1)Versions (12)Used By (0)

Passport multiauth
==================

[](#passport-multiauth)

This package simply enables you to authenticate models other than App\\User using laravel passport.

> **Note**: Starting from version 9.x multiauth is built in in laravel passport, therefore this package is usable until version 8.x. If you still need the custom grants feature please use this package:

Installation
============

[](#installation)

`composer require hamedov/passport-multiauth`

- This package overrides `PassportServiceProvider`, so you should remove it from config/app.php providers section.

Usage
=====

[](#usage)

- Add your guards and providers to config/auth.php

```
'guards' => [
    ...
    'admin' => [
        'driver' => 'passport',
        'provider' => 'admins',
        'hash' => false,
    ],
],

'providers' => [
    ...
    'admins' => [
        'driver' => 'eloquent',
        'model' => App\Admin::class,
    ],
],

```

- Add `guard` parameter to your token request
    Example using guzzle http

```
$http = new \GuzzleHttp\Client;
$response = $http->post(config('app.url') . '/oauth/token', [
    'form_params' => [
        'grant_type' => 'password',
        'client_id' => config('api.password_client_id'),
        'client_secret' => config('api.password_client_secret'),
        'username' => 'username@example.com',
        'password' => 'userpassword',
        'scope' => '',
        'guard' => 'admin',
    ],
]);

$data = json_decode((string)$response->getBody(), true);

```

- Authenticate your models using auth middleware with the desired guard as follows:

```
Route::middleware('auth:admin')->get('/user', function (Request $request) {
    return $request->user();
});

```

- No extra parameters required for refresh token requests.
- Of course all models must extend `Illuminate\Foundation\Auth\User` and use `Laravel\Passport\HasApiTokens` Trait.
- That's all.

Revoke access token
===================

[](#revoke-access-token)

```
$model = auth()->user();
// Get model/user access token
$accessToken = $model->token();
// Revoke access token
DB::table('oauth_refresh_tokens')->where('access_token_id', $accessToken->id)->update([
    'revoked' => true
]);

$accessToken->revoke();

```

Warning
=======

[](#warning)

- Relationships that depend on `oauth_access_tokens` table such as `$user->tokens()` and `$token->user();` are not yet implemented for multiauth and won't work, You wouldn't need them anyway. However they will be implemented in a future release.

Custom grants:
==============

[](#custom-grants)

- Create a new custom grant:

We will be using facebook login as an example here

```
php artisan make:grant FacebookGrant

```

This will create a new grant class in App\\Grants folder

- Specify unique identifier for your grant

```
protected $identifier = 'facebook';

```

- Specify The parameters you will be sending in access token request for user authentication instead of username and password

```
protected $request_params = [
    'facebook_access_token',
];

```

The access token request should look like this:

```
$response = $http->post(env('APP_URL') . '/oauth/token', [
    'form_params' => [
        'grant_type' => 'facebook',
        'client_id' => config('api.password_client_id'),
        'client_secret' => config('api.password_client_secret'),
        'facebook_access_token' => 'facebook access token',
        'scope' => '',
        'guard' => 'api',
    ],
]);

```

- Next add your authentication logic to `getUserEntityByRequestParams` method

You will receive an empty instance of the authenticated model as first parameter.

The second parameter is an associative array containing values of parameters specified in `request_params` property.

- The method implementation should be something like this:

```
protected function getUserEntityByRequestParams(Model $model, $request_params,
    $guard, $grantType, ClientEntityInterface $clientEntity)
{
    // Do your logic to authenticate the user.
    // Return false or void if authentication fails.
    // This will throw OAuthServerException.
    $facebook_access_token = $request_params['facebook_access_token'];
    // Contact facebook server to make sure the token is valid and get the corresponding user profile.
    $profile = file_get_contents('https://graph.facebook.com/me?fields=name,email&access_token='.$facebook_access_token);
    $profile = (array) json_decode($profile);
    if ( ! isset($profile['email']))
    {
        // We cannot identify the user without his email address
        return;
    }

    // Retrieve user or any authenticatable model by email or create new one.
    $user = $model->firstOrCreate(['email' => $profile['email']], ['name' => $profile['name']]);

    return new User($user->getAuthIdentifier());
}

```

- You can use the previous example for any authenticatable entity without any difference, you just need to provide the guard parameter in token request and implement your authentication logic and return void/false if authentication fails or an instance of Laravel\\Passport\\Bridge\\User for success.

License
=======

[](#license)

Released under the Mit license, see [LICENSE](https://github.com/hamedov93/passport-multiauth/blob/master/LICENSE)

###  Health Score

29

—

LowBetter than 60% of packages

Maintenance16

Infrequent updates — may be unmaintained

Popularity22

Limited adoption so far

Community9

Small or concentrated contributor base

Maturity58

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~60 days

Recently: every ~132 days

Total

10

Last Release

1704d ago

Major Versions

1.1.0 → 2.0.02020-03-24

### Community

Maintainers

![](https://www.gravatar.com/avatar/82c37e59c90c4c4b24cdb4e1dc98084ea2acd19e8cc1e8f7e928af64d39c05f2?d=identicon)[hamedov](/maintainers/hamedov)

---

Top Contributors

[![hamedov93](https://avatars.githubusercontent.com/u/13410895?v=4)](https://github.com/hamedov93 "hamedov93 (6 commits)")

---

Tags

laravelpassportmultiauthcustom grant

### Embed Badge

![Health badge](/badges/hamedov-passport-multiauth/health.svg)

```
[![Health](https://phpackages.com/badges/hamedov-passport-multiauth/health.svg)](https://phpackages.com/packages/hamedov-passport-multiauth)
```

###  Alternatives

[corbosman/laravel-passport-claims

Add claims to Laravel Passport JWT Tokens

88655.9k](/packages/corbosman-laravel-passport-claims)[jeremy379/laravel-openid-connect

OpenID Connect support to the PHP League's OAuth2 Server. Compatible with Laravel Passport.

55342.3k2](/packages/jeremy379-laravel-openid-connect)[schedula/laravel-passport-socialite

The missing laravel passport feature for social authentication

4922.6k](/packages/schedula-laravel-passport-socialite)[danjdewhurst/laravel-passport-facebook-login

Facebook Token Request Grant for Laravel Passport

2824.4k](/packages/danjdewhurst-laravel-passport-facebook-login)[mikemclin/passport-custom-request-grant

Custom Request Grant for Laravel Passport

343.6k](/packages/mikemclin-passport-custom-request-grant)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)