PHPackages hasinhayder/tyro-login - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Templating & Views](/categories/templating) 4. / 5. hasinhayder/tyro-login ActiveLibrary[Templating & Views](/categories/templating) hasinhayder/tyro-login ====================== Tyro Login - Beautiful, customizable authentication views for Laravel 12 & 13 v2.4.2(1mo ago)2362.2k↓26.6%231MITPHPPHP ^8.2 Since Nov 30Pushed 1mo ago3 watchersCompare [ Source](https://github.com/hasinhayder/tyro-login)[ Packagist](https://packagist.org/packages/hasinhayder/tyro-login)[ RSS](/packages/hasinhayder-tyro-login/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (20)Versions (29)Used By (1) Tyro Login ========== [](#tyro-login) [![Latest Version on Packagist](https://camo.githubusercontent.com/28365ffe2047af571a7328a3e01d638be16032637f5385c2ef6d9162a3d0e2ed/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f686173696e6861796465722f7479726f2d6c6f67696e2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/hasinhayder/tyro-login)[![Total Downloads](https://camo.githubusercontent.com/178837c6e155937d05e32fd81ce089a511371b50b23f322b641f64a945489aa9/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f686173696e6861796465722f7479726f2d6c6f67696e2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/hasinhayder/tyro-login)[![License](https://camo.githubusercontent.com/cb295eea605ae46db6fb8ea019b3fd84a3926250444aa1be898279a1fce7f967/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f686173696e6861796465722f7479726f2d6c6f67696e2e7376673f7374796c653d666c61742d737175617265)](https://github.com/hasinhayder/tyro-login/blob/main/LICENSE) [Website](https://hasinhayder.github.io/tyro/tyro-login/) | [Documentation](https://hasinhayder.github.io/tyro/tyro-login/doc.html) | [GitHub](https://github.com/hasinhayder/tyro-login) **Beautiful, customizable authentication views for Laravel 12 and 13** – Tyro Login provides professional, ready-to-use login and registration pages with multiple layout options and seamless integration with the [Tyro](https://github.com/hasinhayder/tyro) package. Features -------- [](#features) - **Multiple Layouts** - 5 beautiful layouts: centered, split-left, split-right, fullscreen, and card - **Beautiful Design** - Modern, professional UI out of the box - **Social Login** - OAuth authentication with Google, Facebook, GitHub, Twitter/X, LinkedIn, Bitbucket, GitLab, and Slack - **Enhanced Security** - Industry-standard security features - Encrypted OAuth token storage at rest (using Laravel's encryption) - Cryptographically secure OTP generation (Better Randomness) - Session regeneration to prevent fixation attacks (on successful login and logout) - CSRF-protected logout (only accept POST calls) - Privacy-compliant debug logging (email addresses masked) - **Highly Configurable** - Customize colors, logos, redirects, and more - **Lockout Protection** - Rate limiting with configurable attempts and duration - **Math Captcha** - Simple addition/subtraction captcha for login and registration - **Login OTP** - Two-factor authentication via email OTP codes - **Email Verification** - Optional email verification for new registrations - **Password Reset** - Built-in forgot password and reset functionality - **Beautiful Emails** - Sleek, minimal HTML email templates for OTP, password reset, verification, and welcome emails - **Tyro Integration** - Automatic role assignment for new users if Tyro is installed - **Invitation/Referral System** - User-based referral links for tracking signups - **Dark/Light Theme** - Automatic theme detection with manual toggle - **Fully Responsive** - Works perfectly on all devices - **Zero Build Step** - No npm or webpack required, just install and use - **Debug Mode** - Privacy-safe debug logging for development Requirements ------------ [](#requirements) - PHP 8.2 or higher - Laravel 12.0 or higher Installation ------------ [](#installation) Install the package via Composer: ``` composer require hasinhayder/tyro-login ``` Run the installation command: ``` php artisan tyro-login:install ``` For social login support, use: ``` php artisan tyro-login:install --with-social ``` That's it! Visit `/login` to see your new authentication pages. **Note:** If you're updating to version 2.3.0 or later, run the migrations to set up the invitation/referral system: ``` php artisan migrate ``` Configuration ------------- [](#configuration) After installation, you can customize the package by editing `config/tyro-login.php`: ### Layout Options [](#layout-options) ``` // Available layouts: 'centered', 'split-left', 'split-right', 'fullscreen', 'card' 'layout' => env('TYRO_LOGIN_LAYOUT', 'centered'), // Background image for split and fullscreen layouts 'background_image' => env('TYRO_LOGIN_BACKGROUND_IMAGE', 'https://...'), ``` ### Branding [](#branding) ``` 'branding' => [ 'app_name' => env('TYRO_LOGIN_APP_NAME', 'Laravel'), 'logo' => env('TYRO_LOGIN_LOGO', null), // URL to your logo 'logo_height' => env('TYRO_LOGIN_LOGO_HEIGHT', '48px'), ], ``` ### Redirects [](#redirects) ``` 'redirects' => [ 'after_login' => env('TYRO_LOGIN_REDIRECT_AFTER_LOGIN', '/'), 'after_logout' => env('TYRO_LOGIN_REDIRECT_AFTER_LOGOUT', '/login'), 'after_register' => env('TYRO_LOGIN_REDIRECT_AFTER_REGISTER', '/'), 'after_email_verification' => env('TYRO_LOGIN_REDIRECT_AFTER_EMAIL_VERIFICATION', '/login'), ], ``` ### Registration Settings [](#registration-settings) ``` 'registration' => [ 'enabled' => env('TYRO_LOGIN_REGISTRATION_ENABLED', true), 'auto_login' => env('TYRO_LOGIN_REGISTRATION_AUTO_LOGIN', true), 'require_email_verification' => env('TYRO_LOGIN_REQUIRE_EMAIL_VERIFICATION', false), ], ``` ### Email Verification [](#email-verification) When email verification is enabled, users won't be logged in automatically after registration. Instead, they'll be redirected to a verification notice page and a verification link will be generated. ``` 'registration' => [ 'require_email_verification' => env('TYRO_LOGIN_REQUIRE_EMAIL_VERIFICATION', true), ], 'verification' => [ 'expire' => env('TYRO_LOGIN_VERIFICATION_EXPIRE', 60), // Token expires in 60 minutes ], 'redirects' => [ 'after_email_verification' => env('TYRO_LOGIN_REDIRECT_AFTER_EMAIL_VERIFICATION', '/login'), ], ``` **How it works:** 1. User registers - Redirected to verification notice page 2. Verification URL is logged to Laravel logs and error\_log (for development) 3. User clicks the link - Email is verified and user is redirected to login page 4. Users can request a new verification email from the notice page 5. If user tries to login with unverified email, they see "Email Not Verified" page **For Development:** The verification URL is printed to your Laravel logs and error\_log, so you can easily test without setting up email. ### Password Reset [](#password-reset) Tyro Login includes a complete password reset flow with beautiful, consistent UI. ``` 'password_reset' => [ 'expire' => env('TYRO_LOGIN_PASSWORD_RESET_EXPIRE', 60), // Token expires in 60 minutes ], ``` **How it works:** 1. User clicks "Forgot Password?" on login page 2. User enters email - Reset link is generated 3. Reset URL is logged to Laravel logs and error\_log (for development) 4. User clicks the link - Shown password reset form 5. User enters new password - Password updated and user is logged in **For Development:** The reset URL is printed to your Laravel logs and error\_log, so you can easily test without setting up email. ### Tyro Integration [](#tyro-integration) If you have [hasinhayder/tyro](https://github.com/hasinhayder/tyro) installed, Tyro Login can automatically assign a default role to new users: ``` 'tyro' => [ 'assign_default_role' => env('TYRO_LOGIN_ASSIGN_DEFAULT_ROLE', true), 'default_role_slug' => env('TYRO_LOGIN_DEFAULT_ROLE_SLUG', 'user'), ], ``` ### Math Captcha [](#math-captcha) Add a simple math captcha to your login and/or registration forms to prevent automated submissions: ``` 'captcha' => [ 'enabled_login' => env('TYRO_LOGIN_CAPTCHA_LOGIN', false), 'enabled_register' => env('TYRO_LOGIN_CAPTCHA_REGISTER', false), 'label' => 'Security Check', 'placeholder' => 'Enter the answer', 'error_message' => 'Incorrect answer. Please try again.', 'min_number' => 1, 'max_number' => 10, ], ``` ### Login OTP Verification [](#login-otp-verification) Add two-factor authentication via email OTP. After entering valid credentials, users receive a one-time code: ``` 'otp' => [ 'enabled' => env('TYRO_LOGIN_OTP_ENABLED', false), 'length' => 4, // 4-8 digits 'expire' => 5, // minutes 'max_resend' => 3, 'resend_cooldown' => 60, // seconds ], ``` **Features:** - Beautiful OTP input with individual digit boxes - Configurable code length (4-8 digits) - Resend functionality with cooldown - Cache-based storage (no database required) ### Time-Based Two-Factor Authentication (TOTP) [](#time-based-two-factor-authentication-totp) Secure your application with Time-Based One-Time Password (TOTP) two-factor authentication, compatible with apps like Google Authenticator, Authy, and Microsoft Authenticator. #### Installation [](#installation-1) 1. **Run Migrations:**This adds `two_factor_secret`, `two_factor_recovery_codes`, and `two_factor_confirmed_at` columns to your `users` table. ``` php artisan migrate ``` 2. **Add Trait to User Model:**Add the `HasTwoFactorAuth` trait to your User model for automatic attribute casting and encryption/decryption (optional). If this trait is not used, Tyro Login will still encrypt sensitive data using Laravel's built-in encryption. ``` use HasinHayder\TyroLogin\Traits\HasTwoFactorAuth; class User extends Authenticatable { use HasTwoFactorAuth; protected function casts(): array { return [ 'password' => 'hashed', 'two_factor_confirmed_at' => 'datetime', ]; } // ... protected static function booted() { static::created(function ($user) { // Initialize the trait's casts $user->initializeHasTwoFactorAuth(); }); } // OR simply rely on the trait's initialize method if using Laravel 10/11 standard boot } ``` *Note: The trait uses a custom cast `EncryptedOrPlaintext` to ensure secrets are stored securely.* #### Configuration [](#configuration-1) Enable and configure 2FA in `config/tyro-login.php`: ``` 'two_factor' => [ // Enable/disable 2FA globally 'enabled' => env('TYRO_LOGIN_2FA_ENABLED', false), // Page titles and subtitles 'setup_title' => env('TYRO_LOGIN_2FA_SETUP_TITLE', 'Two Factor Authentication'), 'setup_subtitle' => env('TYRO_LOGIN_2FA_SETUP_SUBTITLE', 'Scan the QR code with your authenticator app.'), 'challenge_title' => env('TYRO_LOGIN_2FA_CHALLENGE_TITLE', 'Two Factor Authentication'), 'challenge_subtitle' => env('TYRO_LOGIN_2FA_CHALLENGE_SUBTITLE', 'Enter the code from your authenticator app.'), // Allow users to skip setup (if false, setup is mandatory) 'allow_skip' => env('TYRO_LOGIN_2FA_ALLOW_SKIP', false), ], ``` **How it works:** 1. **Mandatory Setup:** If enabled and `allow_skip` is false, new users (and existing users without 2FA) are redirected to the setup wizard immediately after login/registration. 2. **Secure Setup:** Users must verify a code from their authenticator app to enable 2FA. 3. **Recovery Codes:** Upon successful setup, users are shown a set of recovery codes that can be used if they lose access to their device. 4. **Challenge Screen:** On subsequent logins, users must provide a TOTP code or a recovery code. 5. **Security:** Secrets are encrypted in the database. Users are not fully authenticated until they pass the 2FA challenge. ### Debug Mode [](#debug-mode) Enable debug logging for development: ``` 'debug' => env('TYRO_LOGIN_DEBUG', false), ``` When enabled, OTP codes, verification URLs, and password reset URLs are logged to `storage/logs/laravel.log` in masked form. ### Email Configuration [](#email-configuration) Tyro Login sends sleek, minimal HTML emails with a clean design. Each email type can be individually enabled or disabled: ``` 'emails' => [ // OTP verification email 'otp' => [ 'enabled' => env('TYRO_LOGIN_EMAIL_OTP', true), 'subject' => env('TYRO_LOGIN_EMAIL_OTP_SUBJECT', 'Your Verification Code'), ], // Password reset email 'password_reset' => [ 'enabled' => env('TYRO_LOGIN_EMAIL_PASSWORD_RESET', true), 'subject' => env('TYRO_LOGIN_EMAIL_PASSWORD_RESET_SUBJECT', 'Reset Your Password'), ], // Email verification email 'verify_email' => [ 'enabled' => env('TYRO_LOGIN_EMAIL_VERIFY', true), 'subject' => env('TYRO_LOGIN_EMAIL_VERIFY_SUBJECT', 'Verify Your Email Address'), ], // Welcome email after registration 'welcome' => [ 'enabled' => env('TYRO_LOGIN_EMAIL_WELCOME', true), 'subject' => env('TYRO_LOGIN_EMAIL_WELCOME_SUBJECT', null), // Uses default with app name ], ], ``` **Available Emails:** - **OTP Email** - Sent when OTP verification is enabled - **Password Reset Email** - Sent when user requests password reset - **Email Verification Email** - Sent when email verification is required - **Welcome Email** - Sent after successful registration (when verification is not required) **Customizing Email Templates:** Publish email templates to customize them: ``` php artisan tyro-login:publish --emails ``` Templates will be published to `resources/views/vendor/tyro-login/emails/`. Available template variables: - `{{ $name }}` - User's name - `{{ $appName }}` - Application name - `{{ $otp }}` - OTP code (for OTP email) - `{{ $resetUrl }}` - Password reset URL (for password reset email) - `{{ $verificationUrl }}` - Verification URL (for verification email) - `{{ $loginUrl }}` - Login URL (for welcome email) - `{{ $expiresIn }}` - Expiration time in minutes ### Lockout Protection [](#lockout-protection) When enabled, users will be locked out after too many failed login attempts. The lockout state is stored in cache (no database required), and the cache is automatically cleared when the lockout expires. ``` 'lockout' => [ 'enabled' => env('TYRO_LOGIN_LOCKOUT_ENABLED', true), 'max_attempts' => env('TYRO_LOGIN_LOCKOUT_MAX_ATTEMPTS', 5), 'duration_minutes' => env('TYRO_LOGIN_LOCKOUT_DURATION', 15), 'message' => 'Too many failed login attempts. Please try again in :minutes minutes.', 'title' => 'Account Temporarily Locked', 'subtitle' => 'For your security, we\'ve temporarily locked your account.', ], ``` **Features:** - No database required - uses cache - Configurable number of attempts before lockout - Configurable lockout duration - Customizable lockout page message and title - Automatic cache cleanup when lockout expires - Real-time countdown timer on lockout page ### Social Login (OAuth) [](#social-login-oauth) Tyro Login supports OAuth authentication using Laravel Socialite. Users can sign in with their social media accounts. **Supported Providers:** - Google - Facebook - GitHub - Twitter/X - LinkedIn - Bitbucket - GitLab - Slack #### Installation [](#installation-2) Install with social login support: ``` php artisan tyro-login:install --with-social ``` Or add social login to an existing installation: ``` composer require laravel/socialite php artisan vendor:publish --tag=tyro-login-migrations php artisan migrate ``` #### Configuration [](#configuration-2) 1. **Enable Social Login Globally:** ``` TYRO_LOGIN_SOCIAL_ENABLED=true ``` 2. **Enable Desired Providers:** ``` TYRO_LOGIN_SOCIAL_GOOGLE=true TYRO_LOGIN_SOCIAL_GITHUB=true TYRO_LOGIN_SOCIAL_FACEBOOK=true ``` 3. **Configure Provider Credentials:** Add credentials to `config/services.php`: ``` 'google' => [ 'client_id' => env('GOOGLE_CLIENT_ID'), 'client_secret' => env('GOOGLE_CLIENT_SECRET'), 'redirect' => env('GOOGLE_REDIRECT_URI'), ], 'github' => [ 'client_id' => env('GITHUB_CLIENT_ID'), 'client_secret' => env('GITHUB_CLIENT_SECRET'), 'redirect' => env('GITHUB_REDIRECT_URI'), ], 'facebook' => [ 'client_id' => env('FACEBOOK_CLIENT_ID'), 'client_secret' => env('FACEBOOK_CLIENT_SECRET'), 'redirect' => env('FACEBOOK_REDIRECT_URI'), ], // For Twitter/X (OAuth 2.0) 'twitter' => [ 'client_id' => env('TWITTER_CLIENT_ID'), 'client_secret' => env('TWITTER_CLIENT_SECRET'), 'redirect' => env('TWITTER_REDIRECT_URI'), ], // For LinkedIn (OpenID Connect) 'linkedin-openid' => [ 'client_id' => env('LINKEDIN_CLIENT_ID'), 'client_secret' => env('LINKEDIN_CLIENT_SECRET'), 'redirect' => env('LINKEDIN_REDIRECT_URI'), ], // For Slack (OpenID Connect) 'slack-openid' => [ 'client_id' => env('SLACK_CLIENT_ID'), 'client_secret' => env('SLACK_CLIENT_SECRET'), 'redirect' => env('SLACK_REDIRECT_URI'), ], ``` 4. **Add Environment Variables:** ``` # Google GOOGLE_CLIENT_ID=your-client-id GOOGLE_CLIENT_SECRET=your-client-secret GOOGLE_REDIRECT_URI="${APP_URL}/auth/google/callback" # GitHub GITHUB_CLIENT_ID=your-client-id GITHUB_CLIENT_SECRET=your-client-secret GITHUB_REDIRECT_URI="${APP_URL}/auth/github/callback" # Facebook FACEBOOK_CLIENT_ID=your-client-id FACEBOOK_CLIENT_SECRET=your-client-secret FACEBOOK_REDIRECT_URI="${APP_URL}/auth/facebook/callback" # Slack SLACK_CLIENT_ID=your-client-id SLACK_CLIENT_SECRET=your-client-secret SLACK_REDIRECT_URI="${APP_URL}/auth/slack/callback" ``` #### Social Login Behavior [](#social-login-behavior) ``` 'social' => [ 'enabled' => env('TYRO_LOGIN_SOCIAL_ENABLED', false), // Link social accounts to existing users (matched by email) 'link_existing_accounts' => env('TYRO_LOGIN_SOCIAL_LINK_EXISTING', true), // Automatically create new users from social login 'auto_register' => env('TYRO_LOGIN_SOCIAL_AUTO_REGISTER', true), // Automatically verify user email after social login/register // Social providers confirm email ownership, so we can trust the email 'auto_verify_email' => env('TYRO_LOGIN_SOCIAL_AUTO_VERIFY_EMAIL', true), // Text shown above social buttons 'divider_text' => env('TYRO_LOGIN_SOCIAL_DIVIDER', 'Or continue with'), ], ``` **How it works:** 1. User clicks a social login button on login/register page 2. User is redirected to the OAuth provider for authentication 3. After approval, user is redirected back to your app 4. If user has linked social account → Log them in 5. If user email exists and linking is enabled → Link social account and log in 6. If user doesn't exist and auto-register is enabled → Create new user and log in **Automatic Email Verification:** When users authenticate via social login, their email is automatically marked as verified (if `auto_verify_email` is enabled). This is because OAuth providers confirm email ownership during the authentication process, so we can trust the email address provided. **Social Accounts Table:** A migration creates the `social_accounts` table to store: - `user_id` - Link to your users table - `provider` - The OAuth provider (google, github, etc.) - `provider_user_id` - User ID from the provider - `provider_email` - Email from the provider - `provider_avatar` - Avatar URL from the provider - `access_token` / `refresh_token` - OAuth tokens (encrypted) - `token_expires_at` - Token expiration time #### Customizing Provider Labels and Icons [](#customizing-provider-labels-and-icons) ``` 'social' => [ 'providers' => [ 'google' => [ 'enabled' => true, 'label' => 'Google', // Button text 'icon' => 'google', // Icon identifier ], 'github' => [ 'enabled' => true, 'label' => 'GitHub', 'icon' => 'github', ], ], ], ``` Invitation/Referral System -------------------------- [](#invitationreferral-system) Tyro Login includes a built-in invitation/referral system that allows users to invite others to sign up. Each user can create one unique invitation link that tracks all signups made through it. ### Note [](#note) For versions older than 2.3.0, run `composer update` to fetch the latest files for the invitation system, then execute `php artisan migrate` to create the necessary database tables. ### Features [](#features-1) - **One Link Per User** - Each user can have exactly one invitation link - **Automatic Tracking** - Referral signups are automatically tracked during registration - **Silent Invalid Links** - Invalid or non-existing invitation hashes are silently ignored (no errors) - **Prevent Self-Referrals** - Users cannot use their own invitation link - **Prevent Duplicates** - Each user can only be referred once - **Database Backed** - Uses two lightweight tables for persistence ### Database Tables [](#database-tables) - `invitation_links` - Stores unique invitation links for users - `invitation_referrals` - Tracks signups through invitation links ### CLI Commands [](#cli-commands) Manage invitation links using the console command: ``` # Create a new invitation link for a user php artisan tyro-login:invite-links --create # or simply php artisan tyro-login:invite-links # List all invitation links with referral counts php artisan tyro-login:invite-links --list # Remove a user's invitation link # (warns if there are referral signups) php artisan tyro-login:invite-links --remove # Remove all invitation links # (requires confirmation) php artisan tyro-login:invite-links --flush ``` ### Integration in Your Application [](#integration-in-your-application) The registration controller automatically tracks referrals. Users can access invitation links via a query parameter: ``` https://your-app.com/register?invite={hash} ``` **Important:** You don't need to do anything special - Tyro Login handles referral tracking automatically during user registration. ### Using the Helper Class [](#using-the-helper-class) Access invitation data programmatically: ``` use HasinHayder\TyroLogin\Helpers\InvitationHelper; // Get a user's invitation link $invitationLink = InvitationHelper::getInvitationLinkForUser($userId); if ($invitationLink) { echo $invitationLink->url; // Full URL: /register?invite={hash} } // Get referral count for a user $count = InvitationHelper::getReferralCount($userId); // Get all users referred by a specific user $referredUsers = InvitationHelper::getReferredUsers($userId); // Validate and track a referral manually InvitationHelper::trackReferral($invitationHash, $newUserId); ``` ### Models [](#models) Access invitation data through Eloquent models: ``` use HasinHayder\TyroLogin\Models\InvitationLink; use HasinHayder\TyroLogin\Models\InvitationReferral; // Get invitation link with relationships $link = InvitationLink::with('user', 'referrals')->find($id); // Get referral with relationships $referral = InvitationReferral::with('invitationLink', 'referredUser')->find($id); ``` Layout Examples --------------- [](#layout-examples) Tyro Login provides 5 stunning layout options to match your application's branding: ### 1. Centered Layout (Default) [](#1-centered-layout-default) Form appears in the center of the page with a gradient background. ``` TYRO_LOGIN_LAYOUT=centered ``` ### 2. Split-Left Layout [](#2-split-left-layout) Two-column layout with a background image on the left and the form on the right. ``` TYRO_LOGIN_LAYOUT=split-left TYRO_LOGIN_BACKGROUND_IMAGE=https://images.unsplash.com/photo-1618005182384-a83a8bd57fbe?w=1920&q=80 ``` ### 3. Split-Right Layout [](#3-split-right-layout) Two-column layout with the form on the left and a background image on the right. ``` TYRO_LOGIN_LAYOUT=split-right TYRO_LOGIN_BACKGROUND_IMAGE=https://images.unsplash.com/photo-1618005182384-a83a8bd57fbe?w=1920&q=80 ``` ### 4. Fullscreen Layout [](#4-fullscreen-layout) Full-screen background image with a glassmorphism form overlay featuring frosted glass effect and backdrop blur. ``` TYRO_LOGIN_LAYOUT=fullscreen TYRO_LOGIN_BACKGROUND_IMAGE=https://images.unsplash.com/photo-1618005182384-a83a8bd57fbe?w=1920&q=80 ``` ### 5. Card Layout [](#5-card-layout) Floating card design with subtle radial gradient background patterns and smooth hover animations. ``` TYRO_LOGIN_LAYOUT=card ``` **All layouts support:** - Dark and light themes - Fully responsive design - Customizable branding - All authentication features (OTP, captcha, email verification, etc.) Customization ------------- [](#customization) ### Publishing Views [](#publishing-views) To customize the views, publish them to your application: ``` php artisan tyro-login:publish --views ``` Views will be published to `resources/views/vendor/tyro-login/`. ### Publishing Email Templates [](#publishing-email-templates) To customize the email templates: ``` php artisan tyro-login:publish --emails ``` Email templates will be published to `resources/views/vendor/tyro-login/emails/`. ### Publishing Everything [](#publishing-everything) ``` php artisan tyro-login:publish ``` This publishes config, views, email templates, and assets. ### Theme Customization (shadcn Variables) [](#theme-customization-shadcn-variables) Tyro Login uses [shadcn/ui](https://ui.shadcn.com) CSS variables for theming, making it easy to customize colors and integrate with shadcn-based projects. #### Publishing Theme Files [](#publishing-theme-files) Publish the theme variables to customize the look and feel: ``` # Publish only theme variables (recommended for color customization) php artisan tyro-login:publish-style --theme-only # Or publish complete styles (theme + component styles) php artisan tyro-login:publish-style ``` Theme files will be published to `resources/views/vendor/tyro-login/partials/`. #### Visual Theme Editing with tweakcn (free) [](#visual-theme-editing-with-tweakcn-free) The easiest way to customize your theme is using [tweakcn.com](https://tweakcn.com): 1. Visit [tweakcn.com](https://tweakcn.com) 2. Use the visual editor to create your perfect color palette 3. Copy the generated CSS variables 4. Publish your theme: `php artisan tyro-login:publish-style --theme-only` 5. Paste the variables into `resources/views/vendor/tyro-login/partials/shadcn-theme.blade.php` #### Theme File Structure [](#theme-file-structure) After publishing, your theme structure will be: ``` resources/views/vendor/tyro-login/partials/ ├── shadcn-theme.blade.php # Theme variables (edit this!) └── styles.blade.php # Component styles (includes theme) ``` The `shadcn-theme.blade.php` file contains only CSS variables, making it safe to edit without breaking component styles. Artisan Commands ---------------- [](#artisan-commands) Tyro Login provides several artisan commands: CommandDescription`php artisan tyro-login:install`Install the package and publish configuration`php artisan tyro-login:install --with-social`Install with social login (Laravel Socialite) support`php artisan tyro-login:publish`Publish config, views, email templates, and assets`php artisan tyro-login:publish --emails`Publish only email templates`php artisan tyro-login:publish-style`Publish styles (theme + components)`php artisan tyro-login:publish-style --theme-only`Publish only theme variables`php artisan tyro-login:verify-user`Mark a user's email as verified`php artisan tyro-login:unverify-user`Remove email verification from a user`php artisan tyro-login:version`Display the current Tyro Login version`php artisan tyro-login:doc`Open the documentation in your browser`php artisan tyro-login:star`Open GitHub repository to star the project### User Verification Commands [](#user-verification-commands) Tyro Login provides commands to manually verify or unverify user email addresses. **Verify a single user by email:** ``` php artisan tyro-login:verify-user john@example.com ``` **Verify a single user by ID:** ``` php artisan tyro-login:verify-user 123 ``` **Verify all unverified users:** ``` php artisan tyro-login:verify-user --all ``` **Unverify a single user:** ``` php artisan tyro-login:unverify-user john@example.com ``` **Unverify all verified users:** ``` php artisan tyro-login:unverify-user --all ``` **Reset 2FA for a user:** Currently locked out users or those who lost their device/codes can have their 2FA reset by an admin: ``` php artisan tyro-login:reset-2fa user@example.com # OR php artisan tyro-login:reset-2fa 1 ``` These commands are useful for: - Manually verifying users during development or testing - Bulk verification of imported users - Resetting verification status for testing email flows Routes ------ [](#routes) Tyro Login registers the following routes: MethodURINameDescriptionGET`/login``tyro-login.login`Show login formPOST`/login``tyro-login.login.submit`Handle loginGET`/register``tyro-login.register`Show registration formPOST`/register``tyro-login.register.submit`Handle registrationGET/POST`/logout``tyro-login.logout`Handle logoutGET`/lockout``tyro-login.lockout`Show lockout pageGET`/email/verify``tyro-login.verification.notice`Show verification noticeGET`/email/not-verified``tyro-login.verification.not-verified`Show unverified email pageGET`/email/verify/{token}``tyro-login.verification.verify`Verify emailPOST`/email/resend``tyro-login.verification.resend`Resend verification emailGET`/forgot-password``tyro-login.password.request`Show forgot password formPOST`/forgot-password``tyro-login.password.email`Send reset linkGET`/reset-password/{token}``tyro-login.password.reset`Show reset formPOST`/reset-password``tyro-login.password.update`Reset passwordGET`/otp/verify``tyro-login.otp.verify`Show OTP formPOST`/otp/verify``tyro-login.otp.submit`Verify OTPPOST`/otp/resend``tyro-login.otp.resend`Resend OTPGET`/otp/cancel``tyro-login.otp.cancel`Cancel OTP verificationGET`/auth/{provider}/redirect``tyro-login.social.redirect`Redirect to OAuth providerGET`/auth/{provider}/callback``tyro-login.social.callback`Handle OAuth callback### Customizing Route Prefix [](#customizing-route-prefix) ``` 'routes' => [ 'prefix' => env('TYRO_LOGIN_ROUTE_PREFIX', 'auth'), // Routes will be: /auth/login, /auth/register, etc. ], ``` Security Features ----------------- [](#security-features) Tyro Login implements industry-standard security practices: - **Encrypted Data Storage** - OAuth access and refresh tokens encrypted at rest using Laravel's encryption - Custom `EncryptedOrPlaintext` cast for seamless migration - Protects against database compromise - **Cryptographically Secure Random** - OTP codes generated using `random_int()` (cryptographically secure) - Eliminates predictable patterns and statistical analysis attacks - **Session Security** - Session regeneration after logout in OTP flow prevents fixation attacks - Session regeneration on successful login prevents session fixation - Secure session handling throughout authentication flows - **CSRF Protection** - All forms include CSRF tokens - Logout requires POST request with CSRF token - Protection against cross-site request forgery attacks - **Lockout Protection** - Temporarily lock accounts after failed attempts (cache-based, no database) - Configurable attempts and duration - Automatic cache cleanup when lockout expires - **Email Verification** - Optional email verification for new registrations - Secure signed URLs with expiration - Automatic verification via social login - **Secure Password Reset** - Time-limited, signed URLs for password reset - Tokens stored in cache with expiration - Automatic token cleanup - **Password Security** - Laravel's bcrypt/argon2 hashing - Configurable minimum password length - Password confirmation requirement - **Privacy-Safe Debug Logging** - Email addresses masked in logs (e.g., `use***@example.com`) - No security tokens or sensitive URLs logged - GDPR/CCPA compliant logging - Structured logging format - **Input Validation** - Server-side validation with proper error messages - Protection against malicious input - Email format validation Integration with Tyro --------------------- [](#integration-with-tyro) Tyro Login integrates seamlessly with the [Tyro](https://github.com/hasinhayder/tyro) package: 1. When a new user registers, Tyro Login can automatically assign a default role 2. Configure the default role slug in your config 3. Ensure your User model uses the `HasTyroRoles` trait ``` // In your User model use HasinHayder\Tyro\Concerns\HasTyroRoles; class User extends Authenticatable { use HasTyroRoles; } ``` Changelog --------- [](#changelog) Please see [CHANGELOG](CHANGELOG.md) for more information on what has changed recently. Contributing ------------ [](#contributing) Please see [CONTRIBUTING](CONTRIBUTING.md) for details. Security -------- [](#security) If you discover any security-related issues, please email instead of using the issue tracker. License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE) for more information. Credits ------- [](#credits) - [Hasin Hayder](https://github.com/hasinhayder) --- Made with love for the Laravel community by Hasin Hayder ### Health Score 55 — FairBetter than 98% of packages Maintenance89 Actively maintained with recent releases Popularity41 Moderate usage in the ecosystem Community19 Small or concentrated contributor base Maturity58 Maturing project, gaining track record Bus Factor1 Top contributor holds 99.2% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~4 days Total 27 Last Release 56d ago Major Versions v1.6.3 → v2.0.02025-12-07 ### Community Maintainers ![](https://www.gravatar.com/avatar/9404e4113aa88c4cd96934e7e85b122bddcd7d512d39bf46aecfde610f273060?d=identicon)[HasinHayder](/maintainers/HasinHayder) --- Top Contributors [![hasinhayder](https://avatars.githubusercontent.com/u/490779?v=4)](https://github.com/hasinhayder "hasinhayder (132 commits)")[![phplime](https://avatars.githubusercontent.com/u/56013523?v=4)](https://github.com/phplime "phplime (1 commits)") --- Tags authenticationjavascriptlaravelloginphpsanctumsocial-logintyrolaraveluiauthAuthenticationbladeoauthsocialiteloginregister ### Code Quality TestsPest Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/hasinhayder-tyro-login/health.svg) ``` [![Health](https://phpackages.com/badges/hasinhayder-tyro-login/health.svg)](https://phpackages.com/packages/hasinhayder-tyro-login) ``` ### Alternatives [roots/acorn Framework for Roots WordPress projects built with Laravel components. 9682.1M97](/packages/roots-acorn)[robsontenorio/mary Gorgeous UI components for Livewire powered by daisyUI and Tailwind 1.5k454.7k15](/packages/robsontenorio-mary)[auth0/login Auth0 Laravel SDK. Straight-forward and tested methods for implementing authentication, and accessing Auth0's Management API endpoints. 2745.0M3](/packages/auth0-login)[area17/blast Storybook for Laravel Blade 308664.1k](/packages/area17-blast)[hasinhayder/tyro-dashboard Tyro Dashboard - Beautiful admin dashboard for managing Tyro roles, privileges, users, and settings 5151.4k](/packages/hasinhayder-tyro-dashboard)[alajusticia/laravel-logins Session management in Laravel apps, user notifications on new access, support for multiple separate remember tokens, IP geolocation, User-Agent parser 2011.0k](/packages/alajusticia-laravel-logins) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)