PHPackages                             hungdx/auth-token - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. hungdx/auth-token

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

hungdx/auth-token
=================

The Authentication driver using token for Laravel Framework.

1.0.3(5y ago)02.7kMITPHPPHP ^7.1.3|^8

Since Dec 24Pushed 5y ago1 watchersCompare

[ Source](https://github.com/hugdx/auth-token)[ Packagist](https://packagist.org/packages/hungdx/auth-token)[ Docs](https://github.com/hugdx/auth-token)[ RSS](/packages/hungdx-auth-token/feed)WikiDiscussions master Synced today

READMEChangelog (2)Dependencies (2)Versions (6)Used By (0)

Laravel Auth-Token
------------------

[](#laravel-auth-token)

Driver for Laravel Auth by using tokens

### The story

[](#the-story)

We need a way to authenticate for *web* and *api*. Laravel supports drivers **session** *(SessionGuard)*, **token** *(TokenGuard)*, **request** *(RequestGuard)* but it is not strong enough.

- **SessionGuard**: Unable use for api. On the Web, with the same user and remember is on -&gt; only one device can use this feature.
- **TokenGuard**: It is not designed for Web and not supported multiple device login at sametime
- **RequestGuard**: Not checked yet

> For *api*, we have got **JWT**, why not use that?
>
> > **JWT** very easy to create and verify tokens, but it is not strong enough to manage the tokens. When you want to remove a token which was created before, no way to do that until the token expires.

### What do the features of this driver?

[](#what-do-the-features-of-this-driver)

- Supported for *web*, *api* or any other purposes.
- Support multiple devices login for a user at sametime.
- With a good config, we can count number users/devices of user are logged-in (Set refresh lifetime to small enough and count records in the table *user\_tokens*)
- All tokens stored in the database. To logout a device, just delete the token record of this device.

#### Required:

[](#required)

```
"php": "^7.1.3|^8",
"laravel/framework": "^5.8|^6|^7|^8"

```

Installation
------------

[](#installation)

#### Require this package with composer

[](#require-this-package-with-composer)

```
composer require hungdx/auth-token
```

### Laravel

[](#laravel)

Add the AuthTokenProvider to the providers array in `config/app.php`

```
HungDX\AuthToken\AuthTokenProvider::class,
```

Create `user_tokens` table

```
php artisan migrate --path="vendor/hungdx/auth-token/migrations"
```

### Lumen

[](#lumen)

For Lumen, register a different Provider in `bootstrap/app.php`:

```
$app->register(HungDX\AuthToken\AuthTokenProvider::class);
```

To change the configuration, copy the file to your config folder and enable it:

```
$app->configure('auth-token');
```

#### Create `user_tokens` table

[](#create-user_tokens-table)

```
php artisan migrate --path="vendor/hungdx/auth-token/migrations"
```

Usage
-----

[](#usage)

In the `bootstrap/auth.php`, at `guards` section, change driver to `auth-token`. For example:

```
    'guards' => [
        'web' => [
            'driver'   => 'auth-token',
            'provider' => 'users',
        ],

        'api' => [
            'driver'   => 'auth-token',
            'provider' => 'users',
        ],
    ],
```

Configuration
-------------

[](#configuration)

If you want to customize the config, run command:

```
php artisan vendor:publish --provider="HungDX\AuthToken\AuthTokenProvider"
```

File `config/auth-token.php`

```
return [
    'lifetime' => [
        'expired' => 7 * 24 * 3600,  // Lifetime of token before expired. Default 7 days
        'refresh' => 3600,           // The minimum seconds before changing the token. Default 1 hour
    ],

    'token_field' => [
        'header' => 'Authorization', // Set [false/null/empty] to disable send token to response header
        'cookie' => 'X-Auth-Token',  // Set [false/null/empty] to disable send token to response cookie
    ],

    'autoload_middleware' => true,  // Auto add to middleware HungDX\AuthToken\AuthTokenMiddleware to every request
];
```

Changes
-------

[](#changes)

#### 1.0.3 (2021-01-20)

[](#103-2021-01-20)

- Fix migration in Laravel 5.8

#### 1.0.2 (2020-12-30)

[](#102-2020-12-30)

- Support PHP 7.1.3, Laravel 5.8

#### 1.0.1 (2020-12-25)

[](#101-2020-12-25)

- Support remember flag. When remember is on, The token never expire until logged out
- Support PHP 7.2
- Fix phpcs
- Fix migration

#### 1.0.0 (2020-12-24)

[](#100-2020-12-24)

- Add auth-token driver for Auth of laravel/lumen
- Auto add middleware to all router groups

###  Health Score

27

—

LowBetter than 47% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity16

Limited adoption so far

Community9

Small or concentrated contributor base

Maturity52

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 95% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~8 days

Total

4

Last Release

1990d ago

PHP version history (3 changes)1.0.0PHP ^7.3|^8

1.0.1PHP ^7.2|^8

1.0.2PHP ^7.1.3|^8

### Community

Maintainers

![](https://www.gravatar.com/avatar/a0ba7979f2c7dd0591c2016a01bd6628dc63fad189e0aba96ce12474aa1c8487?d=identicon)[hungdx](/maintainers/hungdx)

---

Top Contributors

[![hugdx](https://avatars.githubusercontent.com/u/5510731?v=4)](https://github.com/hugdx "hugdx (19 commits)")[![dangxuanhung](https://avatars.githubusercontent.com/u/26451177?v=4)](https://github.com/dangxuanhung "dangxuanhung (1 commits)")

---

Tags

laravelAuthenticationLaravel AuthAuthentication TokenAuth Token

###  Code Quality

Code StylePHP CS Fixer

### Embed Badge

![Health badge](/badges/hungdx-auth-token/health.svg)

```
[![Health](https://phpackages.com/badges/hungdx-auth-token/health.svg)](https://phpackages.com/packages/hungdx-auth-token)
```

###  Alternatives

[pragmarx/google2fa-laravel

A One Time Password Authentication package, compatible with Google Authenticator.

1.1k17.6M90](/packages/pragmarx-google2fa-laravel)[jeremy379/laravel-openid-connect

OpenID Connect support to the PHP League's OAuth2 Server. Compatible with Laravel Passport.

59437.0k9](/packages/jeremy379-laravel-openid-connect)[salehhashemi/laravel-otp-manager

Laravel OTP manager

18813.7k](/packages/salehhashemi-laravel-otp-manager)[lakm/nopass

Provides passwordless authentication for your laravel projects.

2215.9k3](/packages/lakm-nopass)[maicol07/laravel-oidc-client

OpenID Connect Client for Laravel

281.3k](/packages/maicol07-laravel-oidc-client)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
