PHPackages joe-404/laravel-auth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. joe-404/laravel-auth ActiveLibrary[Authentication & Authorization](/categories/authentication) joe-404/laravel-auth ==================== Drop-in, config-driven authentication library for Laravel 12 and 13. Registration with OTP + magic-link email verification, login, refresh token rotation, password reset, multi-session management, device fingerprinting, Google OAuth, long-lived API tokens, account status workflow, and referral codes with anti-abuse detection — all through a single JSON API. v2.7.3(1w ago)238MITPHPPHP ^8.2CI passing Since May 8Pushed 1w agoCompare [ Source](https://github.com/joe-nassar-tech/laravel-auth)[ Packagist](https://packagist.org/packages/joe-404/laravel-auth)[ Docs](https://github.com/joe-nassar-tech/laravel-auth)[ RSS](/packages/joe-404-laravel-auth/feed)WikiDiscussions main Synced 1w ago READMEChangelog (10)Dependencies (20)Versions (30)Used By (0) joe-404/laravel-auth — Complete Laravel Authentication Package ============================================================== [](#joe-404laravel-auth--complete-laravel-authentication-package) > **⚠ BETA / TESTING NOTICE**This package is still under active testing. Bugs may exist. Use with caution in production and [report any issues](https://github.com/joe-nassar-tech/laravel-auth/issues) you encounter. A **drop-in, config-driven authentication library for Laravel 12 and 13**. One package, one command, and your app has a complete auth system: registration with OTP + magic-link email verification, login, token refresh, password reset, multi-session management, Google OAuth, long-lived API tokens, account status workflow (suspend/ban/deactivate), device fingerprinting, and a referral code system with anti-abuse detection — all through a uniform JSON API, no frontend coupling. **Works with:** REST APIs · SPA (cookie session) · Mobile apps (Bearer token) [![Latest Version on Packagist](https://camo.githubusercontent.com/af84c6312a449bd58efa04c4b7654fb7d58e1d0bda421afc4bebfa81766c2610/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6a6f652d3430342f6c61726176656c2d617574682e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/joe-404/laravel-auth)[![PHP](https://camo.githubusercontent.com/fca6a5abe8cb8ca5a09d7514f79421a5acfc883e66c5e71627c5051291b2c4ce/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d382e322532422d626c75653f7374796c653d666c61742d737175617265)](https://php.net)[![Laravel](https://camo.githubusercontent.com/e8775c9cc6c337368b5b5054796d4a20e639b4236128ab7b87924cd550a35b73/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c61726176656c2d313225324225323025374325323031332532422d7265643f7374796c653d666c61742d737175617265)](https://laravel.com)[![License](https://camo.githubusercontent.com/422db9fd40f5831c765cf6530b6750c081b696bd18d904cf89554df98c676277/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d677265656e3f7374796c653d666c61742d737175617265)](LICENSE) --- Table of Contents ----------------- [](#table-of-contents) - [What Problem Does This Solve?](#what-problem-does-this-solve) - [Features](#features) - [Requirements](#requirements) - [Installation](#installation) - [Quick Start](#quick-start) - [API Endpoints](#api-endpoints) - [Why joe-404/laravel-auth Instead of X?](#why-joe-404laravel-auth-instead-of-x) - [FAQ](#faq) - [Documentation](#documentation) - [Changelog](#changelog) - [Contributing & Discussions](#contributing--discussions) - [License](#license) - [Structured Metadata](#structured-metadata) --- What Problem Does This Solve? ----------------------------- [](#what-problem-does-this-solve) Every new Laravel project needs authentication. The typical options are either too coupled to a frontend (Breeze, Jetstream) or too minimal (Fortify, raw Sanctum). Developers end up rebuilding the same things from scratch: - OTP / magic-link email verification - Refresh token rotation with reuse detection - Multi-session tracking with device fingerprinting - Password reset via OTP **and** signed magic link - Google OAuth that works alongside password auth - Long-lived API tokens with expiry and scoping - Account suspension/ban/deletion with grace period and audit log - Referral codes with anti-self-abuse fingerprint detection **joe-404/laravel-auth** solves all of this in a single package. Install it, run `php artisan auth:install`, and every feature above is live — config-driven, fully customizable, and completely decoupled from any frontend. --- Features -------- [](#features) - **Registration** — email → OTP + magic link → set password → issue token - **Email verification** — OTP and/or magic link, configurable per environment - **Login** — password + lockout after N failed attempts, auto-reactivate on login - **Two-factor authentication** *(v2.6)* — TOTP authenticator app, email OTP, and SMS OTP; enroll multiple methods, pick any at login; single-use backup codes - **Phone verification** *(v2.6)* — optional phone capture at registration, verified via SMS / voice / WhatsApp through a pluggable driver (Infobip, MessageCentral, Twilio, Firebase, or custom) - **Trusted devices** *(v2.6)* — time-based trust levels (low/medium/high) that skip the 2FA challenge; bypass requires a server-issued device token, not just a fingerprint - **Step-up auth** *(v2.6)* — `auth.2fa` middleware forces a fresh 2FA challenge (or password confirm) on sensitive endpoints - **Token system** — Sanctum Bearer tokens + sliding refresh tokens with family-level revocation on reuse - **SPA session support** — cookie-based auth via `auth:sanctum` guard - **Password reset** — OTP or signed magic link, configurable - **Password change** — authenticated endpoint with current-password validation - **Multi-session management** — list, revoke individual, revoke all - **Device history** — permanent per-user device log survives logout; browser + mobile fingerprinting - **Google OAuth** — Socialite integration; links to existing accounts or creates new ones - **API tokens** — user-scoped and admin-scoped long-lived tokens with optional expiry and ability scoping - **Account status** — suspend, disable, deactivate (self), soft-delete with 30-day grace and auto-restore - **Account status audit log** — full history with admin notes - **Referral codes** — config-driven abuse detection (IP match, device fingerprint match), pluggable reward handler, web + mobile support - **Role-based access** — Spatie Permission integration (admin gate on all admin routes) - **Rate limiting** — per-IP and per-email, configurable thresholds and lockout windows - **Localization** — all messages in `resources/lang/en/` publishable translation files - **Custom response format** — implement `ResponseFormatterContract` to reshape every JSON response - **Events** — registration, login, password, referral, account-lifecycle, plus *(v2.6)* `PhoneVerified`, `TwoFactorEnrolled`/`Disabled`/`Verified`, `TwoFactorChallengeIssued`/`Failed`, `TrustedDeviceAdded`/`Revoked` - **Reverb real-time** — optional WebSocket broadcast for OTP verification --- Requirements ------------ [](#requirements) DependencyVersionPHP`^8.2`Laravel`^12.0` or `^13.0`Laravel Sanctum`^4.0` (installed automatically)Laravel Socialite`^5.0` (installed automatically)Spatie Permission`^6.0` (installed automatically)Redisphpredis or predis (recommended for OTP, refresh token, and rate-limit storage)--- Installation ------------ [](#installation) ``` composer require joe-404/laravel-auth php artisan auth:install ``` Add the required traits to `app/Models/User.php`: ``` use Laravel\Sanctum\HasApiTokens; use Spatie\Permission\Traits\HasRoles; use Illuminate\Database\Eloquent\SoftDeletes; use Joe404\LaravelAuth\Concerns\HasAccountStatus; class User extends Authenticatable { use HasApiTokens, HasRoles, Notifiable, SoftDeletes, HasAccountStatus; } ``` Set the minimum environment variables: ``` AUTH_MODE=both AUTH_VERIFICATION_METHOD=both MAIL_MAILER=smtp MAIL_FROM_ADDRESS=hello@yourapp.com ``` > Full install walkthrough, manual steps, and troubleshooting: **[docs/installation.md](docs/installation.md)** --- Quick Start ----------- [](#quick-start) Three-step registration, then login: ``` # Step 1 — Submit email, receive OTP + magic link curl -sX POST http://localhost/auth/register \ -H "Content-Type: application/json" \ -d '{"email":"user@example.com"}' # → { "data": { "temp_token": "uuid", "method": "both", "expires_in": 10 } } # Step 2 — Verify with OTP code from email curl -sX POST http://localhost/auth/register/verify-otp \ -H "Content-Type: application/json" \ -d '{"email":"user@example.com","otp":"482910"}' # → { "data": { "completion_token": "uuid" } } # Step 3 — Set password and create account curl -sX POST http://localhost/auth/register/complete \ -H "Content-Type: application/json" \ -d '{"completion_token":"uuid","password":"Secret123!","password_confirmation":"Secret123!"}' # → { "data": { "user": {...}, "token": "1|abc...", "refresh_token": "xyz..." } } # Login curl -sX POST http://localhost/auth/login \ -H "Content-Type: application/json" \ -d '{"email":"user@example.com","password":"Secret123!"}' # → { "data": { "user": {...}, "token": "...", "refresh_token": "..." } } ``` Every response uses the same envelope: ``` { "success": true, "message": "...", "data": {} } { "success": false, "message": "...", "errors": {} } ``` --- API Endpoints ------------- [](#api-endpoints) MethodPathAuthDescription`POST``/auth/register`—Initiate registration (send OTP / magic link)`POST``/auth/register/verify-otp`—Verify OTP → receive `completion_token``GET``/auth/register/verify-magic/{token}`—Verify magic link → receive `completion_token``POST``/auth/register/complete`—Set password and create user`POST``/auth/email/resend-verification`—Resend OTP / magic link`POST``/auth/login`—Login (password auth)`POST``/auth/logout`✓Revoke current session`POST``/auth/logout/all`✓Revoke all sessions`GET``/auth/me`✓Current user + roles`POST``/auth/token/refresh`—Rotate refresh token`POST``/auth/password/forgot`—Request password reset`POST``/auth/password/reset/verify-otp`—Verify reset OTP → `reset_token``GET``/auth/password/reset/magic/{token}`—Verify reset magic link → `reset_token``POST``/auth/password/reset/confirm`—Set new password (auto-login)`POST``/auth/password/change`✓Change password (authenticated)`POST``/auth/password/confirm`✓Sudo mode — confirm password for step-up *(v2.6)*`POST``/auth/phone/send-otp`✓Send a phone verification code *(v2.6)*`POST``/auth/phone/verify`✓Verify a phone code *(v2.6)*`GET``/auth/2fa/methods`✓List enrolled 2FA methods *(v2.6)*`POST``/auth/2fa/enroll/{method}/start`✓Begin enrolling totp/email/sms *(v2.6)*`POST``/auth/2fa/enroll/{method}/verify`✓Confirm enrollment (returns backup codes once) *(v2.6)*`POST``/auth/2fa/methods/{id}/default`✓Set default 2FA method *(v2.6)*`DELETE``/auth/2fa/methods/{id}`✓Remove a 2FA method *(v2.6)*`GET``/auth/2fa/backup-codes`✓Backup-code summary *(v2.6)*`POST``/auth/2fa/backup-codes/regenerate`✓Rotate backup codes *(v2.6)*`POST``/auth/2fa/challenge`challenge\_tokenComplete login 2FA → real token *(v2.6)*`POST``/auth/2fa/challenge/switch`challenge\_tokenSwitch to another enrolled method *(v2.6)*`POST``/auth/2fa/challenge/resend`challenge\_tokenRe-send the current method's code *(v2.6)*`GET``/auth/trusted-devices`✓List trusted devices *(v2.6)*`DELETE``/auth/trusted-devices/{id}`✓ + step-upRevoke a trusted device *(v2.6)*`DELETE``/auth/trusted-devices`✓ + step-upRevoke all trusted devices *(v2.6)*`GET``/auth/sessions`✓List active sessions`DELETE``/auth/sessions/{id}`✓Revoke a session`GET``/auth/devices`✓List every device that has ever logged in (permanent history)`DELETE``/auth/devices/{id}`✓Forget a device`GET``/auth/social/google/redirect`—Google OAuth redirect`GET``/auth/social/google/callback`—Google OAuth callback`POST``/auth/social/complete`completion\_tokenFinish OAuth signup with required profile fields *(v2.6)*`GET``/auth/social/{provider}/link/confirm/{token}`—Confirm social account link`GET``/auth/api-tokens`✓List your API tokens`POST``/auth/api-tokens`✓Create an API token`DELETE``/auth/api-tokens/{id}`✓Revoke an API token`GET``/auth/admin/api-tokens`adminList all API tokens`POST``/auth/admin/api-tokens`adminCreate a system token`PATCH``/auth/admin/api-tokens/{id}`adminUpdate a token`DELETE``/auth/admin/api-tokens/{id}`adminRevoke any token`GET``/auth/admin/users/{id}/status`adminGet user status`POST``/auth/admin/users/{id}/status`adminChange user status (suspend / disable / restore)`GET``/auth/admin/users/{id}/status/history`adminStatus audit log`POST``/auth/admin/users/{id}/notes`adminAdd admin note`POST``/auth/account/deactivate`✓Self-pause account`DELETE``/auth/account`✓Self-delete account (30-day grace)`POST``/auth/referrals/redeem`✓Submit a referral code after registration`GET``/auth/referrals`✓List your referrals + status`GET``/auth/referrals/stats`✓Aggregate counts of your referrals`GET``/auth/admin/referrals`adminList all referrals`PATCH``/auth/admin/referrals/{id}`adminOverride referral status> Routes are mounted at `/auth` by default. Set `routes.prefix` in `config/auth_system.php` to change (e.g. `api/v1/auth`). --- Why joe-404/laravel-auth Instead of X? -------------------------------------- [](#why-joe-404laravel-auth-instead-of-x) Featurejoe-404/laravel-authLaravel FortifyLaravel Breezetymon/jwt-authAPI-only (no Blade/Inertia)✅✅❌✅OTP email verification✅❌❌❌Magic link verification✅❌❌❌Sliding refresh tokens + reuse detection✅❌❌❌Multi-session management✅❌❌❌Permanent device history✅❌❌❌Google OAuth out of the box✅❌✅ (Blade only)❌Long-lived API tokens✅❌❌❌Account suspend / ban / delete workflow✅❌❌❌Referral codes with anti-abuse detection✅❌❌❌Config-driven (zero code required)✅Partial❌❌SPA cookie + mobile Bearer token✅Partial❌❌Localization (all messages translatable)✅✅✅❌Custom JSON response format✅❌❌❌**vs. Laravel Fortify** — Fortify is headless but provides only the basics (login, register, password reset, two-factor). It has no refresh tokens, no device tracking, no API token management, and no referral system. You still write all the controller logic. **vs. Laravel Breeze / Jetstream** — These are scaffolding tools that generate Blade or Inertia views. They are not suitable for pure API apps or mobile backends. **vs. tymon/jwt-auth** — jwt-auth only handles JWT issuance. It has no registration flow, no email verification, no session management, and no account lifecycle features. --- FAQ --- [](#faq) **Q: Does this work with mobile apps (iOS / Android)?**Yes. The package supports Bearer token auth (`Authorization: Bearer `) for mobile clients and SPA cookie auth for browser-based apps. All endpoints return JSON with no Blade rendering. **Q: Can I use this with an existing User model?**Yes. The package adds traits to your existing model and runs its own migrations alongside yours. Your `users` table is not replaced. **Q: Does it work with Laravel Octane / Swoole?**Yes. Services never store `$request` on singleton instances. All request state is passed as method arguments. **Q: What happens if I disable a feature I don't need?**Each major feature (referral codes, Google OAuth, API tokens, account deletion) is individually toggle-able via config or `.env`. Disabled features return `404` or are simply not mounted. **Q: Can I customize the JSON response format?**Yes. Implement `ResponseFormatterContract` and bind it in your `AppServiceProvider` (or set `auth_system.response.formatter` in config). Every response goes through your formatter. **Q: How does OTP verification work?**After `POST /auth/register`, the package sends a 6-digit OTP code to the user's email (and optionally a magic link). The OTP is stored in Redis with a configurable TTL. On `POST /auth/register/verify-otp`, the code is validated and a `completion_token` is returned for the final registration step. **Q: How are refresh tokens protected against theft?**Refresh tokens use family-based rotation. Each refresh issues a new token and invalidates the old one. If a stolen token is used after it has already been rotated, the entire token family is revoked — logging out all sessions for that family. **Q: How does the referral anti-abuse detection work?**On redemption, the package compares the referrer's device history (stored permanently in `auth_user_devices`) against the new user's IP and browser/device fingerprint. Even if the referrer logs out before the referral is submitted, the historical device record is still checked. The policy (`block` / `flag` / `ignore`) is configurable per signal (same IP, same device, both). **Q: What PHP and Laravel versions are supported?**PHP `^8.2` and Laravel `^12.0` or `^13.0`. **Q: Can I translate error and success messages?**Yes. Run `php artisan vendor:publish --tag=auth-lang` to publish translation files. See [docs/localization.md](docs/localization.md). **Q: Is there a rate limiting feature?**Yes. Login, registration, OTP verification, and password reset endpoints all have configurable rate limits. On lockout, the response includes a `retry_after` field. --- Documentation ------------- [](#documentation) DocumentWhat it covers[Installation](docs/installation.md)Setup, `auth:install`, manual install, troubleshooting[Configuration](docs/configuration.md)Every config key and `.env` variable[Customization](docs/customization.md)Extra fields, transformers, OTP channel, **custom phone driver**, response format, email templates, all contracts[Middleware](docs/middleware.md)Every middleware alias, what it does, where to apply it, ordering, required Laravel built-ins[Events](docs/events.md)All lifecycle events, payloads, listeners, queueing[Localization](docs/localization.md)Multi-language messages, translation files, all message keys[Account Status](docs/account-status.md)Status workflow, `auth.active` middleware, timed bans, audit log[Account Deletion](docs/account-deletion.md)Self-delete, grace period, auto-restore, purge worker[Referral Codes](docs/referral-codes.md)Referral codes, fingerprint anti-abuse, reward handlers, web + mobile integration[Upgrading](docs/upgrading.md)Version changelog, breaking changes, migration guides[AI Context](docs/AI_Context.md)Full repo snapshot for AI assistants--- Changelog --------- [](#changelog) See [docs/upgrading.md](docs/upgrading.md) for the full version history, breaking changes, and migration guides between releases. --- Contributing & Discussions ------------------------------ [](#contributing--discussions) - **Bug reports & feature requests:** [GitHub Issues](https://github.com/joe-nassar-tech/laravel-auth/issues) - **Questions & ideas:** [GitHub Discussions](https://github.com/joe-nassar-tech/laravel-auth/discussions) - Pull requests are welcome. Please open an issue first for major changes. --- License ------- [](#license) MIT. See [LICENSE](LICENSE). --- Structured Metadata ------------------- [](#structured-metadata) JSON-LD: SoftwareSourceCode schema``` { "@context": "https://schema.org", "@type": "SoftwareSourceCode", "name": "joe-404/laravel-auth", "description": "Drop-in, config-driven authentication library for Laravel 12 and 13. Provides registration with OTP and magic-link verification, login, refresh tokens, password reset, multi-session management, device history, Google OAuth, API tokens, account status workflow, and referral codes with anti-abuse fingerprinting.", "codeRepository": "https://github.com/joe-nassar-tech/laravel-auth", "programmingLanguage": "PHP", "runtimePlatform": "Laravel", "license": "https://opensource.org/licenses/MIT", "author": { "@type": "Person", "name": "Joe Nassar", "url": "https://github.com/joe-nassar-tech" }, "keywords": [ "laravel authentication", "laravel OTP login", "laravel magic link", "laravel sanctum package", "laravel referral codes", "laravel API auth", "laravel refresh tokens", "laravel device tracking", "laravel account management", "laravel SPA authentication", "laravel mobile API", "laravel Google OAuth" ] } ``` JSON-LD: FAQ schema``` { "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [ { "@type": "Question", "name": "How do I add authentication to a Laravel API?", "acceptedAnswer": { "@type": "Answer", "text": "Install joe-404/laravel-auth with `composer require joe-404/laravel-auth` then run `php artisan auth:install`. This gives your API registration with email OTP verification, login, token refresh, password reset, and session management — all JSON-based, no frontend coupling." } }, { "@type": "Question", "name": "What is the best Laravel authentication package for mobile apps?", "acceptedAnswer": { "@type": "Answer", "text": "joe-404/laravel-auth supports Bearer token auth for mobile clients alongside SPA cookie auth for browsers. It includes OTP verification, device fingerprinting, and refresh token rotation — features that mobile apps typically need beyond what Sanctum provides out of the box." } }, { "@type": "Question", "name": "How does Laravel OTP email verification work?", "acceptedAnswer": { "@type": "Answer", "text": "After registration, the package sends a 6-digit OTP to the user's email (stored in Redis with a configurable TTL). The user submits the code to POST /auth/register/verify-otp and receives a completion_token used to finalize account creation. A signed magic-link alternative is sent simultaneously if the verification method is set to 'both'." } }, { "@type": "Question", "name": "Does joe-404/laravel-auth support referral codes?", "acceptedAnswer": { "@type": "Answer", "text": "Yes. The referral code system includes anti-self-abuse detection using IP matching and browser/device fingerprinting. The abuse policy (block/flag/ignore) is config-driven. Reward handling is pluggable via ReferralRewardHandlerContract. Works for web, SPA, and mobile clients." } } ] } ``` Suggested GitHub repository topics``` laravel php authentication sanctum otp magic-link oauth google-oauth api-authentication refresh-tokens session-management device-fingerprinting referral-codes account-management laravel-package spa mobile-api rate-limiting email-verification laravel-auth ``` Set these in your repository **Settings → Topics**. ### Health Score 47 — FairBetter than 93% of packages Maintenance98 Actively maintained with recent releases Popularity14 Limited adoption so far Community6 Small or concentrated contributor base Maturity57 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~1 days Total 23 Last Release 11d ago Major Versions v1.0.1 → v2.0.02026-05-09 ### Community Maintainers ![](https://avatars.githubusercontent.com/u/120932481?v=4)[Joe Nassar](/maintainers/joe-nassar-tech)[@joe-nassar-tech](https://github.com/joe-nassar-tech) --- Top Contributors [![joe-nassar-tech](https://avatars.githubusercontent.com/u/120932481?v=4)](https://github.com/joe-nassar-tech "joe-nassar-tech (37 commits)") --- Tags apiauthenticationgoogle-oauthlaravellaravel-packagemagic-linkotpphpreverbsanctumphplaravelotpauthAuthenticationlaravel-packageoauthsocialitesanctumLaravel Authrate limitingmagic-linkemail-verificationreverbrefresh-tokensession-managementAccount managementgoogle-oauthreferral codesapi-tokenaccount-lockoutdevice-fingerprintingspa-authenticationmobile-api ### Code Quality TestsPest ### Embed Badge ![Health badge](/badges/joe-404-laravel-auth/health.svg) ``` [![Health](https://phpackages.com/badges/joe-404-laravel-auth/health.svg)](https://phpackages.com/packages/joe-404-laravel-auth) ``` ### Alternatives [unopim/unopim UnoPim Laravel PIM 10.1k2.2k](/packages/unopim-unopim)[statamic/cms The Statamic CMS Core Package 4.8k3.5M901](/packages/statamic-cms)[hasinhayder/tyro-login Tyro Login - Beautiful, customizable authentication views for Laravel 12 & 13 2443.7k5](/packages/hasinhayder-tyro-login)[nasirkhan/laravel-starter A CMS like modular Laravel starter project. 1.4k2.7k](/packages/nasirkhan-laravel-starter)[ellaisys/aws-cognito AWS Cognito package that allows Auth and other related features using the AWS SDK for PHP 121242.9k1](/packages/ellaisys-aws-cognito)[rawilk/profile-filament-plugin Profile & MFA starter kit for filament. 3913.7k](/packages/rawilk-profile-filament-plugin) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)