PHPackages kenad/laravel-authkit - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. kenad/laravel-authkit ActiveLibrary[Authentication & Authorization](/categories/authentication) kenad/laravel-authkit ===================== A professional Laravel API authentication package with Sanctum, device management, email verification, password reset and rate limiting. 10PHPCI passing Since Mar 9Pushed 2mo agoCompare [ Source](https://github.com/Mohamed-kenad/laravel-authkit)[ Packagist](https://packagist.org/packages/kenad/laravel-authkit)[ RSS](/packages/kenad-laravel-authkit/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) [![Laravel AuthKit Logo](https://raw.githubusercontent.com/kenad/laravel-authkit/main/art/logo.svg)](https://raw.githubusercontent.com/kenad/laravel-authkit/main/art/logo.svg) [![Latest Version on Packagist](https://camo.githubusercontent.com/09ef36f3819c733d0fe2ddce8484ef08fbe22c0d7606be52f2edadb3df680adf/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6b656e61642f6c61726176656c2d617574686b69742e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/kenad/laravel-authkit) [![GitHub Tests Action Status](https://camo.githubusercontent.com/bd9ae2a586bdc67d55b1dd02a44d191e591b4b73353dba9fd37c4b119ecb4340/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f6b656e61642f6c61726176656c2d617574686b69742f72756e2d74657374732e796d6c3f6272616e63683d6d61696e266c6162656c3d7465737473267374796c653d666c61742d737175617265)](https://github.com/kenad/laravel-authkit/actions) [![Total Downloads](https://camo.githubusercontent.com/912a5e452bb7312cf6c8584fa0f8e029d2fd650841defc901195437a5c239a47/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6b656e61642f6c61726176656c2d617574686b69742e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/kenad/laravel-authkit) [![PHP from Packagist](https://camo.githubusercontent.com/58627827fb69144e2d079eb9e91cbdfd08a32b872220fb653b807c77934deeaa/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f6b656e61642f6c61726176656c2d617574686b69743f7374796c653d666c61742d737175617265)](https://packagist.org/packages/kenad/laravel-authkit) [![License](https://camo.githubusercontent.com/40280856210c46450b6b1fd2f7121d287601ffad98171eb458371ed26a850221/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c6963656e73652d4d49542d737563636573732e7376673f7374796c653d666c61742d737175617265)](https://opensource.org/licenses/MIT) The Ultimate Laravel API Authentication Starter Kit ๐Ÿš€ ===================================================== [](#the-ultimate-laravel-api-authentication-starter-kit-) Laravel AuthKit is a powerful, zero-configuration API authentication package built on top of Laravel Sanctum. It instantly supercharges your Laravel application with enterprise-grade features while remaining incredibly easy to use. Stop writing boilerplate auth code for every new project. Just install AuthKit, and within 2 minutes, your API is fully equipped. โœจ Features ---------- [](#-features) - ๐Ÿ” **Complete Auth API**: Register, Login, Logout, Forgot Password, Reset Password. - ๐Ÿ“ฑ **Device Management**: Track logins by device, let users view active sessions and revoke them remotely. - ๐Ÿ‘ฎโ€โ™‚๏ธ **Roles & Permissions**: Built-in, lightweight module to manage user authorization. - ๐Ÿข **Teams (Multi-tenancy)**: Native support for users belonging to multiple teams. - ๐Ÿ”‘ **Token Abilities**: Granular control over Sanctum token scopes right from the login request. - ๐Ÿ›ก๏ธ **Rate Limiting**: Intelligent throttling to prevent brute-force attacks. - โœ‰๏ธ **Email Verification**: Seamless flow mapped to Laravel's native events. - ๐Ÿ“ **Audit Logging**: Traceable logins and logouts for security compliance. - ๐ŸŽจ **Consistent API Responses**: Standardized JSON format across all auth endpoints. --- ๐Ÿ“ฆ Installation -------------- [](#-installation) REQUIREMENT: PHP 8.2+ and Laravel 10/11/12+. You can install the package via composer: ``` composer require kenad/laravel-authkit ``` Publish the package configuration and migrations: ``` php artisan vendor:publish --provider="Kenad\AuthKit\AuthKitServiceProvider" ``` Run the migrations: ``` php artisan migrate ``` --- โš™๏ธ Configuration ---------------- [](#๏ธ-configuration) AuthKit is deeply customizable. In `config/authkit.php`, you can adjust token expiration, rate limiting rules, enable/disable modules (like Device Management and Audit Logging), and set your custom User model. ``` return [ 'token_expiration' => 60 * 24 * 7, // 7 days 'rate_limit' => [ 'max_attempts' => 5, 'decay_minutes' => 1, ], 'device_management' => true, 'email_verification' => true, 'audit_log' => true, ]; ``` --- ๐Ÿ‘ฉโ€๐Ÿ’ป Usage --------- [](#โ€-usage) AuthKit handles the API routing automatically (prefixed with `/api/auth/` by default). ### 1๏ธโƒฃ Authentication API [](#1๏ธโƒฃ-authentication-api) Simply hit these plug-and-play endpoints: - `POST /api/auth/register`: `{ name, email, password, password_confirmation }` - `POST /api/auth/login`: `{ email, password, device_name, platform, abilities }` - `POST /api/auth/logout`: (Requires Bearer Token) - `POST /api/auth/logout-all`: Logout from all devices. - `GET /api/auth/me`: Get current user info. **Standardized Response Format:** ``` { "success": true, "message": "Login successful.", "data": { "user": { "id": 1, "name": "kenad", "email": "kenad@example.com" }, "access_token": "1|abcdef123456", "token_type": "Bearer", "expires_in": 10080 } } ``` ### 2๏ธโƒฃ Roles and Permissions [](#2๏ธโƒฃ-roles-and-permissions) Add the `HasAuthKitRoles` trait to your User model: ``` use Kenad\AuthKit\Traits\HasAuthKitRoles; class User extends Authenticatable { use HasAuthKitRoles; } ``` Now you can intuitively assign roles and check permissions: ``` $user->assignRole('admin'); $user->assignRole('editor'); $role = Role::create(['name' => 'writer']); $role->givePermissionTo('publish articles'); $user->hasRole('admin'); // true $user->hasPermissionTo('publish articles'); // true ``` *Middleware included!* Protect your routes easily: ``` Route::get('/admin', [AdminController::class, 'index'])->middleware('authkit.role:admin'); ``` ### 3๏ธโƒฃ Teams (Multi-Tenancy) [](#3๏ธโƒฃ-teams-multi-tenancy) Building a SaaS? Use the `HasAuthKitTeams` trait on your User model: ``` use Kenad\AuthKit\Traits\HasAuthKitTeams; class User extends Authenticatable { use HasAuthKitTeams; } ``` Manage teams fluently: ``` $team = Team::create(['name' => 'Acme Corp', 'owner_id' => $user->id]); $user->belongsToTeam($team); // true $user->ownsTeam($team); // true $user->switchTeam($team); // Set active context ``` ### 4๏ธโƒฃ Device Management API [](#4๏ธโƒฃ-device-management-api) If enabled in the config, users can manage their active login sessions: - `GET /api/auth/devices`: List all active devices. - `DELETE /api/auth/devices/{id}`: Revoke access for a specific device. ### 5๏ธโƒฃ Facade Magic [](#5๏ธโƒฃ-facade-magic) Prefer writing custom controllers? AuthKit exposes a beautiful Facade that handles the complex business logic for you: ``` use Kenad\AuthKit\Facades\AuthKit; use Kenad\AuthKit\DTOs\LoginData; // Register explicitly $user = AuthKit::register(new RegisterData('John', 'john@example.com', 'secret')); // Login cleanly $result = AuthKit::login(new LoginData('john@example.com', 'secret'), 'iPhone 15'); return response()->json(['token' => $result['token']]); ``` --- ๐Ÿงช Testing --------- [](#-testing) AuthKit is built with **Pest PHP** and is highly decoupled into Actions and Contracts for supreme testability. ``` composer test ``` ๐Ÿ—๏ธ Architecture --------------- [](#๏ธ-architecture) Under the hood, AuthKit uses a highly scalable modular architecture inspired by Spatie: - **Actions** pattern for atomic, single-responsibility business logic (`LoginUser`, `ResetPassword`). - **DTOs** (Data Transfer Objects) for strong typing between the HTTP layer and Application layer. - **Contracts/Services** for swappable implementations. Let's say you want to change how tokens are generated? Just implement `TokenServiceInterface` and re-bind it in your AppServiceProvider! --- ๐Ÿค Contributing -------------- [](#-contributing) Please see [CONTRIBUTING](CONTRIBUTING.md) for details. ๐Ÿ” Security Vulnerabilities -------------------------- [](#-security-vulnerabilities) If you discover any security-related issues, please email instead of using the issue tracker. ๐Ÿ“„ License --------- [](#-license) The MIT License (MIT). Please see [License File](LICENSE.md) for more information. ### Health Score 20 โ€” LowBetter than 14% of packages Maintenance62 Regular maintenance activity Popularity2 Limited adoption so far Community6 Small or concentrated contributor base Maturity11 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits โ€” single point of failure How is this calculated?**Maintenance (25%)** โ€” Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** โ€” Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** โ€” Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** โ€” Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/e14feb5cfe434f9ffe6664eee0e0527ecef0d60c22eb2d001322d6687059392f?d=identicon)[Mohamed-kenad](/maintainers/Mohamed-kenad) --- Top Contributors [![Mohamed-kenad](https://avatars.githubusercontent.com/u/196652777?v=4)](https://github.com/Mohamed-kenad "Mohamed-kenad (13 commits)") ### Embed Badge ![Health badge](/badges/kenad-laravel-authkit/health.svg) ``` [![Health](https://phpackages.com/badges/kenad-laravel-authkit/health.svg)](https://phpackages.com/packages/kenad-laravel-authkit) ``` ### Alternatives [namshi/jose JSON Object Signing and Encryption library for PHP. 1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client OAuth 1.0 Client Library 99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle Implements a refresh token system over Json Web Tokens in Symfony 70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client 41721.2M118](/packages/league-oauth2-google)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth) PHPackages ยฉ 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)