PHPackages kwidoo/passport-multiauth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. kwidoo/passport-multiauth ActiveLibrary kwidoo/passport-multiauth ========================= Extends Laravel Passport Password Grant with OTP 1.2.0(1y ago)09MITPHPPHP ^8.2CI failing Since Feb 27Pushed 1y ago1 watchersCompare [ Source](https://github.com/kwidoo/passport-multiauth)[ Packagist](https://packagist.org/packages/kwidoo/passport-multiauth)[ Docs](https://github.com/kwidoo/passport-multi-auth)[ RSS](/packages/kwidoo-passport-multiauth/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (1)Dependencies (4)Versions (13)Used By (0) [![Latest Version on Packagist](https://camo.githubusercontent.com/f865d137cd48c1dc8295f9a50d8bd396effc4e97565c2051a5ed55e2107e2d70/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6b7769646f6f2f70617373706f72742d6d756c7469617574682e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/kwidoo/passport-multiauth)[![Total Downloads](https://camo.githubusercontent.com/e77f2d7cbf0a4a1cfd4082c2c2ef78beb9de9f7d209fcb17c6eaf2d5292319df/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6b7769646f6f2f70617373706f72742d6d756c7469617574682e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/kwidoo/passport-multiauth)[![GitHub Actions](https://github.com/kwidoo/passport-multiauth/actions/workflows/main.yml/badge.svg)](https://github.com/kwidoo/passport-multiauth/actions/workflows/main.yml/badge.svg) Laravel Passport Multi-Auth =========================== [](#laravel-passport-multi-auth) A Laravel package that **extends Laravel Passport’s** password grant to support multiple authentication methods (e.g., SMS/Email OTP). You can define custom OTP strategies and user resolvers in a single config file, making your OTP flows more flexible and secure. Requirements ------------ [](#requirements) - **Laravel Passport** (already required by this package). - **PHP** ^8.0 - **(Optional) Twilio SDK** if you plan to use Twilio for SMS OTP: ``` composer require twilio/sdk ``` Note: For twilio in production you should install Twilio SDK. --- Installation ------------ [](#installation) 1. **Require via Composer**: ``` composer require kwidoo/passport-multiauth ``` This automatically installs the package and its dependencies (except for the optional Twilio SDK mentioned above). 2. **Publish Config (optional)**: ``` php artisan vendor:publish --provider="Kwidoo\MultiAuth\MultiAuthServiceProvider" --tag=config ``` This copies `passport-multiauth.php` into your `config` folder, allowing you to adjust OTP strategies, timeouts, and more. 3. **Publish Migrations and Views** (if desired): ``` php artisan vendor:publish --provider="Kwidoo\MultiAuth\MultiAuthServiceProvider" --tag=migrations php artisan vendor:publish --provider="Kwidoo\MultiAuth\MultiAuthServiceProvider" --tag=views ``` - Migrations will create (by default) an `otps` table to store OTP codes and status. - Views include basic Blade templates for OTP success/error states. 4. **Run Migrations**: ``` php artisan migrate ``` This will create any necessary tables (e.g., `otps` table for storing email OTPs). 5. **Configure Twilio (Optional)**: If using Twilio, define these in your `.env` or in a `config/twilio.php`: ``` TWILIO_SID=your_twilio_sid TWILIO_AUTH_TOKEN=your_twilio_auth_token TWILIO_VERIFY_SID=your_twilio_verify_service_id ``` Note, you should have a Twilio account and will need to create Verification SID there. This code doesn't use regular SMS by default, but Twilio Verify API. For more details, see the [Twilio Verify API](https://www.twilio.com/docs/verify/api). --- Usage ----- [](#usage) 1. **Request an OTP**This package includes `OTPController` and a route file (`routes.php`) with a `POST /oauth/otp` endpoint by default. Package will respect changes in `config/passport.php` file. Example request: ``` POST /oauth/otp { "method": "twilio", "username": "+1234567890" } ``` or: ``` POST /oauth/otp { "method": "email", "username": "user@example.com" } ``` This triggers the corresponding service (e.g., `TwilioService` or `EmailVerifier`) to generate/send OTP. 2. **Obtain Access Token**After receiving the OTP, call the standard Passport token endpoint (often `POST /oauth/token`) with parameters: ``` { "grant_type": "password", "client_id": "your-passport-client-id", "client_secret": "your-passport-client-secret", "username": "+1234567890", "password": "123456", // The OTP from Twilio "method": "twilio" } ``` - If `method` = `"twilio"`, the package will validate the OTP via Twilio. - If `method` = `"email"`, it will use the email-based OTP. - If `method` is `"password"` or missing, it defaults to **Laravel Passport’s** normal password-based grant. 3. **Configuration File** (`config/passport-multiauth.php`) You can customize each strategy like so: ``` 'strategies' => [ 'twilio' => [ 'class' => \Kwidoo\MultiAuth\Services\TwilioService::class, 'strategy' => \Kwidoo\MultiAuth\Services\OTPStrategy::class, 'resolver' => \Kwidoo\MultiAuth\Resolvers\GeneralUserResolver::class, ], 'email' => [ 'class' => \Kwidoo\MultiAuth\Services\EmailVerifier::class, 'strategy' => \Kwidoo\MultiAuth\Services\OTPStrategy::class, 'resolver' => \Kwidoo\MultiAuth\Resolvers\GeneralUserResolver::class, ], // ... or custom strategies ], ``` - **`class`**: The service that sends/validates the OTP (Twilio, Email, etc.). - **`strategy`**: Usually `OTPStrategy`, which handles how the credentials are validated using the `class`. - **`resolver`**: Defines how to find your user record after OTP validation (e.g., by email, phone). 4. **OTP model** (`Kwidoo\MultiAuth\Models\OTP`) - This model is used on with Email strategy to store OTPs. Twilio doesn't require to store OTPs localy - You can customize one time password model by changing the `otp.model` key in the configuration file. - Default one time password is 6 digits long and expires in 5 minutes. You can change these values in the configuration file. --- Example Flow ------------ [](#example-flow) 1. **User** enters their phone number on your app. 2. **Your app** calls `POST /oauth/otp` with `{ "method":"twilio", "username":"+1234567890" }`. 3. **TwilioService** (in the background) sends an SMS code via Twilio. 4. **User** receives the code and enters it in your app. 5. **Your app** calls `POST /oauth/token` with: ``` { "grant_type": "password", "client_id": "...", "client_secret": "...", "username": "+1234567890", "password": "the-otp-code", "method": "twilio" } ``` 6. **MultiAuthGrant** checks that the OTP is correct, then resolves the user from the database, and **issues a Passport token**. --- Testing ------- [](#testing) ### Running Tests Locally [](#running-tests-locally) 1. Install dependencies & dev tools (like Orchestra Testbench): ``` composer install ``` 2. Run tests: ``` composer test ``` or ``` vendor/bin/phpunit ``` 3. Generate coverage: ``` composer test-coverage ``` This outputs an HTML coverage report in a `coverage` folder. Contributing ------------ [](#contributing) - Feel free to open issues or submit pull requests on [GitHub](https://github.com/kwidoo/passport-multi-auth). - All contributions are welcome and appreciated. License ------- [](#license) [MIT](LICENSE) ### Health Score 31 — LowBetter than 68% of packages Maintenance47 Moderate activity, may be stable Popularity4 Limited adoption so far Community7 Small or concentrated contributor base Maturity57 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~4 days Recently: every ~9 days Total 12 Last Release 397d ago PHP version history (2 changes)1.0.0PHP ^8.0 1.0.5PHP ^8.2 ### Community Maintainers ![](https://www.gravatar.com/avatar/40e08f40bb6cff697b1703ccab1a57f3bd327faedf429df8e588d325a76de9f8?d=identicon)[samsite](/maintainers/samsite) --- Top Contributors [![kwidoo](https://avatars.githubusercontent.com/u/14920653?v=4)](https://github.com/kwidoo "kwidoo (23 commits)") --- Tags kwidoopassport-multiauth ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/kwidoo-passport-multiauth/health.svg) ``` [![Health](https://phpackages.com/badges/kwidoo-passport-multiauth/health.svg)](https://phpackages.com/packages/kwidoo-passport-multiauth) ``` ### Alternatives [grumpydictator/firefly-iii Firefly III: a personal finances manager. 22.8k69.3k](/packages/grumpydictator-firefly-iii)[unopim/unopim UnoPim Laravel PIM 9.4k1.8k](/packages/unopim-unopim)[dusterio/lumen-passport Making Laravel Passport work with Lumen 6511.3M9](/packages/dusterio-lumen-passport)[joselfonseca/lighthouse-graphql-passport-auth Add GraphQL types and mutations for login and recover password functionalities 234769.9k1](/packages/joselfonseca-lighthouse-graphql-passport-auth)[corbosman/laravel-passport-claims Add claims to Laravel Passport JWT Tokens 88655.9k](/packages/corbosman-laravel-passport-claims)[smartins/passport-multiauth Add support to multi-auth on Laravel Passport 285324.2k1](/packages/smartins-passport-multiauth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)