PHPackages                             livijn/multiple-tokens-auth - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. livijn/multiple-tokens-auth

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

livijn/multiple-tokens-auth
===========================

Adds the ability to use multiple tokens for the auth:api middleware.

0.6.2(6y ago)318.3k↓50%6MITPHPPHP &gt;=7.2.0

Since Dec 29Pushed 4y ago2 watchersCompare

[ Source](https://github.com/Livijn/multiple-tokens-auth)[ Packagist](https://packagist.org/packages/livijn/multiple-tokens-auth)[ Docs](https://github.com/livijn/multiple-tokens-auth)[ RSS](/packages/livijn-multiple-tokens-auth/feed)WikiDiscussions master Synced 1mo ago

READMEChangelogDependencies (2)Versions (10)Used By (0)

Important
=========

[](#important)

This was released before Laravel Sanctum. I would recommend using [Laravel Sanctum](https://laravel.com/docs/master/sanctum) instead.

multiple-tokens-auth
====================

[](#multiple-tokens-auth)

[![Latest Version on Packagist](https://camo.githubusercontent.com/adc340a15563cf5b5a0030bfc8361d8c0dcc5f1592507c26e783222658657d60/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6c6976696a6e2f6d756c7469706c652d746f6b656e732d617574682e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/livijn/multiple-tokens-auth)[![Total Downloads](https://camo.githubusercontent.com/dd210080a00a48ae69d58e936a1ca99c09f7cb0a9ecc50fbba5e6ee2e2f82699/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6c6976696a6e2f6d756c7469706c652d746f6b656e732d617574682e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/livijn/multiple-tokens-auth)

Adds the ability to use multiple tokens for the auth:api middleware. Useful if you want to allow a user to be logged in to your e.g. SPA, iOS app and android app at the same time. The default token driver only allows one token per user.

It is possible to end up with a large table when using multiple tokens per user. Therefor we set an expiration date on the tokens. If possible, you should add the `PurgeExpiredApiTokensJob` to your Schedule as the *Step 6* describes. If not, you should somehow take care of the expired tokens.

You may take a look at the example app [multiple-tokens-auth-testapp](https://github.com/Livijn/multiple-tokens-auth-testapp).

Install
-------

[](#install)

1. Install the package with composer:

    ```
    composer require livijn/multiple-tokens-auth
    ```
2. Publish the `multiple-tokens-auth.php` config &amp; migrations:

    ```
    php artisan vendor:publish --provider="Livijn\MultipleTokensAuth\MultipleTokensAuthServiceProvider"
    ```

    > By default, the migration is shipped with the field `user_id` that has `unsignedBigInteger`. This needs to be manually changed if you use `uuid` in your User model.
3. Run the migrations:

    ```
    php artisan migrate
    ```
4. Set the api guard driver to `multiple-tokens` in the file `config/auth.php`:

    ```
    'guards' => [
        // ...

        'api' => [
            'driver'   => 'multiple-tokens', // job(PurgeExpiredApiTokensJob::class)->dailyAt('01:00');
    }
    ```

Usage
-----

[](#usage)

You can use this the same way as you would use the [default Laravel token based API authorization](https://laravel.com/docs/master/api-authentication). This package also supports [hashing](https://laravel.com/docs/master/api-authentication#hashing-tokens).

### Sign in

[](#sign-in)

When a user logs in, you should create a new api token by using the `generateApiToken` method.

```
$user = User::first();
$token = $user->generateApiToken(); // returns ltBKMC8zwnshLcrVh9W07IGuifysDqkyWRt6Z5szYJOrh1mnNPValkAtETj0vtPJdsfDQa4E3Yx0N3QU
```

### Sign out

[](#sign-out)

When you want to log out a user, you can use the `logout` method on the Auth facade. This will delete the token that was used for the current request.

```
auth()->logout();
// or
Auth::logout();
```

### Purging tokens

[](#purging-tokens)

To delete all tokens connected to a user, use the `purgeApiTokens` method.

```
$user = User::first();
$user->purgeApiTokens();
```

Testing
-------

[](#testing)

Run the tests with:

```
vendor/bin/phpunit
```

Credits
-------

[](#credits)

- [Fredrik Livijn](https://github.com/livijn)

License
-------

[](#license)

The MIT License (MIT). Please see [License File](LICENSE.md) for more information.

###  Health Score

32

—

LowBetter than 72% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity35

Limited adoption so far

Community15

Small or concentrated contributor base

Maturity48

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 86.4% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~3 days

Total

9

Last Release

2301d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/706e6ba33b535d181dbf750332e554d1b370dc91958bbb5db55b6fe9e366d25d?d=identicon)[Livijn](/maintainers/Livijn)

---

Top Contributors

[![Livijn](https://avatars.githubusercontent.com/u/349311?v=4)](https://github.com/Livijn "Livijn (19 commits)")[![gficher](https://avatars.githubusercontent.com/u/4522115?v=4)](https://github.com/gficher "gficher (1 commits)")[![markdomkan](https://avatars.githubusercontent.com/u/8864937?v=4)](https://github.com/markdomkan "markdomkan (1 commits)")[![repat](https://avatars.githubusercontent.com/u/516807?v=4)](https://github.com/repat "repat (1 commits)")

---

Tags

apiapi-tokenauthlaraveltoken-authentication

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/livijn-multiple-tokens-auth/health.svg)

```
[![Health](https://phpackages.com/badges/livijn-multiple-tokens-auth/health.svg)](https://phpackages.com/packages/livijn-multiple-tokens-auth)
```

###  Alternatives

[namshi/jose

JSON Object Signing and Encryption library for PHP.

1.8k99.6M101](/packages/namshi-jose)[league/oauth1-client

OAuth 1.0 Client Library

99698.8M106](/packages/league-oauth1-client)[bezhansalleh/filament-shield

Filament support for `spatie/laravel-permission`.

2.8k2.9M88](/packages/bezhansalleh-filament-shield)[gesdinet/jwt-refresh-token-bundle

Implements a refresh token system over Json Web Tokens in Symfony

70516.4M35](/packages/gesdinet-jwt-refresh-token-bundle)[league/oauth2-google

Google OAuth 2.0 Client Provider for The PHP League OAuth2-Client

41721.2M118](/packages/league-oauth2-google)[illuminate/auth

The Illuminate Auth package.

9327.3M1.0k](/packages/illuminate-auth)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)