PHPackages                             miguilim/laravel-stronghold - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. miguilim/laravel-stronghold

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

miguilim/laravel-stronghold
===========================

An extended version of Laravel Fortify with profile management, social authentication, and enhanced security features.

0.8.5(3mo ago)1458MITPHPPHP ^8.3

Since Sep 20Pushed 1mo agoCompare

[ Source](https://github.com/miguilimzero/laravel-stronghold)[ Packagist](https://packagist.org/packages/miguilim/laravel-stronghold)[ RSS](/packages/miguilim-laravel-stronghold/feed)WikiDiscussions main Synced today

READMEChangelog (10)Dependencies (22)Versions (34)Used By (0)

Laravel Stronghold
==================

[](#laravel-stronghold)

Laravel Stronghold is an extended version of Laravel Fortify that adds profile management, social authentication, and enhanced security features to your Laravel application. It provides a robust authentication foundation with OAuth support, new location confirmation, and user profile management out of the box.

Contents
--------

[](#contents)

- [Installation](#installation)
- [Configuration](#configuration)
- [Usage](#usage)
    - [Editing Profile Action](#editing-profile-action)
    - [Enabling Features](#enabling-features)
    - [OAuth Authentication](#oauth-authentication)
    - [User Traits](#user-traits)
    - [Customizing Views](#customizing-views)
    - [Custom New Location Detection](#custom-new-location-detection)
    - [Session Status Messages](#session-status-messages)
- [License](#license)

Installation
------------

[](#installation)

You can install the package via composer:

```
composer require miguilim/laravel-stronghold
```

Note

If you have Laravel Fortify installed in your `composer.json`, please remove it as this package extends Fortify's functionality.

After installation, run the install command:

```
php artisan stronghold:install
```

This will publish the configuration file, migrations, and action stubs.

Run the migrations:

```
php artisan migrate
```

Configuration
-------------

[](#configuration)

First, add the OAuth provider configurations to your `config/services.php` file:

```
'github' => [
    'client_id' => env('GITHUB_CLIENT_ID'),
    'client_secret' => env('GITHUB_CLIENT_SECRET'),
    'redirect' => '/oauth/github/callback',
],

'google' => [
    'client_id' => env('GOOGLE_CLIENT_ID'),
    'client_secret' => env('GOOGLE_CLIENT_SECRET'),
    'redirect' => '/oauth/google/callback',
],

// Add other providers as needed...
```

Then add the corresponding environment variables to your `.env` file:

```
GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=

GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=

# Add other providers as needed...
```

When using Laravel Stronghold with OAuth, you will need to update the default Fortify rate-limiter to support a throttle key without an username input:

```
RateLimiter::for('login', function (Request $request) {
  $usernameValue = ($request->input(Fortify::username()) !== null)
    ? Str::lower($request->input(Fortify::username()))
    : 'socialite';

  $throttleKey = Str::transliterate($usernameValue.'|'.$request->ip());

  return Limit::perMinute(5)->by($throttleKey);
});
```

Usage
-----

[](#usage)

### Editing Profile Action

[](#editing-profile-action)

This package adds an option to the user to upload a profile photo. You need to change the Fortify `UpdateUserProfileInformation` to support that:

```
Validator::make($input, [
    'name' => ['required', 'string', 'max:255'],

    'email' => [
        'required',
        'string',
        'email',
        'max:255',
        Rule::unique('users')->ignore($user->id),
    ],

    'photo' => ['nullable', 'file', 'mimes:jpg,jpeg,png,webp,gif', 'max:2048'],
])->validateWithBag('updateProfileInformation');

if (isset($input['photo'])) {
    $user->updateProfilePhoto($input['photo']);
}

if ($input['email'] !== $user->email &&
    $user instanceof MustVerifyEmail) {
    $this->updateVerifiedUser($user, $input);
} else {
    $user->forceFill([
        'name' => $input['name'],
        'email' => $input['email'],
    ])->save();
}
```

### Enabling Features

[](#enabling-features)

Configure which features to enable in `config/stronghold.php`:

```
'features' => [
    'confirm-new-location',
    'sign-in-notification',
    'socialite',
],
```

Important

The `confirm-new-location` feature is not applied when:

- The user has two-factor authentication (2FA) enabled
- The user is logging in via OAuth providers

### OAuth Authentication

[](#oauth-authentication)

Users can authenticate using OAuth providers:

```
/oauth/{provider}         # Redirect to OAuth provider
/oauth/{provider}/callback # Handle OAuth callback

```

Important

The `socialite` feature oauth endpoint will: If account and provider account are found - authenticate the user. If account was found but the provider account is not connected - return an error and ask the user to login and connect the provider account from the profile page. If account and provider account were not found - create the account, create the provider account and authenticate the user.

### User Traits

[](#user-traits)

Add the provided traits to your User model to enable additional functionality:

```
use Miguilim\LaravelStronghold\Traits\HasConnectedAccounts;
use Miguilim\LaravelStronghold\Traits\HasProfilePhoto;

class User extends Authenticatable
{
    use HasConnectedAccounts;
    use HasProfilePhoto;

    // Your existing model code...
}
```

### Customizing Views

[](#customizing-views)

Register custom views in your `FortifyServiceProvider`:

```
use Miguilim\LaravelStronghold\Stronghold;

Stronghold::confirmLocationView(function () {
    return view('auth.confirm-location');
});

Stronghold::profileView(function (array $data) {
    return view('profile.show', $data);
});
```

Note

It is preferable that if you are using the two factor feature, you set the `confirmPassword` option to `false`.

### Custom New Location Detection

[](#custom-new-location-detection)

Define custom logic for detecting new locations:

```
use Miguilim\LaravelStronghold\Stronghold;

Stronghold::detectNewLocationUsing(function ($request, $user) {
    return true; // true if it is a new location (default is always true)
});
```

### Session Status Messages

[](#session-status-messages)

To retrieve human-readable session status messages:

```
$message = Stronghold::getSessionStatusMessage();
```

This method converts session status keys into localized, human-readable messages for various actions such as password updates, profile changes, two-factor authentication events, and Stronghold-specific events like session logouts or social account connections.

License
-------

[](#license)

Laravel Stronghold is open-sourced software licensed under the [MIT license](LICENSE).

###  Health Score

43

—

FairBetter than 89% of packages

Maintenance86

Actively maintained with recent releases

Popularity17

Limited adoption so far

Community6

Small or concentrated contributor base

Maturity52

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~6 days

Recently: every ~40 days

Total

33

Last Release

98d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/fb8b11dada0ea657454bea6187e33f6937364c94f75f198751a7f788438510a8?d=identicon)[miguilim](/maintainers/miguilim)

---

Top Contributors

[![miguilimzero](https://avatars.githubusercontent.com/u/35383529?v=4)](https://github.com/miguilimzero "miguilimzero (58 commits)")

---

Tags

laravelsecurityAuthenticationoauthsocialiteprofilefortify

### Embed Badge

![Health badge](/badges/miguilim-laravel-stronghold/health.svg)

```
[![Health](https://phpackages.com/badges/miguilim-laravel-stronghold/health.svg)](https://phpackages.com/packages/miguilim-laravel-stronghold)
```

###  Alternatives

[psalm/plugin-laravel

Psalm plugin for Laravel

3355.3M346](/packages/psalm-plugin-laravel)[fleetbase/core-api

Core Framework and Resources for Fleetbase API

1235.9k20](/packages/fleetbase-core-api)[laravel/cashier

Laravel Cashier provides an expressive, fluent interface to Stripe's subscription billing services.

2.6k29.9M147](/packages/laravel-cashier)[laravel/mcp

Rapidly build MCP servers for your Laravel applications.

77022.3M151](/packages/laravel-mcp)[api-platform/laravel

API Platform support for Laravel

58171.6k14](/packages/api-platform-laravel)[roots/acorn

Framework for Roots WordPress projects built with Laravel components.

9762.4M131](/packages/roots-acorn)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
