PHPackages n3xt0r/laravel-passport-authorization-core - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. n3xt0r/laravel-passport-authorization-core ActiveLibrary[Authentication & Authorization](/categories/authentication) n3xt0r/laravel-passport-authorization-core ========================================== Domain-oriented authorization core for Laravel Passport, providing structured scope and permission modeling without UI or OAuth flow implementation. 1.3.0(1mo ago)11.3k↓27.8%[2 PRs](https://github.com/N3XT0R/laravel-passport-authorization-core/pulls)1MITPHPPHP ^8.4CI passing Since Jan 7Pushed 1mo agoCompare [ Source](https://github.com/N3XT0R/laravel-passport-authorization-core)[ Packagist](https://packagist.org/packages/n3xt0r/laravel-passport-authorization-core)[ Docs](https://github.com/n3xt0r/laravel-passport-authorization-core)[ GitHub Sponsors]()[ RSS](/packages/n3xt0r-laravel-passport-authorization-core/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (2)Dependencies (18)Versions (12)Used By (1) Laravel Passport Authorization Core =================================== [](#laravel-passport-authorization-core) [![Latest Version on Packagist](https://camo.githubusercontent.com/d32124c7cf51f3b546c20fac135b0bd88f0de4647f5b97238a6b4c185b6ce4a9/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6e33787430722f6c61726176656c2d70617373706f72742d617574686f72697a6174696f6e2d636f72652e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/n3xt0r/laravel-passport-authorization-core)[![Security Rating](https://camo.githubusercontent.com/b473956a1f1b3f24c185825f38a78c6e79411e8b82789a75cae8f514c873e89c/68747470733a2f2f736f6e6172636c6f75642e696f2f6170692f70726f6a6563745f6261646765732f6d6561737572653f70726f6a6563743d4e33585430525f6c61726176656c2d70617373706f72742d617574686f72697a6174696f6e2d636f7265266d65747269633d73656375726974795f726174696e67)](https://sonarcloud.io/summary/new_code?id=N3XT0R_laravel-passport-authorization-core)[![ISO 27001 Audit Ready](https://camo.githubusercontent.com/e8eaa6116e8925603a4c956a3cd23347456ffeba254d2c276a000c3f1c55f7ac/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f49534f25323032373030312d61756469742d2d72656164792d626c75653f7374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/e8eaa6116e8925603a4c956a3cd23347456ffeba254d2c276a000c3f1c55f7ac/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f49534f25323032373030312d61756469742d2d72656164792d626c75653f7374796c653d666c61742d737175617265)[![GitHub Tests Action Status](https://camo.githubusercontent.com/cbfe28afac6878c8121b6822e2851d3b4aee31958ad417a9310fe19dda71983d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f6e33787430722f6c61726176656c2d70617373706f72742d617574686f72697a6174696f6e2d636f72652f72756e2d74657374732e796d6c3f6272616e63683d6d61696e266c6162656c3d7465737473267374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/cbfe28afac6878c8121b6822e2851d3b4aee31958ad417a9310fe19dda71983d/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f6e33787430722f6c61726176656c2d70617373706f72742d617574686f72697a6174696f6e2d636f72652f72756e2d74657374732e796d6c3f6272616e63683d6d61696e266c6162656c3d7465737473267374796c653d666c61742d737175617265)[![Maintainability](https://camo.githubusercontent.com/00a7a07709f00d019ddd0f15dfd0a61a8b8ab7f65cbfc5dcb1665be810760bed/68747470733a2f2f716c74792e73682f67682f4e33585430522f70726f6a656374732f6c61726176656c2d70617373706f72742d617574686f72697a6174696f6e2d636f72652f6d61696e7461696e6162696c6974792e737667)](https://qlty.sh/gh/N3XT0R/projects/laravel-passport-authorization-core)[![Code Coverage](https://camo.githubusercontent.com/649a7cd12273cd288ac8aeeb814e0f38d035fc39930c2ba3d868f3f8773afc53/68747470733a2f2f716c74792e73682f67682f4e33585430522f70726f6a656374732f6c61726176656c2d70617373706f72742d617574686f72697a6174696f6e2d636f72652f636f7665726167652e737667)](https://qlty.sh/gh/N3XT0R/projects/laravel-passport-authorization-core)[![Framework Agnostic Domain Layer](https://camo.githubusercontent.com/b29314b9cf509cf95e4defd639e19f93f3d3f9ea98550705316568e597b18e92/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6172636869746563747572652d646f6d61696e2d2d636f72652d626c75653f7374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/b29314b9cf509cf95e4defd639e19f93f3d3f9ea98550705316568e597b18e92/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6172636869746563747572652d646f6d61696e2d2d636f72652d626c75653f7374796c653d666c61742d737175617265)[![OAuth2 / Passport Compatible](https://camo.githubusercontent.com/1bb3b7b0b71c1279c1381732c2bea7b0c147652afec7d86c95bbebbfcdb69f2d/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6f61757468322d6c61726176656c25323070617373706f72742d626c75653f7374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/1bb3b7b0b71c1279c1381732c2bea7b0c147652afec7d86c95bbebbfcdb69f2d/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6f61757468322d6c61726176656c25323070617373706f72742d626c75653f7374796c653d666c61742d737175617265)[![Total Downloads](https://camo.githubusercontent.com/08be090257359427b3d8054406629db351d095dcab3a5bdb49259d8992cff09f/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6e33787430722f6c61726176656c2d70617373706f72742d617574686f72697a6174696f6e2d636f72652e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/n3xt0r/laravel-passport-authorization-core) --- Overview -------- [](#overview) **Laravel Passport Authorization Core** provides a **domain model and use cases** for structured access control on top of Laravel Passport. Instead of implicit authorization scattered across your codebase, it offers an explicit permission model: \*\*resources \*\* (user, invoice, report) + **actions** (read, create, delete) stored in the database as queryable facts. You implement enforcement however you need—middleware, policies, guards, custom logic. Single source of truth. No opinions about how you validate. --- The Problem ----------- [](#the-problem) ### Without This Package [](#without-this-package) - Scopes are undocumented strings with no structure - Permissions defined in code, config, and middleware—scattered - No way to query "what can this client do?" - Manual governance, impossible to audit - Example: Dropbox integration created via CLI, permissions unclear, no visibility ### With This Package [](#with-this-package) - Permissions stored as `resource:action` in the database - Single, queryable source of truth - Clear what each client/user can do - Full audit trail, systematic governance - Example: Same client, explicit permissions visible in UI, queryable via code, revokable with confidence --- How It Works ------------ [](#how-it-works) 1. Define Resources and Actions 2. Query & manage Grants via Use Cases 3. Implement enforcement in your app (middleware, policies, etc.) --- **Resources:** Entities needing permission control (user, invoice, report, etc.) **Actions:** Operations you control. Global (`list`, `read`, `create`, `update`, `delete`) or resource-specific (`export`, `approve`). **Grants:** Permissions assigned to any `OAuthenticatable` entity (User, Client, ServiceAccount, or custom). - Polymorphic: who has the permission? - `resource_id` + `action_id`: which permission? - `context_client_id` (optional): in context of which client? **Use Cases:** Encapsulated business logic to manage permissions (see [Usecase Overview](docs/usecases/index.md)). --- What This Package Does ---------------------- [](#what-this-package-does) - Domain model for structured access control - Use cases for managing permissions - Polymorphic grant storage (User, Client, ServiceAccount, custom entities) - Single source of truth for permissions - Support for custom Passport models --- What This Package Does NOT Do ----------------------------- [](#what-this-package-does-not-do) - Enforce permissions (you implement that) - Implement OAuth flows - Modify Passport internals - Assume your application architecture - Provide UI or middleware --- Requirements ------------ [](#requirements) - PHP ^8.4 - Laravel ^12 - Laravel Passport ^13 --- Installation ------------ [](#installation) ``` composer require n3xt0r/laravel-passport-authorization-core php artisan vendor:publish --tag=passport-authorization-core-config ``` --- Documentation ------------- [](#documentation) - **[Usage](docs/usage.md)** – Working with resources, actions, and use cases - **[Usecase Overview](docs/usecases/index.md)** – Complete reference of available use cases - **[Configuration](docs/configuration.md)** – Custom Passport models, extensibility --- Audit & Compliance ---------------------- [](#audit--compliance) - Permissions are explicit database facts, not implicit configuration - Authorization context is deterministic and queryable - Full audit trail via activity logging - Supports auditability requirements commonly found in ISO 27001–aligned systems. --- Relationship to Filament Passport UI ------------------------------------ [](#relationship-to-filament-passport-ui) This package is the **domain core** for [Filament Passport UI](https://github.com/N3XT0R/filament-passport-ui): - Core: domain model + use cases - Filament UI: admin interface for managing permissions - Independent evolution with stable boundary --- Status ------ [](#status) Actively developed. Feedback and contributions welcome. ### Health Score 48 — FairBetter than 95% of packages Maintenance89 Actively maintained with recent releases Popularity22 Limited adoption so far Community12 Small or concentrated contributor base Maturity58 Maturing project, gaining track record Bus Factor1 Top contributor holds 99.5% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~10 days Recently: every ~17 days Total 8 Last Release 57d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/8dbd2b0984ee6f62b6c5c3356b0e0cff2f2afa5c98c4d05272eb4356e080d545?d=identicon)[N3XT0R](/maintainers/N3XT0R) --- Top Contributors [![N3XT0R](https://avatars.githubusercontent.com/u/1297846?v=4)](https://github.com/N3XT0R "N3XT0R (205 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (1 commits)") --- Tags laravelsecurityoauth2authorizationpassportDomain Driven Designauthorization-core ### Code Quality TestsPHPUnit Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/n3xt0r-laravel-passport-authorization-core/health.svg) ``` [![Health](https://phpackages.com/badges/n3xt0r-laravel-passport-authorization-core/health.svg)](https://phpackages.com/packages/n3xt0r-laravel-passport-authorization-core) ``` ### Alternatives [spatie/laravel-permission Permission handling for Laravel 12 and up 12.9k89.8M1.0k](/packages/spatie-laravel-permission)[bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[jeremy379/laravel-openid-connect OpenID Connect support to the PHP League's OAuth2 Server. Compatible with Laravel Passport. 55342.3k2](/packages/jeremy379-laravel-openid-connect)[wearedevtical/novassport A Laravel Nova tool to manage API Authentication (Passport). 663.1k](/packages/wearedevtical-novassport)[mradder/filament-logger Audit logging, activity tracking, exports, alerts, and dashboards for Filament admin panels. 141.1k](/packages/mradder-filament-logger) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)