PHPackages oremis/sentinel - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. oremis/sentinel ActiveLibrary[Authentication & Authorization](/categories/authentication) oremis/sentinel =============== OREMIS centralized token validation and ability system (Sentinel) v1.0.1(5mo ago)2866↓22.2%AGPL-3.0-or-laterPHPPHP >=8.1 Since Dec 3Pushed 5mo agoCompare [ Source](https://github.com/AssociationOREMIS/sentinel)[ Packagist](https://packagist.org/packages/oremis/sentinel)[ RSS](/packages/oremis-sentinel/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (2)Versions (3)Used By (0) OREMIS Sentinel =============== [](#oremis-sentinel) **Sentinel** is a Laravel package designed for the OREMIS ecosystem. It provides a centralized mechanism for validating API tokens against the OREMIS Identity Provider (Data) and managing access control via abilities. This package allows client applications (like **App**, **Pio**, etc.) to offload authentication and authorization logic to a central authority while maintaining high performance through local caching. Features -------- [](#features) - **Remote Token Validation**: Validates Bearer tokens against the OREMIS Identity Provider. - **Ability-Based Access Control**: Checks if a token has the required permissions (abilities). - **Context Awareness**: Distinguishes between User tokens (`user_id`) and Service Account tokens (`service_id`). - **Performance**: Caches validation results locally to minimize network requests. - **Laravel Integration**: Provides Middleware, Facades, and a Service Provider for seamless integration. Installation ------------ [](#installation) Install the package via Composer: ``` composer require oremis/sentinel ``` The package will automatically register its Service Provider and Facade. Configuration ------------- [](#configuration) Publish the configuration file to your application: ``` php artisan vendor:publish --tag=sentinel-config ``` This will create `config/sentinel.php`. You can configure the behavior using environment variables in your `.env` file: ``` # The base URL of the OREMIS Identity Provider SENTINEL_BASE_URL=https://data.oremis.dev # The endpoint used to validate tokens SENTINEL_VALIDATE_ENDPOINT=/api/validate-token # How long (in seconds) to cache the validation result SENTINEL_CACHE_TTL=15 ``` Middleware Registration (Laravel 11+) ------------------------------------- [](#middleware-registration-laravel-11) In Laravel 11, you may need to manually register the middleware aliases in your `bootstrap/app.php` file to use them as string aliases in your routes. ``` // bootstrap/app.php use Illuminate\Foundation\Application; use Illuminate\Foundation\Configuration\Middleware; return Application::configure(basePath: dirname(__DIR__)) ->withRouting( web: __DIR__.'/../routes/web.php', api: __DIR__.'/../routes/api.php', commands: __DIR__.'/../routes/console.php', health: '/up', ) ->withMiddleware(function (Middleware $middleware) { $middleware->alias([ 'remote.token' => \Oremis\Sentinel\Middleware\CheckRemoteToken::class, 'sentinel.ability' => \Oremis\Sentinel\Middleware\CheckAbility::class, ]); }) ->withExceptions(function (Exceptions $exceptions) { // }) ->create(); ``` How It Works ------------ [](#how-it-works) 1. **Incoming Request**: An API request arrives at your application with a `Authorization: Bearer ` header. 2. **Middleware Interception**: The `remote.token` middleware intercepts the request. 3. **Cache Check**: It checks if the token's validity is already cached locally. 4. **Remote Validation**: If not cached, it sends a request to the configured Identity Provider (`SENTINEL_BASE_URL`). - The IDP returns the token's validity, associated abilities, and the owner (User or Service). 5. **Context Injection**: The middleware injects the `abilities`, `token_user_id`, and `token_service_id` into the request attributes. 6. **Authorization**: The `sentinel.ability` middleware (if used) checks if the injected abilities match the route requirements. Usage ----- [](#usage) ### 1. Protecting Routes [](#1-protecting-routes) Apply the middleware to your API routes. You typically need `remote.token` to validate the user, and optionally `sentinel.ability` to enforce permissions. ``` use Illuminate\Support\Facades\Route; Route::middleware(['remote.token'])->group(function () { // Route accessible to any valid token Route::get('/profile', function () { // ... }); // Route requiring specific abilities Route::middleware('sentinel.ability:ca.gdpr:create')->post('/gdpr-records', function () { // ... }); // Route requiring ANY of the listed abilities Route::middleware('sentinel.ability:admin,editor')->group(function () { // ... }); }); ``` ### 2. Using the Facade [](#2-using-the-facade) You can use the `TokenAbility` facade within your controllers or services to check permissions or retrieve context. ``` use Oremis\Sentinel\Facades\TokenAbility; public function store() { // Check for a specific ability if (TokenAbility::can('ca.gdpr:delete')) { // ... } // Enforce an ability (throws 403 if missing) TokenAbility::require('ca.gdpr:create'); // Get the ID of the authenticated user (if it's a user token) $userId = TokenAbility::userId(); // Get the ID of the service account (if it's a service token) $serviceId = TokenAbility::serviceId(); // Get all abilities $abilities = TokenAbility::abilities(); } ``` ### 3. Response Structure [](#3-response-structure) The package expects the Identity Provider to return data in the following format: ``` { "data": { "valid": true, "abilities": ["ca.gdpr:create", "user.read"], "service_id": 2, "user_id": null } } ``` - **valid**: Boolean indicating if the token is active. - **abilities**: Array of permission strings. - **service\_id**: Integer ID if the token belongs to a service account (otherwise null). - **user\_id**: Integer ID if the token belongs to a user (otherwise null). License ------- [](#license) AGPL-3.0-or-later ### Health Score 39 — LowBetter than 86% of packages Maintenance70 Regular maintenance activity Popularity22 Limited adoption so far Community6 Small or concentrated contributor base Maturity45 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 2 Last Release 166d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/32e579bb0f4b00d9e84bbdf92bb72f4081170b9a81c29f350aeb49f629f8e219?d=identicon)[AssociationOREMIS](/maintainers/AssociationOREMIS) --- Top Contributors [![iamlucas13](https://avatars.githubusercontent.com/u/160142395?v=4)](https://github.com/iamlucas13 "iamlucas13 (9 commits)") ### Embed Badge ![Health badge](/badges/oremis-sentinel/health.svg) ``` [![Health](https://phpackages.com/badges/oremis-sentinel/health.svg)](https://phpackages.com/packages/oremis-sentinel) ``` ### Alternatives [tymon/jwt-auth JSON Web Token Authentication for Laravel and Lumen 11.5k49.1M350](/packages/tymon-jwt-auth)[php-open-source-saver/jwt-auth JSON Web Token Authentication for Laravel and Lumen 8359.8M53](/packages/php-open-source-saver-jwt-auth)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth)[josiasmontag/laravel-recaptchav3 Recaptcha V3 for Laravel package 2641.6M2](/packages/josiasmontag-laravel-recaptchav3)[laragear/two-factor On-premises 2FA Authentication for out-of-the-box. 339785.3k8](/packages/laragear-two-factor)[jurager/teams Laravel package to manage team functionality and operate with user permissions. 22817.3k](/packages/jurager-teams) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)