PHPackages ovarun/laravel-hmac-auth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. ovarun/laravel-hmac-auth ActiveLibrary[Authentication & Authorization](/categories/authentication) ovarun/laravel-hmac-auth ======================== Secure HMAC authentication module for Laravel APIs v1.0.0(9mo ago)11MITPHPPHP ^8.0 Since Jul 24Pushed 9mo agoCompare [ Source](https://github.com/ovarun/laravel-hmac-auth)[ Packagist](https://packagist.org/packages/ovarun/laravel-hmac-auth)[ RSS](/packages/ovarun-laravel-hmac-auth/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (1)Dependencies (1)Versions (4)Used By (0) ๐Ÿ” Laravel HMAC Auth Package =========================== [](#-laravel-hmac-auth-package) [![Latest Version on Packagist](https://camo.githubusercontent.com/33f485ce8ebf979247b9af670db2bcbe4f4800e18ce6629ccc9ccf2efc10efc4/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6f766172756e2f6c61726176656c2d686d61632d617574682e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/ovarun/laravel-hmac-auth)[![Total Downloads](https://camo.githubusercontent.com/43606c0b49665c8f92a7f9f2980653693a62e1cec0dae2a0c8a2d381e7fda3d5/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6f766172756e2f6c61726176656c2d686d61632d617574682e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/ovarun/laravel-hmac-auth) Secure, stateless HMAC authentication for Laravel APIs โ€” built for partner APIs, internal microservices, and multi-platform consumers (Angular, .NET, Python, Drupal). --- ๐Ÿ“ฆ Requirements -------------- [](#-requirements) - PHP 8.0+ - Laravel 10.x - Composer - OpenSSL / `hash_pbkdf2` support --- ๐Ÿš€ Installation -------------- [](#-installation) Install directly via Packagist: ``` composer require ovarun/laravel-hmac-auth ``` Publish the config and migrations: ``` php artisan vendor:publish --tag=hmac-auth php artisan migrate ``` --- โš™๏ธ Initial Setup ---------------- [](#๏ธ-initial-setup) Run the interactive setup to auto-generate secure HMAC key and salt: ``` php artisan hmac:setup ``` This adds to your `.env`: ``` HMAC_SECRET_GENERATOR_KEY='...' HMAC_SECRET_GENERATOR_SALT='...' ``` These are used for deterministic, secure secret generation per client. --- ๐Ÿ” Register HMAC Clients ----------------------- [](#-register-hmac-clients) Register a new client via: ``` php artisan hmac:client-create ``` - Prompts for Client Name (and optional Client ID) - Normalizes ID (lowercase, hyphenated, clean) - Generates PBKDF2-based 256-bit secret - Saves to `hmac_clients` table --- ๐Ÿ›ก Middleware Usage ------------------ [](#-middleware-usage) Apply HMAC protection to your API routes. ### Register Middleware in `app/Http/Kernel.php`: [](#register-middleware-in-apphttpkernelphp) ``` 'verify.hmac' => \Ovarun\HmacAuth\Http\Middleware\VerifyHmacSignature::class, ``` ### Use in Routes: [](#use-in-routes) ``` Route::middleware('verify.hmac')->group(function () { Route::post('/api/secure-endpoint', [SecureController::class, 'handle']); }); ``` --- ๐Ÿ“ค Client-Side Authentication ---------------------------- [](#-client-side-authentication) Clients must include these HTTP headers: ``` X-CLIENT-ID: partner-app-1 X-TIMESTAMP: 2025-07-24T14:05:00Z X-SIGNATURE: {hmac_sha256_signature} ``` Signature is built from: ``` $message = $timestamp . $method . $path . $body ``` Then: ``` hash_hmac('sha256', $message, $clientSecret); ``` --- ๐Ÿงช Security Best Practices ------------------------- [](#-security-best-practices) - Always use HTTPS - Rotate secrets on a schedule - Use short timestamp tolerance (`config/hmac.php`) - Pair with IP whitelisting or rate limits - Never log or expose the secret in responses --- ๐Ÿ“„ License --------- [](#-license) MIT ยฉ [arun o v](https://packagist.org/packages/ovarun/laravel-hmac-auth) ### Health Score 29 โ€” LowBetter than 60% of packages Maintenance56 Moderate activity, may be stable Popularity3 Limited adoption so far Community6 Small or concentrated contributor base Maturity43 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits โ€” single point of failure How is this calculated?**Maintenance (25%)** โ€” Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** โ€” Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** โ€” Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** โ€” Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 3 Last Release 293d ago Major Versions v1.x-dev โ†’ v2.x-dev2025-07-24 PHP version history (2 changes)v1.0.0PHP ^8.0 v2.x-devPHP ^8.3 ### Community Maintainers ![](https://www.gravatar.com/avatar/2ef3a9cc96359e5685c93684e67d1eaecf8059b15491da6813606528ebea28e7?d=identicon)[ovarun](/maintainers/ovarun) --- Top Contributors [![ovarun](https://avatars.githubusercontent.com/u/26575962?v=4)](https://github.com/ovarun "ovarun (5 commits)") ### Embed Badge ![Health badge](/badges/ovarun-laravel-hmac-auth/health.svg) ``` [![Health](https://phpackages.com/badges/ovarun-laravel-hmac-auth/health.svg)](https://phpackages.com/packages/ovarun-laravel-hmac-auth) ``` ### Alternatives [bezhansalleh/filament-shield Filament support for `spatie/laravel-permission`. 2.8k2.9M88](/packages/bezhansalleh-filament-shield)[illuminate/auth The Illuminate Auth package. 9327.3M1.0k](/packages/illuminate-auth)[olssonm/l5-very-basic-auth Laravel stateless HTTP basic auth without the need for a database 1662.5M1](/packages/olssonm-l5-very-basic-auth)[stechstudio/laravel-jwt Helper package that makes it easy to generate, consume, and protect routes with JWT tokens in Laravel 126117.6k](/packages/stechstudio-laravel-jwt)[scaler-tech/laravel-saml2 SAML2 Service Provider integration for Laravel applications, based on OneLogin toolkit 2737.5k](/packages/scaler-tech-laravel-saml2)[truckersmp/steam-socialite Laravel Socialite provider for Steam OpenID. 1516.7k](/packages/truckersmp-steam-socialite) PHPackages ยฉ 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)