PHPackages paschaldev/laravauth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. paschaldev/laravauth ActiveLibrary[Authentication & Authorization](/categories/authentication) paschaldev/laravauth ==================== Laravel authentication with a twist. 1.0.3(7y ago)162967[3 issues](https://github.com/paschaldev/laravauth/issues)MITPHP Since Aug 9Pushed 7y ago1 watchersCompare [ Source](https://github.com/paschaldev/laravauth)[ Packagist](https://packagist.org/packages/paschaldev/laravauth)[ RSS](/packages/paschaldev-laravauth/feed)WikiDiscussions master Synced 3d ago READMEChangelogDependencies (4)Versions (6)Used By (0) Laravauth ========= [](#laravauth) > Laravel authentication with a twist. **Laravauth** is an authentication package for laravel that uses a different technique other than the traditional authentication methods. **REQUIREMENTS: Laravel >= 5.4** Synopsis -------- [](#synopsis) This package works by hooking. How? Simply hooks to the `login` route, intercepts it and continues work from there. The first step to hooking is from your route, the default route is a post request to `login`, once there is a request to that route, the plugin comes alive. The following modes of authorization are available: 1. Email Token 2. Two Factor Authorization (SMS) ##### Email Token [](#email-token) This type of authorization does not require passwords. The user simply provides his email address (must have been a registered user), if the email is present in the database, a temporary login link containing a secure token is sent to the user's email address. This login link is only valid for a specific amount of time, the default is 10minutes after which the link becomes invalid and the user will have to make a new login request. ##### Two Factor Authorization (SMS) [](#two-factor-authorization-sms) Two Factor Authorization is an extra layer of security that ensures the user has another "thing they have" to couple with the "thing they know". The "thing they know" is usually their password, the "thing they have" for this case is a personal mobile number a token is sent to. [Read more](https://www.google.com.ng/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&cad=rja&uact=8&ved=0ahUKEwiZpdqFy8nVAhXCL1AKHR9HAboQFghMMAM&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FMulti-factor_authentication&usg=AFQjCNG5ZrSt445-9PIhTFVh7goI4j6Jbw "Wikipedia - Multi-factor authorization") This mode of authorization requires password and a phone number for the user. After the user provides his login credentials, default is `email` and `password`, **Laravauth** serves a page requesting a token, a short lived token valid for a specific amount of time (default is 10minutes) is sent to the user's phone. The user provides the token, if it's valid, the user is authenticated. Installation ------------ [](#installation) The installation process of this package is a breeze. The first step is to require with composer. ``` $ composer require paschaldev/laravauth ``` Open `app.php` in your config directory of your laravel installation and add this line in the `providers` array. ``` PaschalDev\Laravauth\Providers\LaravauthServiceProvider::class, ``` You will need to publish the configuration and view files. ``` $ php artisan vendor:publish --provider="PaschalDev\Laravauth\Providers\LaravauthServiceProvider" ``` **Laravauth** alters the user's table and adds extra columns it uses for authentication. Next step is to migrate the database. > Make sure your database has been setup and working fine before proceeding. The default configuration assumes the user's model is `App\Users`, if this is not so in your application, please skip this step, update your laravauth configuration to reflect this change before running the command below. Now run: ``` $ php artisan migrate ``` If all is good, migration is successful. That's all there is to do. Installation complete. Usage ----- [](#usage) **Laravauth** does not ship with a `login` view, you can use your present `login` view and just make slight changes. Depending on the mode you choose, there are different ways to make things work. The configuration file has everything you'll need to tweak the package so that it plugs in perfectly to your application. **Laravauth** requires little or no alteration of your previous application code, everything works seamlessly from start to finish. You don't need to bend your codes at all, all you need to is make sure to key in the right configuration values in your **laravauth** config file `laravauth.php` in the config directory after you must have published. #### Email Token [](#email-token-1) This is the default mode. All that is required in this mode is an input in the login view that contains the user's email. Like below: ``` ``` **Laravauth** uses `email` as the default. If your login view has a name that is not `email`, say for example: ``` ``` You'll need to update your **Laravauth** configuration file to match this, open the config file `laravauth.php` and change the config `login_id` to `user_email` and you're good to go. **Laravauth** also assumes the email column on the user's table is named `email`, if it is anything other than that, change the config `login_id_rel` to match the name of the email column on the user's table. P.S: Very important, make sure your app `url` in laravel's `app.php` config file is set to the correct value else the package might generate invalid links. #### Two Factor Authorization (SMS) [](#two-factor-authorization-sms-1) This mode of authorization requires an SMS provider. Several providers are shipped with this package: 1. [Nexmo](http://nexmo.com) 2. [Twilio](http://twilio.com) 3. [MessageBird](http://messagebird.com) You can choose your preferred provider by changing the value in the `laravauth` config file. Look for the option `two_factor_sms`, its an array that contains specific configuration for the two factor sms mode. Inside the array is a `gateway` option you can toggle. Possible values are `nexmo` and `twilio`. Each of these providers have their own specific requirements. You are required to register with any provider of your choice. PS: Using this option, you know you should have a large amount of balance to be able to accommodate the frequent logins. ##### Nexmo [](#nexmo) Nexmo requires the following to be added and set in your `.env` file: ``` NEXMO_KEY=xxxxxx NEXMO_SECRET=xxxxxx NEXMO_FROM=xxxxxx ``` You can get your Nexmo key and secret from your dashboard after creating account. ##### Twilio [](#twilio) Twilio requires the following to be added in your `.env` file: ``` TWILIO_SID=xxxxxx TWILIO_TOKEN=xxxxx TWILIO_FROM=xxxxx ``` You can get all the values from your Twilio dashboard. The `TWILIO_FROM` is a phone number you get when you are done creating account. This is where your SMS will originate from. ##### MessageBird [](#messagebird) MessageBird requires the following to be added and set in your `.env` file: ``` MESSAGEBIRD_KEY=xxxxxx MESSAGEBIRD_FROM=xxxxxx ``` You can get your MessageBird key from your dashboard after creating account. --- After setting the SMS providers, you are almost there. Now you need to tell **Laravauth** how to retrieve a user's phone number by adding the following method to your user model: `laravauthPhone()`. ``` class User extends Authenticatable { use Notifiable; . . . public function laravauthPhone() { //The logic to retrieve user's phone number. } } ``` Next thing is the view that validates the token. In this mode, it requires the user logs in with `email` and `password` by default. If your login is not like this, maybe you use `username` and `password`, no problem, just update your configuration file and set the `login_id` and `login_id_rel` to the correct value. These two options are required to be passed from your `login` view, a corresponding `email` or whatever the case may be and `password`. Also, if your password uses another name other than `password`, make sure to update the `password_id` in the configuration and also the `password_id_rel` if the password column on the user's table in the database uses another name other than 'password'. Once a user logs in and the credentials are valid, a page asking for the token is served. **Laravauth** ships with a sample working page. The major thing is the markup seen below: ``` Submit {{ csrf_field() }} ``` **Laravauth** uses a different route for validating authentication, which can be customized in your config file, look for `validator_route` and adjust to suit your needs. The default is `'validate'`. The form's action attribute should point to the validator route, the method should also be `POST`. The other thing required is a `token` input. This should not be confused with Laravel's own `_token` for protecting against CSRF (Cross-Site Request Forgery). You can change the name of the `token` variable used by **Laravauth** by updating the `token_var` option in the config file, the default is `'token'`. **Laravauth** has an helper method to output this variable name `laravauth_token_var_name()` so you don't need bother much, just output the function in the `name` attribute of the input that will be sent to the `validator` route. Once the form is submitted, the `validator` confirms if it's a valid token, if not the page is re-served. If it's valid, the user is authenticated and redirected to the auth page you define. Configuration ============= [](#configuration) **Laravauth** comes with a handful of configuration, you can check the `laravauth` config file for all available options, they are documented so it should be easy to see what they do. One notable option is `soft_disable`. If you will like to disable **Laravauth** temporarily without removing the package, just set this value to `true` and **Laravauth** goes to sleep mode, it doesnt intercept your login. Another very important option is the `user_model` option. This should point to the model that access your user table. The default is `App\User` which is Laravel's default. For more options, check the configuration file. ### Health Score 33 — LowBetter than 75% of packages Maintenance16 Infrequent updates — may be unmaintained Popularity22 Limited adoption so far Community14 Small or concentrated contributor base Maturity67 Established project with proven stability Bus Factor1 Top contributor holds 52.9% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~203 days Total 4 Last Release 2590d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/7db5d6a3181cbaae099d63d2df30694ec0f7f7d38137288da9b56ea75e21df7c?d=identicon)[paschaldev](/maintainers/paschaldev) --- Top Contributors [![paschaldev](https://avatars.githubusercontent.com/u/13323281?v=4)](https://github.com/paschaldev "paschaldev (18 commits)")[![kim-dongit](https://avatars.githubusercontent.com/u/17615168?v=4)](https://github.com/kim-dongit "kim-dongit (14 commits)")[![SwenVanZanten](https://avatars.githubusercontent.com/u/3099122?v=4)](https://github.com/SwenVanZanten "SwenVanZanten (2 commits)") --- Tags authenticationlaravauthlaravellaravelauthAuthentication2fatwilionexmolaravauth ### Embed Badge ![Health badge](/badges/paschaldev-laravauth/health.svg) ``` [![Health](https://phpackages.com/badges/paschaldev-laravauth/health.svg)](https://phpackages.com/packages/paschaldev-laravauth) ``` ### Alternatives [ellaisys/aws-cognito AWS Cognito package that allows Auth and other related features using the AWS SDK for PHP 120220.7k1](/packages/ellaisys-aws-cognito)[awes-io/auth Laravel Authentication package with built-in two-factor (Authy) and social authentication (Socialite). 3826.7k1](/packages/awes-io-auth)[vinkas/firebase-auth-laravel Firebase Authentication package for Laravel PHP Framework 392.1k](/packages/vinkas-firebase-auth-laravel) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)