PHPackages quvel/auth - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. quvel/auth ActiveLibrary[Authentication & Authorization](/categories/authentication) quvel/auth ========== Authentication support for the Quvel framework - handles login, logout, registration, email verification, and OAuth v1.0.0(4mo ago)04MITPHPPHP ^8.4CI passing Since Dec 21Pushed 4mo agoCompare [ Source](https://github.com/ItsIrv/quvel-api-auth)[ Packagist](https://packagist.org/packages/quvel/auth)[ RSS](/packages/quvel-auth/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependencies (14)Versions (3)Used By (0) Quvel Auth ========== [](#quvel-auth) API-first authentication package that extends Laravel Fortify with JSON responses, OAuth support, and enhanced features. Uses Fortify 1:1 with minimal overrides via container bindings. Philosophy ---------- [](#philosophy) This package wraps Laravel Fortify with quality-of-life improvements: - **API-First Responses** - Returns JSON with user data instead of redirects - **OAuth/Socialite Integration** - Social login with secure nonce-based flow - **Zero Configuration** - Auto-discovers and binds overrides via service provider - **Fortify Compatible** - Use standard `config/fortify.php` to enable/disable features Installation ------------ [](#installation) ### 1. Install Fortify and Sanctum [](#1-install-fortify-and-sanctum) ``` composer require laravel/fortify laravel/sanctum laravel/socialite php artisan fortify:install php artisan sanctum:install php artisan migrate ``` ### 2. Install Quvel Auth [](#2-install-quvel-auth) ``` composer require quvel/auth ``` That's it. The package auto-discovers and registers its service provider. ### 3. Configure Fortify [](#3-configure-fortify) Edit `config/fortify.php`: ``` 'prefix' => 'auth', // Routes at /auth/* 'views' => false, // API-only mode 'features' => [ Features::registration(), Features::resetPasswords(), // Features::emailVerification(), Features::updateProfileInformation(), Features::updatePasswords(), Features::twoFactorAuthentication([ 'confirm' => true, 'confirmPassword' => true, ]), ], ``` ### 4. Publish Migrations (Optional) [](#4-publish-migrations-optional) ``` php artisan vendor:publish --tag=quvel-auth-migrations php artisan migrate ``` How It Works ------------ [](#how-it-works) Quvel Auth uses Laravel's container to override Fortify's default implementations: ``` // Our AuthServiceProvider automatically binds these: // Fortify uses our custom CreateNewUser action $app->singleton(CreatesNewUsers::class, CreateNewUser::class); // Fortify uses our JSON LoginResponse instead of redirects $app->singleton(LoginResponseContract::class, LoginResponse::class); // etc. ``` When Fortify's controllers run, they resolve these contracts from the container and get our implementations. No route overrides needed. Routes ------ [](#routes) Fortify provides core routes (login, register), we provide the rest: ``` # Fortify Routes (using our container bindings) POST /auth/login → JSON with user data POST /auth/register → JSON with user data # Our Custom Routes GET /auth/session → Current session info POST /auth/logout → Logout response # Password Management POST /auth/forgot-password POST /auth/reset-password # Two-Factor Authentication POST /auth/two-factor-challenge POST /auth/user/two-factor-authentication → Enable 2FA DELETE /auth/user/two-factor-authentication → Disable 2FA GET /auth/user/two-factor-qr-code GET /auth/user/two-factor-recovery-codes POST /auth/user/two-factor-recovery-codes → Regenerate codes # Profile Management PUT /auth/user/profile-information PUT /auth/user/password # OAuth (Socialite) GET /auth/provider/{provider}/redirect GET /auth/provider/{provider}/callback POST /auth/provider/{provider}/create-nonce POST /auth/provider/{provider}/redeem-nonce ``` API Responses ------------- [](#api-responses) All responses are JSON with consistent structure: **Login Success (no 2FA):** ``` { "message": "Login successful", "user": { "id": 1, "name": "...", "email": "..." }, "two_factor": false } ``` **Login Requires 2FA:** ``` { "message": "Two-factor authentication required", "two_factor": true } ``` **Registration:** ``` { "message": "Registration successful", "user": { "id": 1, "name": "...", "email": "..." } } ``` Configuration ------------- [](#configuration) ### Fortify Features [](#fortify-features) Enable/disable features in `config/fortify.php`: ``` 'features' => [ Features::registration(), // POST /auth/register Features::resetPasswords(), // POST /auth/forgot-password, etc. Features::emailVerification(), // Email verification routes Features::updateProfileInformation(), // PUT /auth/user/profile-information Features::updatePasswords(), // PUT /auth/user/password Features::twoFactorAuthentication(), // All 2FA routes ], ``` ### Socialite (OAuth) [](#socialite-oauth) Configure providers in `config/services.php`: ``` 'google' => [ 'client_id' => env('GOOGLE_CLIENT_ID'), 'client_secret' => env('GOOGLE_CLIENT_SECRET'), 'redirect' => env('GOOGLE_REDIRECT_URI'), ], ``` Disable OAuth in `config/quvel-auth.php`: ``` 'socialite' => [ 'enabled' => false, ], ``` ### Rate Limiting [](#rate-limiting) Automatically configured (5 requests/minute for login and 2FA). Override in your `AppServiceProvider` if needed: ``` use Illuminate\Support\Facades\RateLimiter; RateLimiter::for('login', fn ($request) => Limit::perMinute(10)->by($request->email . $request->ip()) ); ``` Customization ------------- [](#customization) ### Override Response Classes [](#override-response-classes) Create your own response: ``` // app/Http/Responses/CustomLoginResponse.php class CustomLoginResponse implements LoginResponseContract { public function toResponse($request): JsonResponse { return response()->json([ 'user' => $request->user()->load('roles'), 'permissions' => $request->user()->getAllPermissions(), ]); } } ``` Bind in your `AppServiceProvider`: ``` $this->app->singleton( \Laravel\Fortify\Contracts\LoginResponse::class, \App\Http\Responses\CustomLoginResponse::class ); ``` ### Override Actions [](#override-actions) Same pattern for actions: ``` $this->app->singleton( \Laravel\Fortify\Contracts\CreatesNewUsers::class, \App\Actions\Fortify\CreateNewUser::class ); ``` Advanced: Publish Routes ------------------------ [](#advanced-publish-routes) For full route customization: ``` php artisan vendor:publish --tag=quvel-auth-routes ``` Then disable package routes in `config/quvel-auth.php`: ``` 'routes' => [ 'enabled' => false, ], ``` Troubleshooting --------------- [](#troubleshooting) **Routes not showing?** ``` php artisan route:list --path=auth ``` Check that Fortify features are enabled and `views => false`. **Rate limiter errors?**Clear config cache: ``` php artisan config:clear ``` **Need to customize?**Check `AuthServiceProvider@registerFortifyOverrides()` to see all container bindings. License ------- [](#license) MIT ### Health Score 36 — LowBetter than 82% of packages Maintenance74 Regular maintenance activity Popularity3 Limited adoption so far Community6 Small or concentrated contributor base Maturity53 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 2 Last Release 148d ago Major Versions v0.1.0 → v1.0.02025-12-21 ### Community Maintainers ![](https://www.gravatar.com/avatar/375295562e477f54fbc56f9ab127afb51d2a0ff077212723db68456c95156cbf?d=identicon)[pdxapps](/maintainers/pdxapps) --- Top Contributors [![ItsIrv](https://avatars.githubusercontent.com/u/1527451?v=4)](https://github.com/ItsIrv "ItsIrv (4 commits)") --- Tags laravelAuthenticationoauthsanctumfortifyquvel ### Code Quality TestsPHPUnit Static AnalysisPHPStan, Psalm, Rector Code StyleLaravel Pint Type Coverage Yes ### Embed Badge ![Health badge](/badges/quvel-auth/health.svg) ``` [![Health](https://phpackages.com/badges/quvel-auth/health.svg)](https://phpackages.com/packages/quvel-auth) ``` ### Alternatives [laragear/two-factor On-premises 2FA Authentication for out-of-the-box. 339785.3k8](/packages/laragear-two-factor)[auth0/login Auth0 Laravel SDK. Straight-forward and tested methods for implementing authentication, and accessing Auth0's Management API endpoints. 2745.0M3](/packages/auth0-login)[hasinhayder/tyro Tyro - The ultimate Authentication, Authorization, and Role & Privilege Management solution for Laravel 12 & 13 6712.1k2](/packages/hasinhayder-tyro)[alajusticia/laravel-logins Session management in Laravel apps, user notifications on new access, support for multiple separate remember tokens, IP geolocation, User-Agent parser 2011.0k](/packages/alajusticia-laravel-logins)[vinelab/social-auth 101.3k1](/packages/vinelab-social-auth) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)