PHPackages                             rcerljenko/laravel-paseto - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. rcerljenko/laravel-paseto

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

rcerljenko/laravel-paseto
=========================

Simple PASETO Auth for Laravel PHP Framework

2.2.0(2y ago)231.7k2MITPHPPHP ^8.1

Since Sep 23Pushed 2y ago1 watchersCompare

[ Source](https://github.com/rcerljenko/laravel-paseto)[ Packagist](https://packagist.org/packages/rcerljenko/laravel-paseto)[ Docs](https://github.com/rcerljenko/laravel-paseto)[ RSS](/packages/rcerljenko-laravel-paseto/feed)WikiDiscussions master Synced 3w ago

READMEChangelog (10)Dependencies (5)Versions (14)Used By (0)

Laravel PASETO
==============

[](#laravel-paseto)

Simple PASETO Auth for Laravel PHP Framework using [paragonie/paseto](https://github.com/paragonie/paseto) under the hood.

Installation
------------

[](#installation)

Standard [Composer](https://getcomposer.org/download) package installation:

```
composer require rcerljenko/laravel-paseto -v
```

Usage
-----

[](#usage)

1. Publish the config file. This will create a `config/paseto.php` file for basic configuration options.

```
php artisan vendor:publish --provider="RCerljenko\LaravelPaseto\LaravelPasetoServiceProvider" --tag="config"
```

2. Add a new auth guard to your auth config file using a `paseto` driver.

```
// config/auth.php

'guards' => [
 'web' => [
  'driver' => 'session',
  'provider' => 'users',
 ],

 'api' => [
  'driver' => 'paseto',
  'provider' => 'users',
 ],
],
```

3. Protect your API routes using this new guard.

```
// routes/api.php

use Illuminate\Support\Facades\Route;

Route::middleware('auth:api')->group(function () {
 // PASETO protected routes
});
```

4. Use provided `HasPaseto` trait from this package on your Auth model (eg. User).

```
namespace App\Models;

use Illuminate\Notifications\Notifiable;
use RCerljenko\LaravelPaseto\Traits\HasPaseto;
use Illuminate\Foundation\Auth\User as Authenticatable;

class User extends Authenticatable
{
 use Notifiable, HasPaseto;
}
```

You now have access to `token()` method on your User model, eg:

```
$user = User::findOrFail(1);
$user->token();
```

You should probably return this token via Login Controller or User Resource.

Configuration
-------------

[](#configuration)

This package provides simple configuration via `config/paseto.php` file after you publish the config. Let's go over each configuration option.

- `secret-key` - Secret key to use when encoding / decoding tokens. It has to be a 32 byte long random string. Remember, if you change this key all active PASETO tokens will be invalidated.
- `expiration` - Default token expiration time in minutes. You can set it to `null` and the tokens will never expire.
- `issuer` - Token issuer claim.
- `audience` - Token audience claim.
- `claims` - Default claims that will be applied to all tokens (besides the required ones needed for decoding and validation).

This was global configuration for all tokens. Besides that, library provides a local per-model configuration via `HasPaseto` trait helper methods.

- `getJwtId()` - It should return the model unique key used to retrieve that model from database. It defaults to model primary key.
- `getJwtValidFromTime()` - It should return `null` (default) or a Carbon instance. You can use that if you want to create tokens which are not active right away.
- `getJwtValidUntilTime()` - It should return `null` or a Carbon instance. This sets the JWT expiration time which, by default, uses the `expiration` option from the config file.
- `getJwtCustomClaims()` - Should return a key/value array of extra custom claims that you want to be a part of your token. By default it's an empty array.

You can also use configuration directly on the `token()` method which then overrides all other configurations, eg:

```
$user->token([
 'id' => $user->email,
 'valid_from' => now()->addHour(),
 'valid_until' => now()->addDay(),
 'claims' => [
  'extra1' => 'foo',
  'extra2' => 'bar'
 ]
]);
```

You don't need to override all configuration options, just the ones that you wish to change.

Request
-------

[](#request)

Token is extracted from the request in one of three ways:

1. From `Authorization: Bearer {token}` header (most common).
2. From URL query param `token`.
3. From request payload using `token` field name.

###  Health Score

34

—

LowBetter than 75% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity25

Limited adoption so far

Community9

Small or concentrated contributor base

Maturity67

Established project with proven stability

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~83 days

Recently: every ~220 days

Total

13

Last Release

746d ago

Major Versions

1.6.0 → 2.0.02022-06-03

PHP version history (2 changes)1.0.0PHP ^7.4|^8.0

2.0.0PHP ^8.1

### Community

Maintainers

![](https://www.gravatar.com/avatar/6d38da6a9b613667299b628c4c254865b340109c51554140ad8356a4cc5c5e7a?d=identicon)[rcerljenko](/maintainers/rcerljenko)

---

Top Contributors

[![rcerljenko](https://avatars.githubusercontent.com/u/16762056?v=4)](https://github.com/rcerljenko "rcerljenko (6 commits)")

---

Tags

laravelpaseto

###  Code Quality

Code StylePHP CS Fixer

### Embed Badge

![Health badge](/badges/rcerljenko-laravel-paseto/health.svg)

```
[![Health](https://phpackages.com/badges/rcerljenko-laravel-paseto/health.svg)](https://phpackages.com/packages/rcerljenko-laravel-paseto)
```

###  Alternatives

[spatie/laravel-permission

Permission handling for Laravel 12 and up

12.9k102.4M1.4k](/packages/spatie-laravel-permission)[laravel/pulse

Laravel Pulse is a real-time application performance monitoring tool and dashboard for your Laravel application.

1.7k15.1M132](/packages/laravel-pulse)[psalm/plugin-laravel

Psalm plugin for Laravel

3355.3M346](/packages/psalm-plugin-laravel)[php-open-source-saver/jwt-auth

JSON Web Token Authentication for Laravel and Lumen

84611.1M63](/packages/php-open-source-saver-jwt-auth)[laravel/ai

The official AI SDK for Laravel.

1.0k3.2M195](/packages/laravel-ai)[illuminate/auth

The Illuminate Auth package.

10528.2M1.2k](/packages/illuminate-auth)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
