PHPackages                             rehankanak/guardian - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. rehankanak/guardian

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

rehankanak/guardian
===================

Laravel package for verifying desktop sign-in via a mobile app

1.1.0(6mo ago)615MITPHPPHP ^8.1

Since Feb 15Pushed 6mo ago1 watchersCompare

[ Source](https://github.com/zusamarehan/guardian)[ Packagist](https://packagist.org/packages/rehankanak/guardian)[ Docs](https://github.com/zusamarehan/guardian)[ GitHub Sponsors](https://github.com/zusamarehan)[ RSS](/packages/rehankanak-guardian/feed)WikiDiscussions main Synced 2d ago

READMEChangelog (2)Dependencies (5)Versions (4)Used By (0)

Verifying Desktop sign-in via Mobile app
========================================

[](#verifying-desktop-sign-in-via-mobile-app)

[![Latest Version on Packagist](https://camo.githubusercontent.com/a96bbeb1d17b8c42b11f7f6d0915b2d48ab7675238b13505bb0a87e65f477b8c/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f726568616e6b616e616b2f677561726469616e2e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/rehankanak/guardian)[![Total Downloads](https://camo.githubusercontent.com/17bce7d0f4039151fe7d755c6b98700409a52c65cffc26517ebe2426e98f4e87/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f726568616e6b616e616b2f677561726469616e3f7374796c653d666c61742d737175617265)](https://packagist.org/packages/rehankanak/guardian)

This Laravel package helps your application to verify a user's sign-in on a desktop browser via a mobile app. It works by generating a set of options, to which the user responds via the mobile app. If the user responds correctly, then the sign-in is verified and can be authorized.

We have the following **GuardingType** in our package

- **INPUT**: The user inputs a code, into the mobile app.
- **PRESS**: The users presses a code, into the mobile app.
- **APPROVE/DENY**: The user approves or denies the sign-in request, via the mobile app.

### The package provides the following routes:

[](#the-package-provides-the-following-routes)

- `POST /api/guardian/generate`
    - This route is used to generate a Guardian for the user to respond to.
- `POST /api/guardian/respond`
    - This route is used to respond to the Guardian via the Mobile app.
- `POST /api/guardian/status`
    - This route is used to verify the user's response and authorize the sign-in.

The Flow:
---------

[](#the-flow)

Desktop
-------

[](#desktop)

1. When the user tries to sign-in on the desktop, and when the user credentials are verified, generate a Guardian for the user to respond to.
    - Use the `POST /api/guardian/generate` route to generate a Guardian, with the users `uuid`
    - Once, the guardian is generated, trigger a notification to the user with the **GuardianType** and the **GuardianOption** obtained in the previous step.
2. Poll the `POST /api/guardian/status` route to check if the user has responded to the Guardian, this can give you three types of results
    - **-1**: The user has not responded yet
    - 0: The user has responded, with incorrect response
    - **1**: The user has responded, with the correct response
3. Based on the Status, you can either authorize the sign-in or ask the user to respond again or generate a fresh guardian.

Mobile
------

[](#mobile)

- Show a UI to the user, based on the **GuardianType** and **GuardianOption**
    - **INPUT**: Show a text input to the user, to input the code
    - **PRESS**: Show a list of codes to the user, to press the right code
    - **APPROVE/DENY**: Show two buttons to the user, to approve or deny the sign-in request
- When the user responds, use the `POST /api/guardian/respond` route to send the response to the server.

Installation
------------

[](#installation)

You can install the package via composer:

```
composer require rehankanak/guardian
```

Contributing
------------

[](#contributing)

This is a community driven package. If you find any errors, please create a pull request with the fix, or at least open an issue.

Testing
-------

[](#testing)

```
composer test
```

Credits
-------

[](#credits)

- [Rehan Kanak](https://github.com/zusamarehan)
- [All Contributors](../../contributors)

License
-------

[](#license)

The MIT License (MIT). Please see [License File](LICENSE.md) for more information.

###  Health Score

37

—

LowBetter than 81% of packages

Maintenance66

Regular maintenance activity

Popularity11

Limited adoption so far

Community7

Small or concentrated contributor base

Maturity53

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~667 days

Total

2

Last Release

202d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/12650475?v=4)[usamarehan](/maintainers/usamarehan)[@usamarehan](https://github.com/usamarehan)

---

Top Contributors

[![zusamarehan](https://avatars.githubusercontent.com/u/16372780?v=4)](https://github.com/zusamarehan "zusamarehan (3 commits)")

---

Tags

laravelsecurityAuthentication2faTwo Factor Authentication

###  Code Quality

TestsPest

Static AnalysisPHPStan

Code StyleLaravel Pint

Type Coverage Yes

### Embed Badge

![Health badge](/badges/rehankanak-guardian/health.svg)

```
[![Health](https://phpackages.com/badges/rehankanak-guardian/health.svg)](https://phpackages.com/packages/rehankanak-guardian)
```

###  Alternatives

[hasinhayder/tyro

Tyro - The ultimate Authentication, Authorization, and Role &amp; Privilege Management solution for Laravel 12 &amp; 13

6804.7k6](/packages/hasinhayder-tyro)[awes-io/auth

Laravel Authentication package with built-in two-factor (Authy) and social authentication (Socialite).

3826.7k1](/packages/awes-io-auth)[alajusticia/laravel-logins

Session management in Laravel apps, user notifications on new access, support for multiple separate remember tokens, IP geolocation, User-Agent parser

2014.5k](/packages/alajusticia-laravel-logins)[remotemerge/totp-php

Lightweight, fast, and secure TOTP (2FA) authentication library for PHP — battle tested, dependency free, and ready for enterprise integration.

2118.5k](/packages/remotemerge-totp-php)[hosseinhezami/laravel-permission-manager

Advanced permission manager for Laravel.

383.3k](/packages/hosseinhezami-laravel-permission-manager)[sicaboy/laravel-mfa

A Laravel package of Multi-factor Authentication (MFA/2FA) with a middleware.

101.3k](/packages/sicaboy-laravel-mfa)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
