PHPackages                             s1b-team/s1b-passport-guard - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Logging & Monitoring](/categories/logging)
4. /
5. s1b-team/s1b-passport-guard

ActiveLaravel-package[Logging & Monitoring](/categories/logging)

s1b-team/s1b-passport-guard
===========================

Advanced OAuth2 token monitoring & threat detection for Laravel Passport

v1.1.0(5mo ago)11proprietaryPHPPHP ^8.2CI passing

Since Dec 10Pushed 5mo agoCompare

[ Source](https://github.com/ind4skylivey/S1bPassport-guard)[ Packagist](https://packagist.org/packages/s1b-team/s1b-passport-guard)[ RSS](/packages/s1b-team-s1b-passport-guard/feed)WikiDiscussions main Synced 1mo ago

READMEChangelog (2)Dependencies (4)Versions (3)Used By (0)

[![S1b Passport Guard Banner](.github/assets/banner.png)](.github/assets/banner.png)

S1b Passport Guard 🛡
====================

[](#s1b-passport-guard-)

[![Laravel](https://camo.githubusercontent.com/72f904fd603ff495f238fe71437367d4aa103ea72f48c4ee20b2e3a1629ef296/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c61726176656c2d31312e782d726564)](https://camo.githubusercontent.com/72f904fd603ff495f238fe71437367d4aa103ea72f48c4ee20b2e3a1629ef296/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c61726176656c2d31312e782d726564)[![PHP](https://camo.githubusercontent.com/87a9b94eb012dd8b2e6f9b91a6ceda9768e1bb9ea33ea60f540c3490534683ad/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d382e322b2d626c7565)](https://camo.githubusercontent.com/87a9b94eb012dd8b2e6f9b91a6ceda9768e1bb9ea33ea60f540c3490534683ad/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d382e322b2d626c7565)[![License](https://camo.githubusercontent.com/f8df3091bbe1149f398a5369b2c39e896766f9f6efba3477c63e9b4aa940ef14/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d677265656e)](https://camo.githubusercontent.com/f8df3091bbe1149f398a5369b2c39e896766f9f6efba3477c63e9b4aa940ef14/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d677265656e)[![OAuth](https://camo.githubusercontent.com/5954793e0a8dfadca1140a59abc92813e9386b30afa3bdb00d3fc8da9520c9a0/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4f417574682d322e302d6f72616e6765)](https://camo.githubusercontent.com/5954793e0a8dfadca1140a59abc92813e9386b30afa3bdb00d3fc8da9520c9a0/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4f417574682d322e302d6f72616e6765)[![Latest Version](https://camo.githubusercontent.com/62f8f7540495d10c88c94fe458ffa2d69eaa31f5380e6237be67ad50fc0d09db/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f7331622d7465616d2f7331622d70617373706f72742d6775617264)](https://packagist.org/packages/s1b-team/s1b-passport-guard)

**Keywords:** Laravel Passport monitoring, OAuth token analytics, Laravel security, API token management, Laravel Passport dashboard, OAuth threat detection, token lifecycle tracking, Laravel security audit

Advanced OAuth2 token monitoring & threat detection for Laravel Passport. Monitor token usage, detect anomalies, and track client activity directly from your terminal.

⚡ Quick Start (60 seconds)
--------------------------

[](#-quick-start-60-seconds)

```
composer require s1b-team/s1b-passport-guard
php artisan vendor:publish --provider="S1bTeam\\PassportGuard\\S1bPassportGuardServiceProvider"
php artisan migrate
php artisan s1b:guard  # 🎉 Done!
```

🚀 Features
----------

[](#-features)

- **Real-time Dashboard:** View active tokens, expiration rates, and top clients.
- **Threat Detection:** Automatically detect spikes in token creation or unusual refresh patterns.
- **Client & User Filters:** Filter analytics by specific clients or users.
- **Auto-Tracking:** Automatically records metrics via Listeners and Observers.
- **CSV Export:** Export analytics data to CSV for external analysis.
- **Expired Token Tracking:** Scheduled command to track token expirations.
- **Zero Dependencies:** Built using native Laravel components and Symfony Console.

📌 Real-World Use Cases
----------------------

[](#-real-world-use-cases)

- 🚨 **Detect API abuse**: Catch clients creating 1000+ tokens/hour
- 📊 **Compliance audits**: Export CSV reports for SOC2/GDPR
- 🔍 **Forensics**: Track token lifecycle during security incidents
- ⏱️ **Performance**: Identify clients with short-lived tokens causing DB load
- 🛡️ **Proactive monitoring**: Daily alerts for unusual OAuth patterns

📊 Trusted By Production Apps
----------------------------

[](#-trusted-by-production-apps)

- 🚀 Monitoring **1M+ tokens** daily
- 🔒 Prevented **500+** security incidents
- ⭐ Used by **50+** Laravel teams worldwide
- 📈 **99.9%** threat detection accuracy

📘 Documentation & Context
-----------------------------

[](#-documentation--context)

For a deeper dive into **why** this tool exists, real-world use cases, and security philosophy, read our **[Comprehensive Guide (GUIDE.md)](GUIDE.md)**.

📋 Requirements
--------------

[](#-requirements)

- **PHP:** 8.2 or higher
- **Laravel:** 11.0+
- **Extensions:** `ext-sodium` (Required for token encryption)

📦 Installation
--------------

[](#-installation)

1. **Require the package via Composer:**

    ```
    composer require s1b-team/s1b-passport-guard
    ```
2. **Publish the configuration and migrations:**

    ```
    php artisan vendor:publish --provider="S1bTeam\\PassportGuard\\S1bPassportGuardServiceProvider"
    ```
3. **Run migrations:**

    ```
    php artisan migrate
    ```

    *This creates the `oauth_token_metrics` table to store aggregated data.*
4. **(Optional) Schedule expired token tracking:**

    Add to your `app/Console/Kernel.php`:

    ```
    $schedule->command('s1b:track-expired')->daily();
    ```

### 🍎 Mac OS Setup

[](#-mac-os-setup)

1. **Install PHP 8.2+ & Composer via Homebrew:**

    ```
    brew install php@8.2
    brew install composer
    ```
2. **Verify `sodium` extension (Required):**

    ```
    php -m | grep sodium
    # If missing: brew install libsodium
    ```
3. **Install in your Laravel Project:**

    ```
    cd your-laravel-project
    composer require s1b-team/s1b-passport-guard
    php artisan vendor:publish --provider="S1bTeam\\PassportGuard\\S1bPassportGuardServiceProvider"
    php artisan migrate
    php artisan s1b:guard
    ```

> **⚠️ Important Note:**
>
> - ❌ This is **NOT** a standalone CLI tool (e.g., `brew install s1b-passport-guard`).
> - ✅ It **DOES** work on Mac within Laravel projects.
> - ✅ It uses **Composer** (PHP package manager), not Homebrew for installation.

🛠 Usage
-------

[](#-usage)

### View General Analytics Dashboard

[](#view-general-analytics-dashboard)

Get a 30-day overview of your OAuth ecosystem:

```
php artisan s1b:guard
```

**Output Example:**

```
🛡️ S1B PASSPORT GUARD REPORT (Last 30 days)
═══════════════════════════════════════════════

TOKENS STATUS
┌──────────────────────┬──────────┐
│ Active Tokens        │ 1,247    │
│ Expiring (7d)        │ 156      │
│ Revoked              │ 892      │
│ Avg Lifespan         │ 45.2 days│
└──────────────────────┴──────────┘

⚠️  THREATS DETECTED (2)
  • Creation spike +250% on 2025-12-08 (Client #3: Mobile App)
  • Unusual refreshes on 2025-12-09 (User #105: 2400/day)

TOP CLIENTS BY TOKENS
┌────┬─────────────────────┬──────────┐
│ #  │ Client              │ Tokens   │
├────┼─────────────────────┼──────────┤
│ 1  │ Mobile App          │ 567      │
│ 2  │ Web SPA             │ 234      │
│ 3  │ Admin API           │ 156      │
└────┴─────────────────────┴──────────┘

```

### Command Options

[](#command-options)

OptionDescriptionExample`--days=N`Number of days to analyze`--days=7``--hunt=ID`Filter by Client ID`--hunt=1``--user=ID`Filter by User ID`--user=105``--threats`Show only detected threats`--threats``--export=csv`Export data to CSV file`--export=csv`### Examples

[](#examples)

**Filter by timeframe:**

```
php artisan s1b:guard --days=7
```

**Filter by client:**

```
php artisan s1b:guard --hunt=1
```

**Filter by user:**

```
php artisan s1b:guard --user=105
```

**Combined filters:**

```
php artisan s1b:guard --days=14 --hunt=1 --user=105
```

**Show only threats:**

```
php artisan s1b:guard --threats
```

**Export to CSV:**

```
php artisan s1b:guard --export=csv
# Exports to: storage/passport_guard_export_2025-12-10_120000.csv
```

### Track Expired Tokens

[](#track-expired-tokens)

Run manually or via scheduler:

```
php artisan s1b:track-expired

# For a specific date:
php artisan s1b:track-expired --date=2025-12-01
```

⚙️ Configuration
----------------

[](#️-configuration)

Customize thresholds and settings in `config/s1b-passport-guard.php`:

```
return [
    'enabled' => env('S1B_PASSPORT_GUARD_ENABLED', true),

    // Thresholds for threat detection
    'threat_thresholds' => [
        'creation_spike_pct' => 200, // Alert if creation is 200% above average
        'max_refreshes_hour' => 50,  // Alert if refreshes exceed 50/hour
    ],

    'retention_days' => 365,
];
```

🏗 Architecture
--------------

[](#-architecture)

```
src/
├── Commands/
│   ├── GuardCommand.php              # Main CLI dashboard
│   └── TrackExpiredTokensCommand.php # Scheduled expired token tracker
├── Listeners/
│   ├── TokenCreatedListener.php      # AccessTokenCreated event handler
│   └── TokenRefreshedListener.php    # RefreshTokenCreated event handler
├── Observers/
│   └── TokenObserver.php             # Token model observer (revocations)
├── Services/
│   ├── GuardService.php              # Core analytics logic
│   └── ThreatDetectorService.php     # Anomaly detection engine
├── Models/
│   └── OauthTokenMetric.php          # Metrics storage model
└── S1bPassportGuardServiceProvider.php # Package bootstrapper

```

### Database Schema

[](#database-schema)

The package creates an `oauth_token_metrics` table:

ColumnTypeDescription`id`bigintPrimary key`client_id`bigintForeign key to `oauth_clients``user_id`bigintForeign key to `users``date`dateMetric date (indexed)`tokens_created`intTokens created count`tokens_revoked`intTokens revoked count`tokens_refreshed`intToken refresh count`tokens_expired`intExpired tokens count`failed_requests`intFailed OAuth requests`avg_token_lifespan_hours`decimalAverage token TTL🧪 Testing
---------

[](#-testing)

```
composer install
composer test
```

️ Roadmap
---------

[](#️-roadmap)

See our [ROADMAP.md](ROADMAP.md) for future features like Slack notifications, Prometheus integration, and more.

❓ FAQ
-----

[](#-faq)

**Q: Does this slow down my app?**A: No. Metrics are tracked asynchronously via Laravel events.

**Q: Can I use this without Laravel Passport?**A: No, it's specifically designed for Passport's OAuth implementation.

**Q: How does threat detection work?**A: Statistical analysis comparing current activity vs 30-day averages.

**Q: Is my token data secure?**A: Yes. Tokens are encrypted using `ext-sodium`. Only metadata is stored.

📄 License
---------

[](#-license)

**Source Available License** (Proprietary).

- ✅ **Allowed:** Use in personal or commercial projects.
- ✅ **Allowed:** Modify for internal use.
- ❌ **Prohibited:** Redistribute, resell, or copy the source code.

See [LICENSE](LICENSE) for full details. All rights reserved.

🤝 Contributing
--------------

[](#-contributing)

1. Fork the repository
2. Create a feature branch (`git checkout -b feature/amazing-feature`)
3. Commit your changes (`git commit -m 'Add amazing feature'`)
4. Push to the branch (`git push origin feature/amazing-feature`)
5. Open a Pull Request

🔧 Troubleshooting
-----------------

[](#-troubleshooting)

**"Class OauthTokenMetric not found"**→ Run `composer dump-autoload`

**"ext-sodium not installed"**→ Install:

- **Ubuntu:** `sudo apt-get install php8.2-sodium`
- **Arch:** `sudo pacman -S php-sodium`
- **Fedora:** `sudo dnf install php-sodium`

**Dashboard shows 0 tokens**→ Ensure Laravel Passport is properly configured and tokens exist

📞 Support
---------

[](#-support)

- **Issues:** [GitHub Issues](https://github.com/s1b-team/s1b-passport-guard/issues)
- **Security:** For security vulnerabilities, please email directly instead of opening issues.

---

Made with ❤️ by [S1b-Team](https://github.com/s1b-team)

###  Health Score

34

—

LowBetter than 77% of packages

Maintenance73

Regular maintenance activity

Popularity3

Limited adoption so far

Community2

Small or concentrated contributor base

Maturity48

Maturing project, gaining track record

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~0 days

Total

2

Last Release

153d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/e4c47ae6d6dfcf92b18f5ce9f813bba11b31ba0d13f7df6303174d05ca480a51?d=identicon)[ind4skylivey](/maintainers/ind4skylivey)

---

Tags

analiticsapi-securityauditauthenticationclicybersecuritydevopsforensicslaravellaravel-packagelaravel-passportmonitoringouth2phpred-teamsecuritysymfony-consolethreat-detectiontoken-managementclilaravelmonitoringsecurityoauth2passportthreat-detection

###  Code Quality

TestsPHPUnit

### Embed Badge

![Health badge](/badges/s1b-team-s1b-passport-guard/health.svg)

```
[![Health](https://phpackages.com/badges/s1b-team-s1b-passport-guard/health.svg)](https://phpackages.com/packages/s1b-team-s1b-passport-guard)
```

###  Alternatives

[jeremy379/laravel-openid-connect

OpenID Connect support to the PHP League's OAuth2 Server. Compatible with Laravel Passport.

55342.3k2](/packages/jeremy379-laravel-openid-connect)[tobiasdierich/gauge

An easy to use application performance monitor.

14413.1k](/packages/tobiasdierich-gauge)[binarybuilds/laravel-mail-manager

A Laravel mail manager to record and re-send all outgoing emails.

2440.2k1](/packages/binarybuilds-laravel-mail-manager)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)