PHPackages tzm/authorizator - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. tzm/authorizator ActiveLibrary[Authentication & Authorization](/categories/authentication) tzm/authorizator ================ This is an easy to use, powerful and extendable Laravel package for authorization user actions via custom channels. v1.0.8(5y ago)21531MITPHPPHP ^7.2 Since Feb 6Pushed 5y ago2 watchersCompare [ Source](https://github.com/zmudzinski/authorizator)[ Packagist](https://packagist.org/packages/tzm/authorizator)[ Docs](https://github.com/zmudzinski/authorizator)[ RSS](/packages/tzm-authorizator/feed)WikiDiscussions master Synced 6d ago READMEChangelogDependencies (1)Versions (10)Used By (0) Authorizator ============ [](#authorizator) [![stable](https://camo.githubusercontent.com/4fde409f329b6efec5df08f8a6cbed5c62068f196a933040cf279b1172d2c88e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f762f7461672f7a6d75647a696e736b692f617574686f72697a61746f723f6c6162656c3d737461626c65267374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/4fde409f329b6efec5df08f8a6cbed5c62068f196a933040cf279b1172d2c88e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f762f7461672f7a6d75647a696e736b692f617574686f72697a61746f723f6c6162656c3d737461626c65267374796c653d666c61742d737175617265)[![PHP from Packagist](https://camo.githubusercontent.com/566a746c8dfe86123b6f8551b8b0e84f70026876bf33efe9db00914b30cdbffe/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f6c61726176656c2f6c61726176656c3f7374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/566a746c8dfe86123b6f8551b8b0e84f70026876bf33efe9db00914b30cdbffe/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f6c61726176656c2f6c61726176656c3f7374796c653d666c61742d737175617265)[![Laravel version](https://camo.githubusercontent.com/c70e78f9e235a52e86887febafd6e39c5e3af24d851eccec2220eb33fe0bb0ef/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c61726176656c2d253345253344352e382d7265643f7374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/c70e78f9e235a52e86887febafd6e39c5e3af24d851eccec2220eb33fe0bb0ef/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f4c61726176656c2d253345253344352e382d7265643f7374796c653d666c61742d737175617265)[![GitHub issues](https://camo.githubusercontent.com/e03319fb78dc55182f336f64dd5a3f928390b63908279cef26470ea38128b263/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6973737565732f7a6d75647a696e736b692f617574686f72697a61746f723f7374796c653d666c61742d737175617265)](https://camo.githubusercontent.com/e03319fb78dc55182f336f64dd5a3f928390b63908279cef26470ea38128b263/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6973737565732f7a6d75647a696e736b692f617574686f72697a61746f723f7374796c653d666c61742d737175617265) This is an easy to use, tested, powerful and extendable Laravel package for the authorization of user actions via custom channels. It works by delivering an authorization code to the user (for e.g. via sms or e-mail) and then verifing it. You can configure as many channels as you want. Each action can provide any channel configuration. Blade template and VUE component included. **Using this package you can define separate actions such as: two factor authorization, deleting account, authorizing transaction etc. by custom code delivery channels (for eg. SMS, e-mail etc.).** [![animated_demo](.images/animation.gif)](.images/animation.gif) Examples of use: - two factor authorization, - authorize user data change, - confirm transactions, - confirm deleting account, - confirm phone number, - **any other actions that requires user authorization by separate channels like e-mail, sms, voice call, etc.** Table of contents ----------------- [](#table-of-contents) - [Installation](#installation) - [How it works](#how-it-works) - [How it works in details](#how-it-works-in-details) - [Create authorization by POST method](#create-authorization-by-post-method) - [How to use](#how-to-use) - [Preparations](#preparations) - [Create code delivery channel](#create-code-delivery-channel) - [Create an authorization](#create-an-authorization-action) - [Make it works](#make-it-works) - [Customization](#customization) - [Migration](#migrations) - [Routing](#routing) - [Blade View](#blade-view) - [Return HTTP code instead of Blade View](#return-http-code-instead-of-blade-view) - [vue component](#vue-component) - [Localization](#localization) - [Delete expired codes](#delete-expired-codes) - [Contributing](#contributing) - [Feedback](#feedback) - [License](#license) Installation ------------ [](#installation) Add package by composer `composer require tzm/authorizator` To learn how to configure the package go to [How to use](#how-to-use) section How it works ------------ [](#how-it-works) Flow of package is presented on image below: [![flowchart](.images/flowchart.png)](.images/flowchart.png) 1. If action provided by user, needs additional authorization occurs, the form is displayed. **User must be logged in** (Of course you can implement your own logic). 2. User chooses the channel (each Action can have own Channels, by default you can use one or as many channels as you want. 3. Code is generated and send via given channel to a user. 4. A user enters the code. 5. After a successful validation of the code the custom action is executed. ### How it works in details [](#how-it-works-in-details) To understand package workflow let's get deeper into details. There are two types of classes that need to provide `Tzm\Authorizator\Service\AuthorizatorAction` and `Tzm\Authorizator\Service\AuthorizatorChannels\Channel`. First one is responsible for handling the given action of authorization. In this class you will set the action that will be executed after successful verification of the authorization code. This class also has the information about the return path after validation, code time expiration and allowed channels. The second one provides code delivery channel like e-mail, SMS, etc. It contains a method that delivers the authorization code to the user. Both can be created by artisan command: ``` php artisan authorizator:make-action ``` ``` php artisan authorizator:make-channel ``` Out of the box this package comes with vue component. This component has all forms and methods. There are two endpoints: `authorization/send` and `authorization/check` (both use `POST` method). These endpoints are in `Tzm\Authorizator\Controller\AuthorizationController`. There is also `authorization/create` endpoint but this we will discussed later. In the Controller in which authorization is requested (or any other place like middleware etc.) new authorization in database is created. This happens by executing static method `Transaction::createAuth()`. The `Transaction` object extends `Tzm\Authorizator\Service\AuthorizatorAction` class. Also new variable is stored in user session (with default name `_authorizator_uuid` and contains `uuid` form database). Next by `response()` method the view is returned to user. So, simply the Controller will looks like: ``` use App\Services\AuthorizationActions\Transaction; class TransactionController extends Controller { public function create() { return Transaction::createAuth()->response(); } } ``` **Notice:** `Transaction` class inherit `Tzm\Authorizator\Service\AuthorizatorAction`. You can also specify response type (Blade view or Http response code). Basically you can set property `$shouldReturnView` to false to recieve the responde code `201` or you can use `setResponseAsView(bool $shouldReturnView)` method. In the vue component user chooses delivery channel (if there is more than one). Request is sent to `authorization/send` endpoint by `POST` method. Next, code is delivered to the user, by a method `sendMessage()` from inherited class of `Tzm\Authorizator\Service\AuthorizatorChannel\Channel`. This is done by `authorization/send` endpoint. User enters this code into form. If code is valid (`authorization/check` endpoint), it is set in database as used (column `verified_at` is set to current time). Finally, the `afterAuthorization()` from inherited `Tzm\Authorizator\Service\AuthorizatorAction` class is executed. This is the most important action in this package. In this method you write the code that will be run after successful validation of the code. #### Create authorization by POST method [](#create-authorization-by-post-method) If your application needs to create a new authorization code by `POST` method you can use `authorization/create` endpoint. In your `POST` request you have to add a `class` parameter with name of class extending `AuthorizatorAction`. How to use ---------- [](#how-to-use) ### Preparations [](#preparations) **NOTICE!** *Out of the box this package uses vue component as default but if you don't wont use vue.js as your frontend framework you can create your own form handler.* To use vue component that handles authorization, declare in `app.js` package's `.vue` file: ``` Vue.component('authorizator-form', require('../../vendor/tzm/authorizator/src/resources/js/components/AuthorizatorForm').default); ``` Don't forget to run `npm run watch` to generate assets! Notice that your application needs to use vue.js: . Read more about customization package in [Customization](#customization) section. ### Create code delivery channel [](#create-code-delivery-channel) You can add an example channel class by Artisan command: ``` php artisan authorizator:make-channel ``` This class will appear in `app\Authorizator\Channels` folder. Note that channel class must extend `Tzm\Authorizator\Service\AuthorizatorChannels\Channel` abstract class otherwise `AuthorizatorException` will be thrown. This class requires three methods: - `getChannelDescription()` - will generate description of current channel, f.ex. it could be generated from localization `.json` file. It will be shown in channel choose form in the radio label. - `getChannelName()` - returns channel name. It will be displayed if there will be only one channel. - `sendMessage(User $user, $code)` - this method provide code delivery to the user. In this method you will handle how the code will be delivered to user. F.ex. if you want to send code by email you can use Laravel mail facade: `Mail::to($user)->send(new SendAuthorizationCode($code))`. ### Create an authorization action [](#create-an-authorization-action) Create a new Action by Artisan command: ``` php artisan authorizator:make-action ``` This class will appear in `app\Authorizator\Actions` folder. Class must declare method `afterAuthorization()`. This method will be called after successful authorization f.ex. a money transfer will be executed. By `getAuthorizationModel()` you can access to your `Authorization` model. Finally, you have to define `$allowedChannels` array contains name of code delivery channel classes that will be assign to this action f.ex.: ``` protected $allowedChannels = [ EmailChannel::class, SmsChannel::class, ]; ``` Furthermore you can set the code expiration time of in `$expiresInMinutes` property (it will be store in database) and in `$returnRoute` returning route (executed after successful authorization). If you want to generate custom code - override `generateCode()` method. Notice that if your app implements `User` model is in other namespace than `App\User` you can override method `AuthorizatorAction::getUser()`. ### Create view template [](#create-view-template) The package's view contains only form with vue component: ``` Authorization You have to verify this action. ``` So to implement it in your application you have to publish it: ``` php artisan vendor:publish --tag=authorizator.views ``` Finally, you can extends this view for your master template. Don't worry, this view is initialized in `AuthorizatorProvider` with name so there is no more action needed. ### Make it works [](#make-it-works) Finally, we have all required elements: delivery channel class, action class, Blade view and generated vue component. Now it's time to set it all. Create an example controller: ``` use App\Services\AuthorizationActions\Transaction; class TransactionController extends Controller { public function create() { return Transaction::createAuth()->response(); } } ``` Let's analyze the code. `Transaction` extends `Tzm\Authorizator\Service\AuthorizatorAction` class. In the public controller's method`create()` the `Transaction::createAuth()` method is executed. This will insert data to database and set `uuid` in session. Next method, returns default Blade view by `returnView()`. That's all! Now user can see the form and choose the authorization code deliver channel. After validation the method `afterAuthorization()` form `Transaction` class is executed. Working example is available here: ### Send code immediately [](#send-code-immediately) If you would like to create an authorization and send code immediately (e.g. controller) you can use `sendCode()` method from `AuthorizatorAction` class. E.g.: ``` VerifyPhoneAction::createAuth()->sendCode(SmsChannel::class) ``` This will create authorization and deliver the code by given channel (in ths case `SmsChannel`) Customization ------------- [](#customization) All elements of this package are customizable. ### Migrations [](#migrations) You can override migration by ``` php artisan vendor:publish --tag=authorizator.migrations ``` ### Routing [](#routing) By default package routes are protected by `auth` and `web` middleware. They are defined in package `routes.php` file. You can override them by `php artisan vendor:publish --tag=authorizator.routes`. Then you have to register new route file in `RouteServiceProvider` class. Add following method in `RouteServiceProvider`: ``` protected function mapAuthorizatorRoutes(){ Route::middleware('web') ->namespace($this->namespace) ->group(base_path('routes/authorizator.php')); } ``` Then call it in `map()` method by `$this->mapAuthorizatorRoutes();`: ``` public function map() { //... $this->mapAuthorizatorRoutes(); } ``` Next in `config/app.php` you have to change order in `providers` array. `\Tzm\Authorizator\AuthorizatorProvider::class` must be **before** `App\Providers\RouteServiceProvider::class`. Finally you have to pass a prop to vue component with new endpoints: ``` You have to verify this action. ``` ### Blade view [](#blade-view) Default Blade view is in `resource\views` folder. You have to publish this view to extend it to your master view: ``` php artisan vendor:publish --tag=authorizator.views ``` Blade view is using default Bootstrap framework. ### Return HTTP code instead of Blade View [](#return-http-code-instead-of-blade-view) Sometimes you need to return only HTTP response code instead of blade view (e.g. if you are use endpoints to generate authorization). To do so, add property `$shouldReturnView` to you Action and set to `false`. This will return HTTP response with code `201` instead of blade view. ### vue component [](#vue-component) Vue component is used in Blade view. It is responsible for handling whole authorization. You can use your own vue component. Use: ``` php artisan vendor:publish --tag=authorizator.vue ``` Next you have to update declaration in `app.js` declaration of component. **NOTICE!** There is no needs to use vue framework. If you want you can handle forms as you want. ### Localization [](#localization) All of strings from PHP are translatable. All you have to do is to create a language file in `resource/lang` folder f.ex. `pl.json` with content: ``` { "Code invalid": "Podany kod jest nieprawidłowy" } ``` If you want to translate strings from `AuthorizationForm.vue` you can pass a translated props to component. Delete expired codes -------------------- [](#delete-expired-codes) To remove all expired codes from database, simply use artisan command: ``` php artisan authorizator:purge ``` Contributing ------------ [](#contributing) 1. Fork it 2. Create your feature branch: git checkout -b my-new-feature 3. Commit your changes: git commit -am 'My new feature' 4. Push to the branch: git push origin my-new-feature 5. Submit a pull request Feedback -------- [](#feedback) If you have any questions or problems fell free to contact us. License ------- [](#license) MIT ### Health Score 28 — LowBetter than 54% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity14 Limited adoption so far Community9 Small or concentrated contributor base Maturity57 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~15 days Recently: every ~10 days Total 9 Last Release 2170d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/30274239?v=4)[Tomek Żmudziński](/maintainers/zmudzinski)[@zmudzinski](https://github.com/zmudzinski) --- Top Contributors [![zmudzinski](https://avatars.githubusercontent.com/u/30274239?v=4)](https://github.com/zmudzinski "zmudzinski (38 commits)") --- Tags 2fa2factorauthorizationchannelscodeemailemail-verificationlaravelsmssms-verificationtwo-factortwo-factor-authenticationverificationverifyverifycodelaravel2faauthorizationverificationauthorizatorcustom authorization ### Embed Badge ![Health badge](/badges/tzm-authorizator/health.svg) ``` [![Health](https://phpackages.com/badges/tzm-authorizator/health.svg)](https://phpackages.com/packages/tzm-authorizator) ``` ### Alternatives [ellaisys/aws-cognito AWS Cognito package that allows Auth and other related features using the AWS SDK for PHP 120220.7k1](/packages/ellaisys-aws-cognito)[awes-io/auth Laravel Authentication package with built-in two-factor (Authy) and social authentication (Socialite). 3826.7k1](/packages/awes-io-auth)[rinvex/laravel-authy Rinvex Authy is a simple wrapper for Authy TOTP, the best rated Two-Factor Authentication service for consumers, simplest 2fa Rest API for developers and a strong authentication platform for the enterprise. 3376.7k1](/packages/rinvex-laravel-authy) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)