PHPackages                             whilesmart/laravel-oauth-apps - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. whilesmart/laravel-oauth-apps

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

whilesmart/laravel-oauth-apps
=============================

Package for managing app authentication across our projects

v1.0.2(9mo ago)0111MITPHPCI passing

Since May 20Pushed 7mo agoCompare

[ Source](https://github.com/whilesmartphp/laravel-oauth-apps)[ Packagist](https://packagist.org/packages/whilesmart/laravel-oauth-apps)[ RSS](/packages/whilesmart-laravel-oauth-apps/feed)WikiDiscussions dev Synced 1mo ago

READMEChangelog (1)Dependencies (8)Versions (13)Used By (0)

WhileSmart Laravel Oauth Apps Package
=====================================

[](#whilesmart-laravel-oauth-apps-package)

A Laravel package providing out-of-the-box authentication for applications and API key management.

Features
--------

[](#features)

- **Application Management:**
    - Users (managed by an external system) can register and manage their applications.
    - Each application gets a unique ID.
- **API Key Generation and Revocation:**
    - Users can generate API keys for their applications.
    - API keys have configurable expiration dates.
    - Ability to revoke API keys.
- **API Key Authentication:**
    - Middleware to protect API routes using API keys.
- **OpenAPI Documentation:**
    - Easily generate API documentation using packages like `l5-swagger`.
- **Configurable Settings:**
    - Easily customize settings via a configuration file.

Installation
------------

[](#installation)

### 1. Require the package

[](#1-require-the-package)

```
$ composer require whilesmart/laravel-oauth-apps
```

This package uses Laravel/passport. Please run the command below if you do not yet have passport configured

```
$ php artisan install:api --passport
```

Additionally, this command will ask if you would like to use UUIDs as the primary key value of the Passport Client model instead of auto-incrementing integer . Select UUID

Or simply run

```
$ php artisan passport:install --uuids
```

### 2. Publish the configuration and migrations:

[](#2-publish-the-configuration-and-migrations)

You do not need to publish the migrations and configurations except if you want to make modifications. You can choose to publish the migrations, routes, controllers separately or all at once.

#### 2.1 Publishing only the routes

[](#21-publishing-only-the-routes)

Run the command below to publish only the routes.

```
$ php artisan vendor:publish --tag=laravel-oauth-apps-routes
$ php artisan migrate
```

The routes will be available at `routes/oauth-apps.php`. If `register_routes` in `config/oauth-apps.php`is `true` (default), the routes will be automatically registered with the defined `route_prefix` (default `api`). If you wish to disable auto-registration and manually control the route definition, set `register_routes` to `false` in your config and then `require 'oauth-apps.php';` in your `api.php` file.

```
require 'oauth-apps.php';
```

#### 2.2 Publishing only the migrations

[](#22-publishing-only-the-migrations)

+If you would like to make changes to the migration files, run the command below to publish only the migrations.

```
$ php artisan vendor:publish --tag=laravel-oauth-apps-migrations
$ php artisan migrate
```

The migrations will be available in the `database/migrations` folder.

#### 2.3 Publish only the controllers

[](#23-publish-only-the-controllers)

To publish the controllers, run the command below

```
$ php artisan vendor:publish --tag=laravel-oauth-apps-controllers
$ php artisan migrate
```

The controllers will be available in the `app/Http/Controllers/Api/Auth` directory. Finally, change the namespace in the published controllers to your namespace.

#### Note: Publishing the controllers will also publish the routes. See section 2.1

[](#note-publishing-the-controllers-will-also-publish-the-routes-see-section-21)

#### 2.4 Publish the config

[](#24-publish--the-config)

To publish the config, run the command below

```
php artisan vendor:publish --tag=laravel-app-authentication-config
```

The config file will be available in the `config/oauth-apps.php`. The config file has the folowing variables:

- `register_routes`: Default `true`. Auto registers the routes. If you do not want to auto-register the routes, set the value to `false
- `route_prefix`: Default `api`. Defines the prefix for the auto-registered routes.

#### 2.5 Publish Locals

[](#25-publish-locals)

```
php artisan vendor:publish --tag=laravel-oauth-apps-locals
```

The locales will be available in the `resources/lang//oauth-apps.php`.

#### 2.6 Publish OpenAPI Documentations

[](#26-publish-openapi-documentations)

```
php artisan vendor:publish --tag=laravel-oauth-apps-docs
```

The documentation will be available in the `app/Http/Interfaces` directory.

#### 2.7 Publish everything

[](#27-publish-everything)

To publish the migrations, routes and controllers, you can run the command below

```
$ php artisan vendor:publish --tag=laravel-oauth-apps
$ php artisan migrate
```

#### Note: See section 2.1 above to make the routes accessible

[](#note-see-section-21-above-to-make-the-routes-accessible)

3. **Optional: OpenAPI Documentation:**

    - Install and configure an OpenAPI package (e.g., `darkaonline/l5-swagger`).
    - Add necessary annotations to your controllers.

Configuration
-------------

[](#configuration)

- The configuration file `config/oauth-apps.php` allows you to customize various settings

Usage
-----

[](#usage)

### API Endpoints

[](#api-endpoints)

After installation, the following API endpoints will be available:

- **Application Management:**
    - `POST /api/apps`: Create a new application.
    - `GET /api/apps`: List user's applications.
    - `DELETE /api/apps/{app}`: Delete an application.
- **API Key Management:**
    - `POST /apps/{app}/api-keys`: Generate a new API key.
    - `DELETE /apps/{app}/api-keys/{apiKey}`: Revoke an API key.
    - `POST /apps/{app}/regenerate-secret`: Regenerate app secret.

### Example API Key Generation Request

[](#example-api-key-generation-request)

POST /apps/{app}/api-keys

(Where `{app}` is the id of the app)

### API Key Authentication

[](#api-key-authentication)

Add the `Whilesmart\LaravelOauthApps\Http\Middleware\EnforceHeaderAuth` middleware to your `Kernel.php` if you are using Laravel &lt;11

```
    protected $routeMiddleware = [
        ...,
        'AuthenticateApiKey' => \Whilesmart\LaravelOauthApps\Http\Middleware\EnforceHeaderAuth::class,
    ];
```

or `bootstrap/app.php` if you are using Laravel 11+

```
return Application::configure(basePath: dirname(__DIR__))
    ->withRouting(
    web: __DIR__.'/../routes/web.php',
        // api: __DIR__.'/../routes/api.php',
        commands: __DIR__.'/../routes/console.php',
        // channels: __DIR__.'/../routes/channels.php',
        health: '/up',
    )
    ->withMiddleware(function (Middleware $middleware) {
        ...
        $middleware->alias(['auth.api.key'=> \Whilesmart\LaravelOauthApps\Http\Middleware\EnforceHeaderAuth::class]);

    })
    ->withExceptions(function (Exceptions $exceptions) {
        //
    })->create();
```

To protect your API routes, use the `auth.api.key` middleware. Applications authenticate using the API Keys.

```
// routes/api.php
Route::middleware('auth.api.key')->group(function () {
    // Your protected routes here
      Route::get('/test-auth-app', function (Request $request) {
            return response()->json($request->app);
        });
});
```

To use the API, provide the id generated for the application in the **X-Client-ID** header, and the secret in the \* *X-Client-Secret*\*

Use `$request->app` to get the app object in your controllers.

Please feel free to contribute by submitting pull requests or reporting issues.

### License

[](#license)

This package is open-source software licensed under the [MIT license](LICENSE.md)

###  Health Score

32

—

LowBetter than 72% of packages

Maintenance60

Regular maintenance activity

Popularity10

Limited adoption so far

Community8

Small or concentrated contributor base

Maturity44

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 54.8% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~36 days

Total

3

Last Release

286d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/a1ca6f6e01ecbfe6640ff410c4f0321054fb48d05a5f843c2b89887b90369bcd?d=identicon)[whilesmart](/maintainers/whilesmart)

---

Top Contributors

[![kofimokome](https://avatars.githubusercontent.com/u/21100923?v=4)](https://github.com/kofimokome "kofimokome (17 commits)")[![nfebe](https://avatars.githubusercontent.com/u/14317775?v=4)](https://github.com/nfebe "nfebe (14 commits)")

###  Code Quality

Code StyleLaravel Pint

### Embed Badge

![Health badge](/badges/whilesmart-laravel-oauth-apps/health.svg)

```
[![Health](https://phpackages.com/badges/whilesmart-laravel-oauth-apps/health.svg)](https://phpackages.com/packages/whilesmart-laravel-oauth-apps)
```

###  Alternatives

[dusterio/lumen-passport

Making Laravel Passport work with Lumen

6511.3M9](/packages/dusterio-lumen-passport)[corbosman/laravel-passport-claims

Add claims to Laravel Passport JWT Tokens

88655.9k](/packages/corbosman-laravel-passport-claims)[smartins/passport-multiauth

Add support to multi-auth on Laravel Passport

285324.2k1](/packages/smartins-passport-multiauth)[coderello/laravel-passport-social-grant

Social Grant for Laravel Passport

179607.4k3](/packages/coderello-laravel-passport-social-grant)[jeremy379/laravel-openid-connect

OpenID Connect support to the PHP League's OAuth2 Server. Compatible with Laravel Passport.

55342.3k2](/packages/jeremy379-laravel-openid-connect)[adaojunior/passport-social-grant

Social grant for Laravel Passport

116279.2k1](/packages/adaojunior-passport-social-grant)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)