PHPackages xcoorp/laravel-passport-control - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. xcoorp/laravel-passport-control ActiveLibrary[Authentication & Authorization](/categories/authentication) xcoorp/laravel-passport-control =============================== Resource Server package for Laravel Passport. v2.0.1(1mo ago)21.6k[4 PRs](https://github.com/xcoorp/laravel-passport-control/pulls)MITPHPPHP ^8.3 || ^8.4 || ^8.5CI passing Since Jun 25Pushed 1mo ago2 watchersCompare [ Source](https://github.com/xcoorp/laravel-passport-control)[ Packagist](https://packagist.org/packages/xcoorp/laravel-passport-control)[ Docs](https://github.com/xcoorp/laravel-passport-control)[ RSS](/packages/xcoorp-laravel-passport-control/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (5)Dependencies (36)Versions (19)Used By (0) [![Software License](https://camo.githubusercontent.com/55c0218c8f8009f06ad4ddae837ddd05301481fcf0dff8e0ed9dadda8780713e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](LICENSE)[![Laravel Version Requirements](https://camo.githubusercontent.com/73c83946578ddecab24143fda06e6c6ffeaa1ec9bb2e209776e011ff4e0ef460/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c61726176656c2d7e31312e302d677261793f6c6f676f3d6c61726176656c267374796c653d666c61742d737175617265266c6162656c436f6c6f723d463035333430266c6f676f436f6c6f723d7768697465)](composer.json) Introduction ------------ [](#introduction) Passport Control is a Laravel Passport compatible, OAuth2 resource server package. This package is meant to be used in a Laravel application that is acting as a [Resource Server](https://www.oauth.com/oauth2-servers/the-resource-server/)**only** e.g. an API server that is meant to authenticate against an Authentication Server running [Laravel Passport](https://laravel.com/docs/11.x/passport). This project does not depend on the Laravel Passport package itself, but it does share some of the same concepts and interfaces. Table of Contents ----------------- [](#table-of-contents) - [Installation](#installation) - [Pre-requisites](#pre-requisites) - [Composer](#composer) - [Configuration](#configuration) - [Usage](#usage) - [Advanced Usage](#advanced-usage) - [Testing](#testing) - [Code of Conduct](#code-of-conduct) - [License](#license) Installation ------------ [](#installation) The installation of this package is quite straightforward. But before you start, make sure you have the pre-requisites in place. ### Pre-requisites [](#pre-requisites) This package assumes, you have already installed and configured Laravel Passport in your Laravel application. Once you have done this, you need to create a new client with client credentials grant type **on your Passport Server**. Follow the [official Laravel Passport documentation](https://laravel.com/docs/11.x/passport#client-credentials-grant-tokens) on how to do this. Once you have done this, set the `PASSCONTROL_INTROSPECTION_CLIENT_ID` and `PASSCONTROL_INTROSPECTION_CLIENT_SECRET` environment variables accordingly. As of now, Laravel does not Ship with an introspection endpoint. So you need to create one manually. You can do this by installing the [Laravel Passport Introspection](https://github.com/xcoorp/laravel-passport-introspection)package **on your Passport Server**: ``` composer require xcoorp/laravel-passport-introspection ``` Once you have done this an introspection Endpoint will be available for your Laravel application, you can now continue with the installation of this package. Tip If you need more information on how to install and configure the introspection package, check out its [documentation](https://github.com/xcoorp/laravel-passport-introspection/README.md). ### Composer [](#composer) You can simply install the package via composer: ``` composer require xcoorp/laravel-passport-control ``` Once the package is installed, you should publish the configuration and migration files: ``` php artisan vendor:publish --provider="XCoorp\PassportControl\PassportControlServiceProvider" ``` and run the migrations: ``` php artisan migrate ``` ### Configuration [](#configuration) This package comes with a configuration file that you can and should customize to your needs. The configuration file is located at `config/passport-control.php`. All configuration options (except the User Model) can be also configured via environment variables instead of the configuration file. The following Environment variables are available: Environment VariableValueDefaultPASSCONTROL\_INTROSPECTION\_ENDPOINTThe Introspection Endpoint URL. Usually $YOUR\_PASSPORT\_SERVER/oauth/introspectPASSCONTROL\_ACCESS\_TOKEN\_ENDPOINTThe Token Endpoint URL to receive a new access token. Usually $YOUR\_PASSPORT\_SERVER/oauth/tokenPASSCONTROL\_ACCESS\_TOKEN\_CLIENT\_IDClient Id needed to get the access token for introspection. Check [Pre-requisites](#pre-requisites) for more information.PASSCONTROL\_ACCESS\_TOKEN\_CLIENT\_SECRETClient Secret needed to get the access token for introspection. Check [Pre-requisites](#pre-requisites) for more information.PASSCONTROL\_ACCESS\_TOKEN\_SCOPESScopes to request from the authentication server when requesting the access token above (comma separated)introspectPASSCONTROL\_PUBLIC\_KEY\_PATHPath where the public key file `oauth-public.key` is stored. NOTE: Specify the path without the filename.Laravel Storage Path (storage)PASSCONTROL\_INHERIT\_SCOPESIn Laravel Passport, you can configure that the scopes are inherited from the parent client, set to true if you have passport configured that way.FalsePASSCONTROL\_CACHE\_STORECache Storage used for storing the Client Credential Access Token`CACHE_STORE`, filePASSCONTROL\_CACHE\_PREFIXCache Prefix used for storing the Client Credential Access Tokenxcoorp\_passcontrol\_PASSCONTROL\_CACHE\_INTROSPECTION\_RESULTCache Introspection Endpoint results to a token for the given time (but never longer then the tokens expiry)null (Don't cache)Usage ----- [](#usage) After you have installed and configured the package, you need to configure your auth guard to be passport\_control. In your `config/auth.php` file, you can add a new guard configuration like this: ``` 'guards' => [ 'api' => [ 'driver' => 'passport_control', 'provider' => 'users', ], ], ``` That's it, now you can protect your API routes as usual by using the `auth:api` middleware. ``` Route::middleware('auth:api')->get('/user', function (Request $request) { return $request->user(); }); ``` You should also check out the middlewares provided by this package: - `CheckScopes` - Check if the authenticated user's token has the given scopes. ### Advanced Usage [](#advanced-usage) This package makes use of Laravel's Dependency Injection, so you can easily override the default classes used by this package, for example custom user resolvers (for creating users when they do not exist in your db yet) or custom Token class if you need to extend the default functionality. Checkout the `PassportControlServiceProvider` class for more information. It is possible to send a custom request to the Authentication Server's API if you need to inside your app. You can archive this by using the `XCoorp\PassportControl\Clients\AuthServerClient` class. e.g ``` // Get all users from the Authentication Server API Endpoint $client = new \XCoorp\PassportControl\Clients\AuthServerClient(); // request() will return a PendingRequest instance, with the access token and baseURL already set $response = $client->request()->get('/api/users'); ``` Testing ------- [](#testing) Functionality of this package is tested with [Pest PHP](https://pestphp.com/). You can run the tests with: ``` composer test ``` Code of Conduct --------------- [](#code-of-conduct) In order to ensure that the community is welcoming to all, please review and abide by the [Code of Conduct](CODE_OF_CONDUCT.md). Security Vulnerabilities ------------------------ [](#security-vulnerabilities) Please review the [security policy](SECURITY.md) on how to report security vulnerabilities. License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE) for more information. ### Health Score 50 — FairBetter than 96% of packages Maintenance89 Actively maintained with recent releases Popularity21 Limited adoption so far Community10 Small or concentrated contributor base Maturity66 Established project with proven stability Bus Factor1 Top contributor holds 59.1% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~63 days Recently: every ~76 days Total 11 Last Release 54d ago Major Versions v1.1.1 → v2.0.0-alpha2025-02-24 PHP version history (3 changes)v1.0.0PHP ^8.3 v2.0.0-alpha.2PHP ^8.3 || ^8.4 v2.0.1PHP ^8.3 || ^8.4 || ^8.5 ### Community Maintainers ![](https://www.gravatar.com/avatar/d6703727b3960b7f58325c28bc4b209acd71c4499d383759fc8397db50691a17?d=identicon)[toitzi](/maintainers/toitzi) --- Top Contributors [![toitzi](https://avatars.githubusercontent.com/u/42447585?v=4)](https://github.com/toitzi "toitzi (13 commits)")[![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)](https://github.com/github-actions[bot] "github-actions[bot] (9 commits)") --- Tags laraveloauthpassportresource-serverlaraveloauthpassportresource server ### Code Quality Code StyleLaravel Pint ### Embed Badge ![Health badge](/badges/xcoorp-laravel-passport-control/health.svg) ``` [![Health](https://phpackages.com/badges/xcoorp-laravel-passport-control/health.svg)](https://phpackages.com/packages/xcoorp-laravel-passport-control) ``` ### Alternatives [laravel/passport Laravel Passport provides OAuth2 server support to Laravel. 3.4k85.0M532](/packages/laravel-passport)[tymon/jwt-auth JSON Web Token Authentication for Laravel and Lumen 11.5k49.1M350](/packages/tymon-jwt-auth)[aedart/athenaeum Athenaeum is a mono repository; a collection of various PHP packages 255.2k](/packages/aedart-athenaeum)[php-open-source-saver/jwt-auth JSON Web Token Authentication for Laravel and Lumen 8359.8M53](/packages/php-open-source-saver-jwt-auth)[alajusticia/laravel-logins Session management in Laravel apps, user notifications on new access, support for multiple separate remember tokens, IP geolocation, User-Agent parser 2011.0k](/packages/alajusticia-laravel-logins) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)