How does bibrokhim/auth-gateway differ from Laravel Sanctum or Passport for API authentication?

This package abstracts auth logic into a single gateway layer, letting you mix guards (e.g., JWT + OAuth) without rewriting controllers. Sanctum/Passport focus on token-based auth for specific use cases, while this provides a unified API for all auth flows—login, logout, user resolution—making it easier to switch strategies later. It’s more modular for apps needing hybrid auth (e.g., API + session).

Can I use this package with Laravel 10 and PHP 8.2?

The package was last updated in August 2023 and targets Laravel’s core features, but explicit PHP 8.2 or Laravel 10 support isn’t documented. Test thoroughly with your stack, as compatibility depends on Laravel’s underlying auth system (e.g., `Auth::attempt()`). Check the `composer.json` constraints for minimum requirements. If issues arise, consider forking or contacting the maintainer.

Will this package conflict with Laravel’s built-in `users` table or `HasApiTokens`?

It may introduce additional tables (e.g., for tokens, roles) unless configured to reuse Laravel’s `users` table. Review the migrations and schema setup to avoid conflicts. If using Sanctum or Passport, disable their migrations to prevent duplicate token tables. The package is designed to coexist but requires manual alignment with your existing auth structure.

How do I integrate custom OAuth providers (e.g., Auth0, Okta) with this gateway?

The package follows a strategy pattern, so you’ll need to create a custom provider class extending its base classes (e.g., `OAuthProvider`). Implement the required methods like `getUserByToken()` and `revokeToken()`. Refer to the package’s provider examples or Laravel’s OAuth documentation for guidance. Test thoroughly with sandbox environments first.

Does this package support role/permission middleware like Laravel’s native `authorize()`?

Yes, it provides middleware for role/permission checks via the gateway API (e.g., `AuthGateway::authorize()`). You can attach it to routes like Laravel’s built-in middleware. However, ensure your permission logic aligns with Laravel’s `Gate` or `Policy` system if you’re mixing both. The package may require custom policies for complex permission hierarchies.

How do I handle token revocation or rate limiting in production?

Token revocation can be managed via the gateway’s `revokeToken()` method or by clearing cached tokens (if using Redis). Rate limiting isn’t built-in but can be added via Laravel’s `throttle` middleware or a custom decorator. For production, implement async revocation using Laravel Queues to avoid blocking requests. Monitor token expiration times and log revocation events for auditing.

Can I use this package in a microservices architecture with multiple Laravel services?

Yes, the gateway’s unified API makes it ideal for centralizing auth across microservices. Deploy the package in a shared service (e.g., API Gateway) and let other services consume its auth tokens. Use Laravel’s service container to inject the gateway into dependent services. Ensure consistent token storage (e.g., Redis) and guard configurations across all services.

What’s the best way to test this package in a CI/CD pipeline?

Test the package’s core features (login/logout/user resolution) with PHPUnit, mocking external providers (e.g., OAuth mock servers). Use Laravel’s `HttpTests` for route/middleware tests and `FeatureTests` for auth flows. Validate token generation/validation with tools like Postman or Laravel Dusk. Since the package lacks a test suite, focus on edge cases like token expiration, failed logins, and provider errors.

Is there a recommended way to migrate from custom auth logic to this gateway?

Start by wrapping your existing auth logic in the gateway’s provider classes (e.g., `CustomAuthProvider`). Gradually replace direct calls to `Auth::attempt()` with the gateway’s methods. Use Laravel’s service container to bind your old auth classes to the gateway’s interfaces. Test incrementally, beginning with non-critical routes, and monitor performance for any latency introduced by the new layer.

What are the risks of using a package with no stars or recent activity?

Low activity may indicate unproven reliability, lack of community support, or potential abandonment. Assess the package’s design (e.g., modularity, Laravel synergy) and test thoroughly for edge cases like token revocation or provider failures. Consider forking the repo to add missing features (e.g., CI/CD, tests) or contact the maintainer for long-term commitments. Evaluate alternatives like Sanctum or Passport if maintenance is a concern.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Auth Gateway Laravel Package

bibrokhim/auth-gateway

Laravel auth gateway package providing a simple authentication layer for APIs/apps, with easy integration into existing projects. Helps centralize login/token handling and protect routes via middleware/guards.

View on GitHub

Deep Wiki

Context7

API Gateway authentication for microservices

Frequently asked questions about Auth Gateway

How does bibrokhim/auth-gateway differ from Laravel Sanctum or Passport for API authentication?: This package abstracts auth logic into a single gateway layer, letting you mix guards (e.g., JWT + OAuth) without rewriting controllers. Sanctum/Passport focus on token-based auth for specific use cases, while this provides a unified API for all auth flows—login, logout, user resolution—making it easier to switch strategies later. It’s more modular for apps needing hybrid auth (e.g., API + session).
Can I use this package with Laravel 10 and PHP 8.2?: The package was last updated in August 2023 and targets Laravel’s core features, but explicit PHP 8.2 or Laravel 10 support isn’t documented. Test thoroughly with your stack, as compatibility depends on Laravel’s underlying auth system (e.g., `Auth::attempt()`). Check the `composer.json` constraints for minimum requirements. If issues arise, consider forking or contacting the maintainer.
Will this package conflict with Laravel’s built-in `users` table or `HasApiTokens`?: It may introduce additional tables (e.g., for tokens, roles) unless configured to reuse Laravel’s `users` table. Review the migrations and schema setup to avoid conflicts. If using Sanctum or Passport, disable their migrations to prevent duplicate token tables. The package is designed to coexist but requires manual alignment with your existing auth structure.
How do I integrate custom OAuth providers (e.g., Auth0, Okta) with this gateway?: The package follows a strategy pattern, so you’ll need to create a custom provider class extending its base classes (e.g., `OAuthProvider`). Implement the required methods like `getUserByToken()` and `revokeToken()`. Refer to the package’s provider examples or Laravel’s OAuth documentation for guidance. Test thoroughly with sandbox environments first.
Does this package support role/permission middleware like Laravel’s native `authorize()`?: Yes, it provides middleware for role/permission checks via the gateway API (e.g., `AuthGateway::authorize()`). You can attach it to routes like Laravel’s built-in middleware. However, ensure your permission logic aligns with Laravel’s `Gate` or `Policy` system if you’re mixing both. The package may require custom policies for complex permission hierarchies.
How do I handle token revocation or rate limiting in production?: Token revocation can be managed via the gateway’s `revokeToken()` method or by clearing cached tokens (if using Redis). Rate limiting isn’t built-in but can be added via Laravel’s `throttle` middleware or a custom decorator. For production, implement async revocation using Laravel Queues to avoid blocking requests. Monitor token expiration times and log revocation events for auditing.
Can I use this package in a microservices architecture with multiple Laravel services?: Yes, the gateway’s unified API makes it ideal for centralizing auth across microservices. Deploy the package in a shared service (e.g., API Gateway) and let other services consume its auth tokens. Use Laravel’s service container to inject the gateway into dependent services. Ensure consistent token storage (e.g., Redis) and guard configurations across all services.
What’s the best way to test this package in a CI/CD pipeline?: Test the package’s core features (login/logout/user resolution) with PHPUnit, mocking external providers (e.g., OAuth mock servers). Use Laravel’s `HttpTests` for route/middleware tests and `FeatureTests` for auth flows. Validate token generation/validation with tools like Postman or Laravel Dusk. Since the package lacks a test suite, focus on edge cases like token expiration, failed logins, and provider errors.
Is there a recommended way to migrate from custom auth logic to this gateway?: Start by wrapping your existing auth logic in the gateway’s provider classes (e.g., `CustomAuthProvider`). Gradually replace direct calls to `Auth::attempt()` with the gateway’s methods. Use Laravel’s service container to bind your old auth classes to the gateway’s interfaces. Test incrementally, beginning with non-critical routes, and monitor performance for any latency introduced by the new layer.
What are the risks of using a package with no stars or recent activity?: Low activity may indicate unproven reliability, lack of community support, or potential abandonment. Assess the package’s design (e.g., modularity, Laravel synergy) and test thoroughly for edge cases like token revocation or provider failures. Consider forking the repo to add missing features (e.g., CI/CD, tests) or contact the maintainer for long-term commitments. Evaluate alternatives like Sanctum or Passport if maintenance is a concern.

Popularity trends

Recorded values over time (once-a-day snapshots). May 7, 2026 – Jun 5, 2026

GitHub · stars

GitHub · forks

GitHub · watchers

Packagist · monthly downloads

View on GitHub

Stars

Favorites

Forks

Score

2.1

Score breakdown

Sum of components, capped 0–100. Halved if archived.

Stars

input: 0

+0.0
Forks

input: 0

+0.0
Open issues + PRs

input: 0

+0.0
Releases

input: 7

+2.1
Recency

input: 1026

+0.0
Issue opportunity

input: 0

+0.0
Laravel News mentions

input: 0

+0.0
Dependents

input: 0

+0.0

Total 2.1

Opportunity

20.2

Opportunity score breakdown

Hidden gem signal × 0.65 + contribution need × 0.35, scaled by health factor.

Hidden gem

log(monthly_downloads / (stars + 1)) × 25

36.6
Contribution need

open_issues + open_prs: 0

0.0
Health factor

archived + recency + open issues

×0.85

Total 20.2

License

—

Last release

Aug 14, 2023

Watchers

Downloads

28/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

hexters/coinpayment

rjcodes/rjcms

act-training/laravel-permissions-manager

alimarchal/laravel-chart-of-accounts

babenkoivan/elastic-scout-driver

mkwebdesign/filament-watchdog-v5

renatomarinho/laravel-page-speed

zedmagdy/filament-business-hours

renatovdemoura/blade-elements-ui

devgeek/beacon-admin

benjamin-rqt/data-watcher-bundle

atriumphp/atrium

sandermuller/package-boost-laravel

sandermuller/boost-skills

redaxo/core

yusufgenc/filament-api-forge

l3aro/rating-star-for-filament

leek/filament-subtenant-scope

anil/file-picker

broqit/fields-ai