How do I quickly add Socialite OAuth login (e.g., Google, GitHub) to my Laravel app?

Install Bartender via Composer, publish its migrations, and call `Bartender::routes()` in your `web.php`. It auto-registers `/auth/{driver}/redirect` and `/auth/{driver}/callback` endpoints, reducing setup from hours to minutes. Just configure your Socialite providers (e.g., `socialiteproviders/google`) separately.

Does Bartender work with Laravel 10+ or only older versions?

Bartender officially supports Laravel 9+. While it may work on newer versions, test thoroughly or check the GitHub issues for Laravel 10/11 compatibility. The package avoids breaking changes by leveraging Laravel’s stable APIs. For cutting-edge versions, monitor the repo for updates or patch minor conflicts.

Can I customize user creation or token handling without rewriting everything?

Yes. Bartender provides interfaces like `ProviderHandler` and `ProviderRepository` to override default behaviors (e.g., user attribute mapping, token storage). Bind your custom implementations in the service container. For example, extend `ProviderRepository` to skip password hashing or add custom validation rules during user creation.

What’s the security risk of storing access/refresh tokens in the users table?

Storing tokens in the `users` table is convenient but risky if your database is compromised. Bartender publishes optional migrations for this, but best practice is to encrypt tokens or use a dedicated `oauth_tokens` table. Alternatively, avoid storing tokens and rely on stateless auth (e.g., JWT) or provider-specific token management.

How do I add support for a custom OAuth provider (e.g., Microsoft with multi-tenant scopes)?

First, ensure your provider is supported by Laravel Socialite (e.g., `socialiteproviders/microsoft`). Then, extend Bartender’s `ProviderRedirector` or `ProviderHandler` to customize scopes, redirect logic, or user data mapping. For multi-tenant Microsoft auth, override the `getScopes()` method in your custom handler to include `tenant` parameters.

Does Bartender handle soft-deleted users automatically during login?

By default, Bartender restores soft-deleted users on successful login (via `ProviderRepository`). To disable this, implement a custom `ProviderRepository` and override the `handleUser()` method. Alternatively, use middleware to block logins for banned users before they reach Bartender’s flow.

Can I skip the migrations if I don’t need token storage?

Yes. Bartender’s migrations add `provider_id`, `provider_name`, and optional token columns to the `users` table. If you only need provider IDs (e.g., for linking accounts), delete the `2024_10_27_131354_add_provider_token_columns_to_users_table.php` migration before running `php artisan migrate`. This keeps your schema clean.

How do I test Bartender’s OAuth flows in a CI/CD pipeline?

Mock Socialite providers using Laravel’s `SocialiteManager` facade or libraries like `mockery`. For example, in a test, set up a fake provider with `Socialite::shouldReceive('driver')->andReturnSelf()->shouldReceive('redirect')->andReturn($response)`. Test both success and failure callbacks to ensure user creation/updates work as expected.

What alternatives to Bartender exist for Laravel Socialite auth?

For lightweight setups, use Laravel Socialite directly with custom routes/controllers. For more features, consider `laravel/socialite` + `spatie/laravel-social-auth` (which handles user creation and token storage). Bartender stands out by combining routes, migrations, and customization hooks in a single package, reducing dependency sprawl.

How do I regenerate sessions after OAuth login to prevent session fixation?

Bartender recommends regenerating sessions post-authentication. Implement this by extending the `ProviderRedirector` and calling `session()->regenerate()` in the `redirectAfterLogin()` method. For example: `public function redirectAfterLogin(User $user) { session()->regenerate(); return redirect()->intended('/dashboard'); }`.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Bartender Laravel Package

directorytree/bartender

Opinionated Socialite authentication for Laravel. Ships ready-made routes (/auth/{driver}/redirect, /callback), a controller, migrations to store provider IDs and optional access/refresh tokens, and customizable hooks for features like soft deletes and email verification.

View on GitHub

Deep Wiki

Context7

An opinionated way to authenticate users using Laravel Socialite.

Frequently asked questions about Bartender

How do I quickly add Socialite OAuth login (e.g., Google, GitHub) to my Laravel app?: Install Bartender via Composer, publish its migrations, and call `Bartender::routes()` in your `web.php`. It auto-registers `/auth/{driver}/redirect` and `/auth/{driver}/callback` endpoints, reducing setup from hours to minutes. Just configure your Socialite providers (e.g., `socialiteproviders/google`) separately.
Does Bartender work with Laravel 10+ or only older versions?: Bartender officially supports Laravel 9+. While it may work on newer versions, test thoroughly or check the GitHub issues for Laravel 10/11 compatibility. The package avoids breaking changes by leveraging Laravel’s stable APIs. For cutting-edge versions, monitor the repo for updates or patch minor conflicts.
Can I customize user creation or token handling without rewriting everything?: Yes. Bartender provides interfaces like `ProviderHandler` and `ProviderRepository` to override default behaviors (e.g., user attribute mapping, token storage). Bind your custom implementations in the service container. For example, extend `ProviderRepository` to skip password hashing or add custom validation rules during user creation.
What’s the security risk of storing access/refresh tokens in the users table?: Storing tokens in the `users` table is convenient but risky if your database is compromised. Bartender publishes optional migrations for this, but best practice is to encrypt tokens or use a dedicated `oauth_tokens` table. Alternatively, avoid storing tokens and rely on stateless auth (e.g., JWT) or provider-specific token management.
How do I add support for a custom OAuth provider (e.g., Microsoft with multi-tenant scopes)?: First, ensure your provider is supported by Laravel Socialite (e.g., `socialiteproviders/microsoft`). Then, extend Bartender’s `ProviderRedirector` or `ProviderHandler` to customize scopes, redirect logic, or user data mapping. For multi-tenant Microsoft auth, override the `getScopes()` method in your custom handler to include `tenant` parameters.
Does Bartender handle soft-deleted users automatically during login?: By default, Bartender restores soft-deleted users on successful login (via `ProviderRepository`). To disable this, implement a custom `ProviderRepository` and override the `handleUser()` method. Alternatively, use middleware to block logins for banned users before they reach Bartender’s flow.
Can I skip the migrations if I don’t need token storage?: Yes. Bartender’s migrations add `provider_id`, `provider_name`, and optional token columns to the `users` table. If you only need provider IDs (e.g., for linking accounts), delete the `2024_10_27_131354_add_provider_token_columns_to_users_table.php` migration before running `php artisan migrate`. This keeps your schema clean.
How do I test Bartender’s OAuth flows in a CI/CD pipeline?: Mock Socialite providers using Laravel’s `SocialiteManager` facade or libraries like `mockery`. For example, in a test, set up a fake provider with `Socialite::shouldReceive('driver')->andReturnSelf()->shouldReceive('redirect')->andReturn($response)`. Test both success and failure callbacks to ensure user creation/updates work as expected.
What alternatives to Bartender exist for Laravel Socialite auth?: For lightweight setups, use Laravel Socialite directly with custom routes/controllers. For more features, consider `laravel/socialite` + `spatie/laravel-social-auth` (which handles user creation and token storage). Bartender stands out by combining routes, migrations, and customization hooks in a single package, reducing dependency sprawl.
How do I regenerate sessions after OAuth login to prevent session fixation?: Bartender recommends regenerating sessions post-authentication. Implement this by extending the `ProviderRedirector` and calling `session()->regenerate()` in the `redirectAfterLogin()` method. For example: `public function redirectAfterLogin(User $user) { session()->regenerate(); return redirect()->intended('/dashboard'); }`.

View on GitHub

Stars

284

Favorites

284

Forks

Score

25.7

License

MIT

Last release

Mar 29, 2026

Watchers

Downloads

2K/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

davejamesmiller/laravel-breadcrumbs

artisanry/parsedown

christhompsontldr/phpsdk

bower-asset/punycode

bower-asset/inputmask

bower-asset/jquery

bower-asset/yii2-pjax

laravel/nova

spatie/laravel-mailcoach

spatie/laravel-superseeder

laravel/liferaft

nst/json-test-suite

danielmiessler/sec-lists

jackalope/jackalope-transport

twbs/bootstrap4

php-http/client-implementation

phpcr/phpcr-implementation

cucumber/gherkin-monorepo

haydenpierce/class-finder

psr/simple-cache-implementation