Laravel Paseto Laravel Package

✨ Added

A new payload() method has been added to the PasetoGuard for easier and more fluent access to token claims. This method returns the token's payload as an Illuminate\Support\Collection, allowing for convenient method chaining.

Usage Example:

use Illuminate\Support\Facades\Auth;

// Get the full payload as a collection
$payload = Auth::guard('api')->payload();

// Retrieve a specific claim, e.g., the JWT ID (jti)
$jti = Auth::guard('api')->payload()->get('jti');

We are excited to announce the first stable release of laravel-paseto!

This package provides a complete, secure, and easy-to-integrate PASETO (Platform-Agnostic Security Tokens) authentication guard for modern Laravel applications. It is designed to be a safer, more robust alternative to JWT, with a focus on simplicity and security by default.

✨ Key Features

• Secure PASETO Guard: Implements a fully-featured paseto authentication driver for Laravel's auth system.
• PASETO v4 Local Support: Uses symmetric key authenticated encryption for stateless tokens.
• Easy Configuration: A dedicated configuration file (paseto.php) allows you to customize the token's lifetime, issuer, audience, and default claims.
• Secret Key Generation: Includes an artisan command php artisan paseto:generate-key to generate a secure secret key and add it to your .env file automatically.
• Token Blacklisting: A built-in mechanism to invalidate tokens upon logout, preventing reuse. This feature leverages Laravel's cache system.
• Fluent Token Builder: A simple, chainable API for generating tokens.
• HasPaseto Trait: Easily add token generation capabilities to your User model.
• Custom Exceptions: Clear and specific exceptions for handling invalid, expired, or blacklisted tokens.
• Laravel 9, 10, 11 & 12 Support: Fully compatible with the latest versions of the Laravel framework.