Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Laravel Passport Modern Scopes
Assessments

Laravel Passport Modern Scopes Laravel Package

n3xt0r/laravel-passport-modern-scopes

Attribute-based OAuth scope enforcement for Laravel Passport. Declare required scopes directly on controllers/actions via PHP 8 attributes, then enforce them with a single middleware. Keeps routes clean and auth rules close to the code they protect.

View on GitHub
Deep Wiki
Context7

Product Decisions This Supports

  • Fine-Grained API Access Control: Enables attribute-based scope enforcement (e.g., user:read:own, user:read:all, user:write:admin), replacing coarse-grained scopes like user:read or user:write. This aligns with modern API security needs (e.g., zero-trust, least-privilege access).
  • Roadmap for Compliance: Supports GDPR, SOC 2, or HIPAA by restricting data access to specific attributes (e.g., patient:read:own for healthcare APIs). Reduces audit risk by logging granular scope violations.
  • Build vs. Buy: Avoids custom scope logic in Passport, reducing dev time and tech debt. MIT license mitigates legal risk.
  • Use Cases:
    • Multi-Tenant SaaS: Scopes like tenant:{id}:read for isolated data access.
    • Partner Integrations: Whitelist scopes for third-party APIs (e.g., partner:read:orders).
    • Internal Tools: Role-based scopes (e.g., admin:user:delete).

When to Consider This Package

  • Adopt if:
    • Your Laravel Passport API needs attribute-level scope granularity (e.g., "read only my own data" vs. "read all data").
    • You’re migrating from legacy scopes (e.g., user:*) to a zero-trust model.
    • Your team lacks bandwidth to build custom scope validation logic.
    • You need audit trails for scope violations (e.g., "User X tried to access user:read:all without permission").
  • Look Elsewhere if:
    • You’re using non-Passport OAuth (e.g., Auth0, Keycloak).
    • Your scope needs are static (e.g., only read/write without attribute constraints).
    • You require dynamic scope generation at runtime (this package is pre-defined).
    • Your stack is non-PHP/Laravel (e.g., Node.js, Python).

How to Pitch It (Stakeholders)

For Executives: "This package modernizes our API security by replacing broad OAuth scopes (e.g., user:read) with granular, attribute-based controls (e.g., user:read:own). It reduces risk of data leaks, simplifies compliance audits, and cuts dev time by avoiding custom scope logic. For example, a support agent could only access ticket:read:own, while admins get ticket:read:all. MIT license means no vendor lock-in."

For Engineering: *"Leverage n3xt0r/laravel-passport-modern-scopes to:

  1. Replace Passport::scope() with attribute-based checks (e.g., if (!$user->hasScope('user:read:own')) abort(403)).
  2. Integrate in 1 hour: Drop-in replacement for existing scopes; config via config/passport.php.
  3. Gain visibility: Log scope violations via Laravel’s logging system.
  4. Future-proof: Supports dynamic scope validation extensions. Tradeoff: Minimal upfront effort for long-term security and scalability."*
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
monarobase/country-list
nasirkhan/laravel-sharekit
directorytree/privacy-filter-classifier
directorytree/privacy-filter
datacore/hub-sdk
develia/commons
cuci/prototurk-sdk
cuci/prototurk-sdk-symfony
develia/geo-bundle
dreamzy/livewire-charts
touchestate-sdk/php-sdk
22h/doctrine-garbage-collection-bundle
agtp/agtp-php
agtp/mod-php
splash/sonata-admin
splash/metadata
splash/openapi
splash/scopes
splash/toolkit
testo/output-teamcity