Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Laravel Passport Modern Scopes
Readme

Laravel Passport Modern Scopes Laravel Package

n3xt0r/laravel-passport-modern-scopes

Attribute-based OAuth scope enforcement for Laravel Passport. Declare required scopes directly on controllers/actions via PHP 8 attributes, then enforce them with a single middleware. Keeps routes clean and auth rules close to the code they protect.

View on GitHub
Deep Wiki
Context7

Latest Version on Packagist GitHub Tests Action Status Maintainability Code Coverage Total Downloads

Passport Modern Scopes

Attribute-based OAuth Scope Enforcement

Laravel Passport traditionally enforces OAuth scopes at the routing level, typically via middleware definitions in route files. While functional, this approach tends to scatter authorization rules across routes and couples controllers to infrastructure-level concerns.

This package introduces an attribute-based approach to OAuth scope enforcement.

By leveraging PHP 8 attributes and a single resolving middleware, required OAuth scopes can be declared directly on controllers or controller actions, keeping authorization rules close to the code they protect while remaining fully compatible with Laravel Passport.

Key ideas

  • OAuth scopes are declared, not wired
  • Controllers express requirements, not middleware mechanics
  • Passport remains untouched and fully in control of token validation
  • Routes stay clean and infrastructure-agnostic

Example

use N3XT0R\PassportModernScopes\Support\Attributes\RequiresScope;
use N3XT0R\PassportModernScopes\Support\Attributes\RequiresAnyScope;

#[RequiresScope('users:read')]
final class UserController
{
    public function index()
    {
        // Requires users:read
    }

    #[RequiresAnyScope('users:update', 'users:write')]
    public function update()
    {
        // Requires at least one of the given scopes
    }
}

A single middleware inspects controller attributes at runtime and enforces them using Laravel Passport’s native scope checks (tokenCan). Authentication itself remains the responsibility of your configured guard (e.g. auth:api).

Why attributes?

  • Declarative and explicit
  • No duplication between routes and controllers
  • Easy to reason about during code review
  • Static-analysis and documentation friendly
  • No magic strings scattered across route definitions

This approach provides a clean separation between authorization intent and HTTP wiring, allowing Passport-based APIs to scale without losing clarity or consistency.

Installation

composer require n3xt0r/laravel-passport-modern-scopes:^2.0

The middleware is automatically registered via the package's service provider.

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
monarobase/country-list
nasirkhan/laravel-sharekit
directorytree/privacy-filter-classifier
directorytree/privacy-filter
datacore/hub-sdk
develia/commons
cuci/prototurk-sdk
cuci/prototurk-sdk-symfony
develia/geo-bundle
dreamzy/livewire-charts
touchestate-sdk/php-sdk
22h/doctrine-garbage-collection-bundle
agtp/agtp-php
agtp/mod-php
splash/sonata-admin
splash/metadata
splash/openapi
splash/scopes
splash/toolkit
testo/output-teamcity