Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Laravel Passport Modern Scopes
Release Notes

Laravel Passport Modern Scopes Laravel Package

n3xt0r/laravel-passport-modern-scopes

Attribute-based OAuth scope enforcement for Laravel Passport. Declare required scopes directly on controllers/actions via PHP 8 attributes, then enforce them with a single middleware. Keeps routes clean and auth rules close to the code they protect.

View on GitHub
Deep Wiki
Context7
2.2.1

What's Changed

New Contributors

Full Changelog: https://github.com/N3XT0R/laravel-passport-modern-scopes/compare/2.2.0...2.2.1

2.2.0

Added

Added support for Laravel 13

Full Changelog: https://github.com/N3XT0R/laravel-passport-modern-scopes/compare/2.1.0...2.2.0

2.0.0

This release introduces a new, attribute-driven way to define and enforce OAuth scopes when using Laravel Passport.

Instead of defining scope requirements in route files via middleware, required scopes can now be declared directly on controllers or controller actions using PHP 8 attributes. This keeps authorization rules close to the code they protect and significantly improves readability and maintainability.

✨ What’s new?

Attribute-based scope declarations

You can now define required OAuth scopes using PHP attributes:

#[RequiresScope('users:read')]
class UserController
{
    public function index()
    {
        // Requires users:read
    }

    #[RequiresAnyScope('users:update', 'users:write')]
    public function update()
    {
        // Requires at least one of the given scopes
    }
}

This approach removes the need to attach scope middleware in route definitions.

🧠 How it works

  • A single middleware inspects controller and method attributes at runtime.
  • Required scopes are automatically validated using Laravel Passport.
  • Passport remains fully responsible for token parsing and validation.
  • No changes to existing Passport internals are required.

πŸ” Scope resolution rules

  • Class-level attributes apply to all controller actions.
  • Method-level attributes are evaluated in addition to class-level requirements.
  • Requests without a valid access token result in 401 Unauthorized.
  • Requests with a token but insufficient scopes result in 403 Forbidden.

βš™οΈ Middleware registration

The resolving middleware can be:

  • Automatically registered via the package configuration, or
  • Manually added if more control is required.

This ensures compatibility with standard Laravel applications, Testbench, and Workbench environments.

🎯 Why use this package?

  • Authorization rules are explicit and declarative
  • No duplication between routes and controllers
  • Cleaner route files
  • Easier code reviews
  • Better long-term maintainability for Passport-based APIs

πŸ§ͺ Compatibility

  • Laravel with Passport
  • PHP 8.0+
  • Fully compatible with Laravel testing tools

🏁 Summary

Version 2.0.0 represents the first stable release of Passport Modern Scopes in its current architecture.
It provides a modern, expressive, and maintainable way to define OAuth scope requirements while staying fully aligned with Laravel and Passport best practices.

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
monarobase/country-list
nasirkhan/laravel-sharekit
directorytree/privacy-filter-classifier
directorytree/privacy-filter
datacore/hub-sdk
develia/commons
cuci/prototurk-sdk
cuci/prototurk-sdk-symfony
develia/geo-bundle
dreamzy/livewire-charts
touchestate-sdk/php-sdk
22h/doctrine-garbage-collection-bundle
agtp/agtp-php
agtp/mod-php
splash/sonata-admin
splash/metadata
splash/openapi
splash/scopes
splash/toolkit
testo/output-teamcity