Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Auth
Assessments

Auth Laravel Package

spiral/auth

Spiral/Auth provides common authentication interfaces for Spiral apps. Define auth tokens, storage, and guards via small, framework-agnostic contracts, enabling interchangeable implementations and consistent integration across projects.

View on GitHub
Deep Wiki
Context7

Getting Started

Start by installing the package via Composer (composer require spiral/auth) and enabling the Spiral\Auth\AuthCompiler and Spiral\Auth\AuthMiddleware in your Spiral application’s kernel config (app.php). Next, implement the Spiral\Auth\UserProviderInterface for your domain model (e.g., a database-backed UserProvider). Register it as a shared service and configure the auth component in config/auth.php to reference your provider and specify guard (e.g., web or api). Your first use case: protect a route by injecting the Spiral\Auth\AuthGuardInterface in your controller action and calling $guard->check() before processing sensitive logic.

Implementation Patterns

  • Guard-based authentication: Inject AuthGuardInterface to verify credentials or session state per-request. Use different guards (e.g., web, api) for frontend vs. API auth flows.
  • Custom user providers: Implement UserProviderInterface for diverse sources (DB, LDAP, JWT, Redis). The provider handles user loading, password verification (verifyPassword()), and token refresh if applicable.
  • Middleware chaining: Use AuthMiddleware in route groups to enforce auth before action execution. Customize guards or redirect URLs via config or request attributes (setGuard(), setRedirect()).
  • Stateless vs. stateful: For APIs, pair with stateless guards and JWT/tokens; for web apps, combine with Spiral’s session support. The component abstracts session handling via the Spiral\Auth\State interface.
  • Authorization hooks: Integrate with spiral/access-control or custom logic via the Spiral\Auth\Event\AuthenticationSuccess or AuthenticationFailure events for logging or audit trails.

Gotchas and Tips

  • Legacy support: The last release is from 2019—ensure compatibility with modern Spiral (v2+); you may need to backport or patch against breaking changes in core interfaces.
  • Password hashing: The package does not handle hashing; implement it manually in your UserProvider using password_verify() and password_hash()—forgot this and auth breaks silently.
  • Guard name mismatch: The default guard name (auth in early versions vs. web/api in config) can cause "no guard" exceptions—double-check config/auth.phpguards key matches your injection or middleware config.
  • Extensibility point: Extend Spiral\Auth\Guard for complex flows (e.g., 2FA), but avoid deep inheritance—favor composition by swapping UserProvider or implementing Spiral\Auth\TokenProviderInterface.
  • Debugging: Use Spiral\Auth\AuthGuardInterface::getLastLoginError() and enable logging in middleware via AuthLoggerInterface. Clear logs with php app.php cache:clear auth since config caching is aggressive.
  • Token refresh: If using stateful auth, ensure AuthState::refresh() is called after user identity change (e.g., password update) to prevent stale session issues.
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
davejamesmiller/laravel-breadcrumbs
artisanry/parsedown
christhompsontldr/phpsdk
enqueue/dsn
bunny/bunny
enqueue/test
enqueue/null
enqueue/amqp-tools
milesj/emojibase
bower-asset/punycode
bower-asset/inputmask
bower-asset/jquery
bower-asset/yii2-pjax
laravel/nova
spatie/laravel-mailcoach
spatie/laravel-superseeder
laravel/liferaft
nst/json-test-suite
danielmiessler/sec-lists
jackalope/jackalope-transport