Looking to hire Laravel developers? Try LaraJobs

laravel-fit-validator maintained by bencolmer

Description
Validate Atlassian Forge Invocation Tokens (FITs) in Laravel
Author
Ben Colmer
Last update
2026/03/29 16:57 (dev-main)
License
MIT
Links
GitHub - Packagist
Downloads
8
Tags
laravel - atlassian - fit - forge

dev-main

Last update
2026/03/29 16:57
License
MIT
Require
  • php ^8.1
  • firebase/php-jwt ^7.0
  • guzzlehttp/guzzle ^7.10
  • illuminate/contracts ^10.0|^11.0|^12.0|^13.0
  • illuminate/http ^10.0|^11.0|^12.0|^13.0
  • illuminate/support ^10.0|^11.0|^12.0|^13.0
1.2.0

Last update
2026/03/29 16:57
License
MIT
Require
  • php ^8.1
  • firebase/php-jwt ^7.0
  • guzzlehttp/guzzle ^7.10
  • illuminate/contracts ^10.0|^11.0|^12.0|^13.0
  • illuminate/http ^10.0|^11.0|^12.0|^13.0
  • illuminate/support ^10.0|^11.0|^12.0|^13.0
1.1.0

Last update
2026/02/08 14:33
License
MIT
Require
  • php ^8.1
  • firebase/php-jwt ^7.0
  • guzzlehttp/guzzle ^7.10
  • illuminate/contracts ^10.0|^11.0|^12.0
  • illuminate/http ^10.0|^11.0|^12.0
  • illuminate/support ^10.0|^11.0|^12.0
1.0.0

Last update
2026/02/01 23:28
License
MIT
Require
  • php ^8.1
  • firebase/php-jwt ^7.0
  • guzzlehttp/guzzle ^7.10
  • illuminate/contracts ^10.0|^11.0|^12.0
  • illuminate/http ^10.0|^11.0|^12.0
  • illuminate/support ^10.0|^11.0|^12.0
Comments
comments powered by Disqus

Laravel FIT Validator

Latest Version on Packagist

This package allows you to validate and use Atlassian Forge Invocation Tokens (FITs) in Laravel.

Installation

  1. Install the package via composer:
composer require bencolmer/laravel-fit-validator
  1. Configure .env values:
FIT_APP_ID="example:id::app/xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx" # The ID of your Forge application
FIT_JWKS_URL="https://forge.cdn.prod.atlassian-dev.net/.well-known/jwks.json" # The JWKS URL for your Forge application
  1. Add the fit middleware to any routes that should validate Forge Invocation Tokens.
Route::middleware('fit')->group(function () {
    //
});

Token Usage

The fit middleware will validate the Forge Invocation Token and add the validated payload to the request input array.

Example:

// in routes/api.php

Route::middleware('fit')->group(function () {
    Route::get('example', [ExampleController::class, 'index']);
});

// in app/Http/Controllers/ExampleController.php

use Illuminate\Http\Request;

class ExampleController extends Controller
{
    public function index(Request $request)
    {
        $fit = $request->input('fit');

        // ...
    }
}

Advanced Usage

You can configure the package to validate FIT tokens from multiple Forge applications:

  1. Publish package configuration
php artisan vendor:publish --provider="BenColmer\LaravelFITValidator\Providers\ServiceProvider"
  1. Add your Forge application details to the applications array in config/fit.php:
// ...

'applications' => [
    // ...

    // details for your other application
    'otherApp' => [
        'appId' => (string) env('FIT_OTHER_APP_ID', ''),
        'jwksUrl' => (string) env('FIT_OTHER_JWKS_URL', ''),
    ]
],
  1. Update the fit middleware to use the configuration for your new application
// in routes/api.php

Route::middleware('fit')->group(function () {
    // validate FITs using the "default" application config
});

Route::middleware('fit:otherApp')->group(function () {
    // validate FITs using the "otherApp" application config
});

Additional Configuration

The following options can also be modified by publishing the package configuration:

Name Default Value Description
middlewareAlias fit The alias for the FIT validation middleware
issuer forge/invocation-token The expected Forge Invocation Token issuer
jwksCacheDuration 5 minutes The cache duration for fetched JSON Web Key Sets. Setting this to null will disable caching

Testing

Run tests via PHPUnit:

./vendor/bin/phpunit

Credits

License

Laravel FIT Validator is open-sourced software licensed under the MIT license.