Looking to hire Laravel developers? Try LaraJobs

laravel-auth-kit maintained by emberrenewed

Description
Laravel authentication kit with multi-driver support
Last update
2026/07/14 00:12 (dev-main)
License
Links
Downloads
0

Comments
comments powered by Disqus

Laravel Auth Kit

Laravel authentication package with email/password + Google drivers, Sanctum API tokens, password reset, throttling, and events.

Package: emberrenewed/laravel-auth-kit
Repository: https://github.com/emberrenewed/auth-kit-technoboase


Installation

In your Laravel project:

composer require emberrenewed/laravel-auth-kit
php artisan auth-kit:install
php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"
php artisan migrate

auth-kit:install automatically:

  • publishes config/auth-kit.php + migrations
  • adds these keys to .env and .env.example if missing:
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
GOOGLE_REDIRECT_URI="${APP_URL}/auth/google/callback"
  • adds Google config to config/services.php if missing

Then paste your real Google Client ID / Secret into .env (values still come from Google Cloud Console — no package can invent them).

If Packagist is not available yet

Install directly from GitHub:

composer config repositories.auth-kit vcs https://github.com/emberrenewed/auth-kit-technoboase
composer require emberrenewed/laravel-auth-kit:^1.0

Requirements

  • PHP 8.3+
  • Laravel 12 or 13
  • laravel/sanctum ^4.0
  • laravel/socialite ^5.0 (for Google)

User model

Your User model must use Sanctum’s HasApiTokens and support Auth Kit columns:

first_name, last_name, provider, provider_id, avatar, banned_at

use Laravel\Sanctum\HasApiTokens;

class User extends Authenticatable
{
    use HasApiTokens, Notifiable;
}

Optional:

php artisan vendor:publish --tag=auth-kit-lang

Quick start (API)

POST /api/auth/login
Content-Type: application/json
Accept: application/json

{
  "email": "user@example.com",
  "password": "password"
}

Success:

{
  "data": { "user": { "id": 1, "email": "user@example.com" } },
  "token": "1|xxxxxxxx"
}

Main API routes

Method URL Body / auth
GET /api/auth/providers
POST /api/auth/login email, password
POST /api/auth/google access_token
POST /api/auth/logout Bearer token
POST /api/auth/forgot-password email
POST /api/auth/reset-password email, token, password, password_confirmation

Configuration

Publish config/auth-kit.php and set:

Key Purpose
subjects.api / subjects.web Model, guard, resolver, auto_create_on_social
drivers.api / drivers.web Enabled drivers (password, google, …)
routes.api / routes.web Prefix + middleware
throttle Login rate limit
password_reset.broker Password broker name

Google OAuth

Run once in the Laravel app:

php artisan auth-kit:install

That auto-adds .env keys + config/services.php google block. Then fill real values:

GOOGLE_CLIENT_ID=your-client-id
GOOGLE_CLIENT_SECRET=your-client-secret
GOOGLE_REDIRECT_URI="${APP_URL}/auth/google/callback"
  • API: POST /api/auth/google with { "access_token": "..." } (token from Google client / app, not .env)
  • Web: GET /auth/google/redirect → callback

Events

  • LoginAttempted
  • LoginSucceeded
  • LoginFailed
  • SocialUserResolved
  • LoggedOut
use Technobase\AuthKit\Events\LoginSucceeded;

Event::listen(LoginSucceeded::class, function (LoginSucceeded $event): void {
    //
});

API response shapes

Status When
200 Login / logout / forgot / reset success
401 Bad credentials / invalid Google token / throttled
403 Banned user
404 Social user not found (auto_create_on_social=false)
422 Invalid / expired reset token

Forgot password always returns 200 (does not reveal if email exists).


Postman

Import postman/AuthKit.postman_collection.json
Set base_url to your app (e.g. http://127.0.0.1:8000).


License

MIT