laravel-auth-kit maintained by emberrenewed
Laravel Auth Kit
Laravel authentication package with email/password + Google drivers, Sanctum API tokens, password reset, throttling, and events.
Package: emberrenewed/laravel-auth-kit
Repository: https://github.com/emberrenewed/auth-kit-technoboase
Installation
In your Laravel project:
composer require emberrenewed/laravel-auth-kit
php artisan auth-kit:install
php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"
php artisan migrate
auth-kit:install automatically:
- publishes
config/auth-kit.php+ migrations - adds these keys to
.envand.env.exampleif missing:
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
GOOGLE_REDIRECT_URI="${APP_URL}/auth/google/callback"
- adds Google config to
config/services.phpif missing
Then paste your real Google Client ID / Secret into .env (values still come from Google Cloud Console — no package can invent them).
If Packagist is not available yet
Install directly from GitHub:
composer config repositories.auth-kit vcs https://github.com/emberrenewed/auth-kit-technoboase
composer require emberrenewed/laravel-auth-kit:^1.0
Requirements
- PHP 8.3+
- Laravel 12 or 13
laravel/sanctum^4.0laravel/socialite^5.0(for Google)
User model
Your User model must use Sanctum’s HasApiTokens and support Auth Kit columns:
first_name, last_name, provider, provider_id, avatar, banned_at
use Laravel\Sanctum\HasApiTokens;
class User extends Authenticatable
{
use HasApiTokens, Notifiable;
}
Optional:
php artisan vendor:publish --tag=auth-kit-lang
Quick start (API)
POST /api/auth/login
Content-Type: application/json
Accept: application/json
{
"email": "user@example.com",
"password": "password"
}
Success:
{
"data": { "user": { "id": 1, "email": "user@example.com" } },
"token": "1|xxxxxxxx"
}
Main API routes
| Method | URL | Body / auth |
|---|---|---|
| GET | /api/auth/providers |
— |
| POST | /api/auth/login |
email, password |
| POST | /api/auth/google |
access_token |
| POST | /api/auth/logout |
Bearer token |
| POST | /api/auth/forgot-password |
email |
| POST | /api/auth/reset-password |
email, token, password, password_confirmation |
Configuration
Publish config/auth-kit.php and set:
| Key | Purpose |
|---|---|
subjects.api / subjects.web |
Model, guard, resolver, auto_create_on_social |
drivers.api / drivers.web |
Enabled drivers (password, google, …) |
routes.api / routes.web |
Prefix + middleware |
throttle |
Login rate limit |
password_reset.broker |
Password broker name |
Google OAuth
Run once in the Laravel app:
php artisan auth-kit:install
That auto-adds .env keys + config/services.php google block. Then fill real values:
GOOGLE_CLIENT_ID=your-client-id
GOOGLE_CLIENT_SECRET=your-client-secret
GOOGLE_REDIRECT_URI="${APP_URL}/auth/google/callback"
- API:
POST /api/auth/googlewith{ "access_token": "..." }(token from Google client / app, not.env) - Web:
GET /auth/google/redirect→ callback
Events
LoginAttemptedLoginSucceededLoginFailedSocialUserResolvedLoggedOut
use Technobase\AuthKit\Events\LoginSucceeded;
Event::listen(LoginSucceeded::class, function (LoginSucceeded $event): void {
//
});
API response shapes
| Status | When |
|---|---|
| 200 | Login / logout / forgot / reset success |
| 401 | Bad credentials / invalid Google token / throttled |
| 403 | Banned user |
| 404 | Social user not found (auto_create_on_social=false) |
| 422 | Invalid / expired reset token |
Forgot password always returns 200 (does not reveal if email exists).
Postman
Import postman/AuthKit.postman_collection.json
Set base_url to your app (e.g. http://127.0.0.1:8000).
License
MIT