Looking to hire Laravel developers? Try LaraJobs

laravel-external-basic-auth maintained by rickselby

Description
External Basic Auth for Laravel
Author
Rick Selby
Last update
2025/11/22 21:23 (dev-main)
License
MIT
Links
GitHub - Packagist
Downloads
5 772
Tags
auth - laravel - basic - external

dev-main

Last update
2025/11/22 21:23
License
MIT
Require
  • php 8.*
  • laravel/framework 10.*|11.*
1.8.0

Last update
2024/03/14 13:20
License
MIT
Require
  • php 8.*
  • laravel/framework 10.*|11.*
1.7.0

Last update
2023/03/07 20:45
License
MIT
Require
  • php 8.*
  • laravel/framework 9.*|10.*
1.6.0

Last update
2022/10/08 11:15
License
MIT
Require
  • php ^7.3|^8.0
  • laravel/framework 7.*|8.*|9.*
1.5.0

Last update
2022/10/08 11:09
License
MIT
Require
  • php ^7.3|^8.0
  • laravel/framework 6.*|7.*|8.*
1.4.0

Last update
2022/10/08 11:04
License
MIT
Require
  • php ^7.3|^8.0.0
  • laravel/framework 5.8.*|6.*|7.*
1.3.1

Last update
2022/10/08 10:57
License
MIT
Require
  • php ^7.3|^8.0.0
  • laravel/framework 5.7.*|5.8.*|6.*
1.3.0

Last update
2022/10/08 10:50
License
MIT
Require
  • php >=7.3
  • laravel/framework 5.7.*|5.8.*|6.*
1.2

Last update
2022/10/06 15:08
License
MIT
Require
  • php >=7.3
  • laravel/framework 5.6.*|5.7.*|5.8.*
1.1

Last update
2019/09/06 16:57
License
MIT
Require
  • php >=7.0
  • laravel/framework 5.5.*|5.6.*|5.7.*
1.0

Last update
2018/12/01 12:46
License
MIT
Require
  • php >=7.0
  • laravel/framework 5.5.*|5.6.*|5.7.*
Comments
comments powered by Disqus

Laravel External Basic Auth

Software License Packagist Version

This is a guard for Laravel that assumes the value in $_SERVER['REMOTE_USER'] is the identifier for the currently logged in user.

Laravel's built-in basic auth still auths the username and passwords against the users table, which in our case will not contain their password.

Usage

composer require rickselby/laravel-external-basic-auth

Then, edit your config/auth.php file, and under guards, set the appropriate driver to external; e.g.

'guards' => [
    'web' => [
        'driver' => 'external',
        'provider' => 'users',
    ],
],

Alternate lookup field

By default, the package will match the $_SERVER['REMOTE_USER'] value against the id of the user model. If the $_SERVER['REMOTE_USER'] value is in a different field (e.g. the user model has a standard auto-incrementable integer for an ID, and a separate username field) then the package can look up a user by this field instead.

Edit your config/auth.php file, and under the appropriate guard, add a field setting:

'guards' => [
    'web' => [
        'driver' => 'external',
        'provider' => 'users',
        'field' => 'username',
    ],
],

Eager load relationships

It may be desirable to eager load relationships for the authenticated user.

Edit your config/auth.php file, and under the appropriate guard, add a load setting:

'guards' => [
    'web' => [
        'driver' => 'external',
        'provider' => 'users',
        'load' => [
            'permissions',
            'roles',
        ],
    ],
],

Looking for REMOTE_USER in headers

If your app is running in a docker container, or some other situation where your app is separated from the authentication, it may be desirable to pass the REMOTE_USER to the app by headers.

Edit your config/auth.php file, and under the appropriate guard, add a header setting:

'guards' => [
    'web' => [
        'driver' => 'external',
        'provider' => 'users',
        'header' => 'X-forwarded-REMOTE_USER',
    ],
],

Stripping a string from the user identifier

If your authentication field has a part you do not wish to use (e.g. user@domain.com), this can be stripped:

'guards' => [
    'web' => [
        'driver' => 'external',
        'provider' => 'users',
        'strip' => '@domain.com',
    ],
],