laravel-connect-profile maintained by soiposervices
Description
Laravel package for configurable authenticated profile and connection APIs with QR sessions
Author
Last update
2026/04/25 09:02
(dev-main)
License
Downloads
0
Laravel Connect Profile
A Laravel package that exposes:
- an authenticated
/me-style endpoint with configurable profile fields, - user-to-user connection endpoints,
- QR-based connect session generation,
- signed public preview URLs for scanning flows,
- connection migration and model scaffolding.
Features
- Configurable authenticated profile endpoint.
- Field allowlist and default field selection with
?fields=. - Connection request lifecycle: create, accept, reject, delete.
- QR session endpoint returning a short-lived signed connect URL.
- QR SVG endpoint powered by
simple-qrcode. - Auto-loaded package migrations through
loadMigrationsFrom().
Install
composer require soiposervices/laravel-connect-profile
php artisan vendor:publish --tag=connect-profile-config
php artisan migrate
Default routes
Protected routes
GET /api/connect-profile/me
POST /api/connect-profile/sessions
GET /api/connect-profile/qr?url={signed_url}
POST /api/connect-profile/claim/{user}
POST /api/connect-profile/connections/{connection}/accept
POST /api/connect-profile/connections/{connection}/reject
DELETE /api/connect-profile/connections/{connection}
Public signed route
GET /api/connect-profile/preview/{user}?expires=...&signature=...
Example flow
- Mobile app calls
POST /api/connect-profile/sessions. - Package returns a signed preview URL.
- App renders the signed URL as a QR code, either locally or through
/api/connect-profile/qr?url=.... - Another device scans the QR and can open the signed preview endpoint.
- Authenticated user calls
POST /api/connect-profile/claim/{user}to create the connection. - Recipient accepts or rejects the connection.
Config
return [
'route_prefix' => 'api/connect-profile',
'route_middleware' => ['api', 'auth:sanctum'],
'public_route_middleware' => ['api', 'signed'],
'me_endpoint' => 'me',
'allowed_attributes' => ['id', 'name', 'email', 'profile_photo_url', 'avatar_url', 'phone', 'bio'],
'default_attributes' => ['id', 'name', 'email', 'profile_photo_url'],
'attribute_map' => [
'profile_photo_url' => 'profile_photo_url',
'avatar_url' => 'avatar_url',
'phone' => 'phone',
'bio' => 'bio',
],
'query_parameter' => 'fields',
'max_attributes' => 10,
'user_model' => App\Models\User::class,
'qr_size' => 300,
'connect_link_expiration_minutes' => 5,
'auto_accept_mutual_connections' => false,
'channels' => ['qr', 'bump', 'manual'],
];
/me examples
GET /api/connect-profile/me
GET /api/connect-profile/me?fields=name,email,profile_photo_url
Connection examples
Create session
POST /api/connect-profile/sessions
Authorization: Bearer {token}
Create QR remotely
GET /api/connect-profile/qr?url=https://example.com/api/connect-profile/preview/5?expires=...&signature=...
Authorization: Bearer {token}
Claim connection
POST /api/connect-profile/claim/5
Authorization: Bearer {token}
Content-Type: application/json
{
"channel": "qr"
}
Accept connection
POST /api/connect-profile/connections/10/accept
Authorization: Bearer {token}
Notes
- The package assumes the host application already authenticates API requests, usually with Sanctum.
preview/{user}is signed and public so QR scans can inspect the target profile before authenticated claiming.- The migration assumes your user table is
usersand primary keys are standard Laravel IDs. - If you want richer public preview fields, add a dedicated preview resource and configuration block.
- For field-level authorization, add a policy-aware resolver in the host app or package extension.