cboxdk / laravel-id
cboxdk/laravel-id: a Laravel-native auth and identity framework. AuthN, SSO/SAML, SCIM, OAuth/OIDC provider, RBAC, billing-fed entitlements, tamper-evident audit.
Requires
- php: ^8.4
- ext-openssl: *
- ext-sodium: *
- cboxdk/laravel-siem: ^0.1
- cboxdk/laravel-ssrf: ^1.0
- cboxdk/license: ^0.1
- cboxdk/siem: ^0.1
- firebase/php-jwt: ^7.0
- illuminate/auth: ^12.0 || ^13.0
- illuminate/contracts: ^12.0 || ^13.0
- illuminate/database: ^12.0 || ^13.0
- illuminate/support: ^12.0 || ^13.0
- onelogin/php-saml: ^4.0
- robrichards/xmlseclibs: ^3.1.5
- spomky-labs/cbor-php: ^3.0
Requires (Dev)
- larastan/larastan: ^3.0
- laravel/pint: ^1.18
- orchestra/testbench: ^10.0 || ^11.0
- pestphp/pest: ^3.5 || ^4.0
This package is auto-updated.
Last update: 2026-07-18 14:19:36 UTC
README
cboxdk/laravel-id is a Laravel-native auth and identity framework. Central login,
enterprise SSO, directory sync, RBAC, billing-driven entitlements and a tamper-evident audit
trail: all interface-driven, deny-by-default, and verified (tests + PHPStan level max +
composer audit) before it ships.
UI-free and domain-free: every capability sits behind a contract you bind, mock, extend or replace.
Install
composer require cboxdk/laravel-id php -r "echo base64_encode(random_bytes(32)).PHP_EOL;" # set as CBOX_ID_CRYPTO_KEY php artisan migrate
A taste
use Cbox\Id\Organization\Contracts\Organizations; use Cbox\Id\Organization\ValueObjects\NewOrganization; use Cbox\Id\Identity\Contracts\Subjects; $org = app(Organizations::class)->create(new NewOrganization('Northwind', 'northwind')); $user = app(Subjects::class)->create('ida@northwind.test', 'Ida', password: 's3cret');
Environments first.
Organization,Userand the other domain models are environment-owned and deny-by-default — the calls above need an environment in context (a request resolves one from its host, or setcbox-id.environments.default; the deployable app creates the first one from its operator console). See Environments & the isolation model.
Modules
| Layer | Modules |
|---|---|
| Kernels | Tenancy · Crypto · Audit · Events · Authorization |
| Domain | Organization · Identity · AccessControl · Directory (SCIM) · Federation (SSO) · OAuthServer (OAuth 2.0 / OIDC provider) · Webhooks · AuditQuery |
| HTTP & ops | Api (OAuth/OIDC/SCIM endpoints) · Platform (control-plane operators) · Console (cbox-id:install / cbox-id:doctor) |
Documentation
Full docs live in docs/:
- Requirements · Installation · Quickstart
- Architecture & patterns
- Cookbook
- Extending & customizing
- Testing
- Security ·
SECURITY.md - Standards & conformance — RFCs implemented (OAuth/OIDC/SCIM/SAML/MCP)
- Compliance mapping — SOC 2 / ISO 27001 / NIS2 / GDPR / HIPAA / PCI-DSS · Threat model
License
MIT. Published on Packagist as a pre-1.0 (0.x) release — installable via composer require cboxdk/laravel-id; the API may still shift before 1.0.