n3xt0r / filament-passport-ui
Filament v4 admin resources for managing Laravel Passport OAuth2 clients, tokens, and scopes with full auditability.
Fund package maintenance!
N3XT0R
Installs: 44
Dependents: 0
Suggesters: 0
Security: 0
Stars: 5
Watchers: 1
Forks: 1
pkg:composer/n3xt0r/filament-passport-ui
Requires
- php: ^8.4
- filament/filament: ^4.0
- n3xt0r/laravel-passport-authorization-core: ^1.0
- n3xt0r/laravel-passport-modern-scopes: ^2.0
- spatie/laravel-package-tools: ^1.15.0
Requires (Dev)
- brianium/paratest: ^7.16
- larastan/larastan: ^3.0
- laravel/pint: ^1.0
- nunomaduro/collision: ^8.0
- orchestra/testbench: ^10.0
- phpstan/extension-installer: ^1.1
- phpstan/phpstan-deprecation-rules: ^2.0
- phpstan/phpstan-phpunit: ^2.0
- phpunit/phpunit: ^12.5
- rector/rector: ^2.0
- spatie/laravel-ray: ^1.26
- dev-main
- 2.1.0
- 2.0.0
- 1.0.0
- 1.0.0-beta.3
- 1.0.0-beta.2
- 1.0.0-beta.1
- dev-develop
- dev-tests/new-feature-tests
- dev-codex/write-integration-tests-for-clientresource-f7yq3y
- dev-codex/write-integration-tests-for-token-class
- dev-codex/write-integration-tests-for-traits-class
- dev-codex/write-integration-tests-for-clientresource
- dev-codex/extend-tests-for-builder-class
- dev-feature/user-permission
This package is auto-updated.
Last update: 2026-01-18 12:21:38 UTC
README
Filament Passport UI provides a structured administrative interface for managing Laravel Passport OAuth resources using Filament v4.
This package focuses on administration, visibility, and governance not on implementing or enforcing OAuth flows.
Designed for applications that already rely on Filament as their primary admin panel and need to manage OAuth clients, tokens, scopes, and authorization concepts in a centralized, reviewable way without custom tooling or CLI workflows.
Overview
Filament Passport UI adds an administration layer on top of Laravel Passport:
- Manage OAuth clients explicitly by grant type (authorization code, client credentials, password, personal access, implicit, device)
- View and revoke access tokens with full visibility into state and expiration
- Model scopes as structured
resource:actionpairs instead of free-form strings - Track grants and authorization relationships centrally
- Make all authorization decisions explicit and auditable
Important: Passport itself is not modified. This package operates entirely at the application and UI level.
Features
Central Management
- Filter and manage OAuth clients by grant type
- Enable or revoke clients via UI
- Structure scopes (not ad-hoc strings)
- Full visibility into authorization state
- Explicit client-level and user-level scope assignment
- Enforce Least Privilege: user scopes are always a strict subset of client scopes
Filament v4 Integration
- Native Filament Resources and Pages
- Consistent UX aligned with Filament conventions
- Multi-step wizard for client creation with contextual steps based on grant type
- No custom panels required
Auditability & Compliance
- All administrative actions recorded via
spatie/laravel-activitylog - Full traceability of OAuth configuration changes
- Supports compliance requirements (e.g. ISO/IEC 27001)
- Audit logs remain application-owned
Note: Certification is organization-specific. This package enables auditability but does not constitute compliance by itself.
Design Principles
- No modifications to Passport internals
- No assumptions about application architecture
- Authorization logic remains the responsibility of the application
- All administrative actions are explicit and reviewable
What This Package Does NOT Do
- Implement OAuth flows
- Replace Passport
- Enforce authorization decisions at runtime
- Infer application-specific security rules
Authorization logic is the responsibility of the application and its developers.
Why This Exists
Laravel Passport is standards-compliant but intentionally stays neutral on administration and governance. In real-world applications, this often results in:
- OAuth clients created via CLI and never revisited
- Scopes defined ad-hoc without structure
- No central visibility of active tokens
- Unclear ownership of integrations across teams
Filament Passport UI solves this by providing:
- Central visibility into OAuth configuration
- Structured scope modeling (resource:action)
- Explicit administrative workflows
- Single point of review and governance
Essential for systems with multiple integrations or teams managing OAuth access.
Requirements
- PHP ^8.4
- Laravel ^12
- Laravel Passport ^13
- Filament v4
Installation
composer require n3xt0r/filament-passport-ui php artisan filament-passport-ui:install
If your application uses custom Passport models, publish the configuration file and adjust model mappings accordingly.
Architecture
The package maintains strict separation of concerns:
- Domain Logic: Laravel Passport Authorization Core (scope and grant modeling, authorization context resolution)
- UI Layer: Filament Passport UI (administration interface, visibility, governance)
The API remains stable while authorization logic evolves in the core package.
Migration to v2
Starting with v2, Filament Passport UI uses the Laravel Passport Authorization Core package.
Database schema and optional configuration are managed by the core package and not published automatically.
See Migration to v2 for detailed instructions.
Development & Testing
composer install composer test # Run tests composer serve # Start local dev server
Access admin at http://localhost:8000/admin
Login: test@example.com / password
Documentation & Status
- Docs: Full Documentation
- Status: Actively developed. Feedback and discussion welcome on GitHub