n3xt0r / laravel-passport-authorization-core
Domain-oriented authorization core for Laravel Passport, providing structured scope and permission modeling without UI or OAuth flow implementation.
Fund package maintenance!
Ilya Beliaev
Installs: 319
Dependents: 1
Suggesters: 0
Security: 0
Stars: 0
Watchers: 0
Forks: 0
Open Issues: 0
pkg:composer/n3xt0r/laravel-passport-authorization-core
Requires
- php: ^8.4
- illuminate/contracts: ^12.0
- laravel/passport: ^13.0
- spatie/laravel-activitylog: ^4.0
- spatie/laravel-package-tools: ^1.16
Requires (Dev)
- brianium/paratest: ^7.16
- laravel/pint: ^1.14
- nunomaduro/collision: ^8.8
- orchestra/testbench: ^10.0.0
- phpunit/phpunit: ^12.5
Suggests
- n3xt0r/laravel-passport-modern-scopes: Enhance scope management with modern features.
This package is auto-updated.
Last update: 2026-01-13 20:24:26 UTC
README
Overview
Laravel Passport Authorization Core provides a domain model and use cases for structured access control on top of Laravel Passport.
Instead of implicit authorization scattered across your codebase, it offers an explicit permission model: **resources ** (user, invoice, report) + actions (read, create, delete) stored in the database as queryable facts. You implement enforcement however you need—middleware, policies, guards, custom logic.
Single source of truth. No opinions about how you validate.
The Problem
Without This Package
- Scopes are undocumented strings with no structure
- Permissions defined in code, config, and middleware—scattered
- No way to query "what can this client do?"
- Manual governance, impossible to audit
- Example: Dropbox integration created via CLI, permissions unclear, no visibility
With This Package
- Permissions stored as
resource:actionin the database - Single, queryable source of truth
- Clear what each client/user can do
- Full audit trail, systematic governance
- Example: Same client, explicit permissions visible in UI, queryable via code, revokable with confidence
How It Works
- Define Resources and Actions
- Query & manage Grants via Use Cases
- Implement enforcement in your app (middleware, policies, etc.)
Resources: Entities needing permission control (user, invoice, report, etc.)
Actions: Operations you control. Global (list, read, create, update, delete) or resource-specific
(export, approve).
Grants: Permissions assigned to any OAuthenticatable entity (User, Client, ServiceAccount, or custom).
- Polymorphic: who has the permission?
resource_id+action_id: which permission?context_client_id(optional): in context of which client?
Use Cases: Encapsulated business logic to manage permissions (see Usecase Overview).
What This Package Does
- Domain model for structured access control
- Use cases for managing permissions
- Polymorphic grant storage (User, Client, ServiceAccount, custom entities)
- Single source of truth for permissions
- Support for custom Passport models
What This Package Does NOT Do
- Enforce permissions (you implement that)
- Implement OAuth flows
- Modify Passport internals
- Assume your application architecture
- Provide UI or middleware
Requirements
- PHP ^8.4
- Laravel ^12
- Laravel Passport ^13
Installation
composer require n3xt0r/laravel-passport-authorization-core php artisan vendor:publish --tag=passport-authorization-core-config
Documentation
- Usage – Working with resources, actions, and use cases
- Usecase Overview – Complete reference of available use cases
- Configuration – Custom Passport models, extensibility
Audit & Compliance
- Permissions are explicit database facts, not implicit configuration
- Authorization context is deterministic and queryable
- Full audit trail via activity logging
- Supports auditability requirements commonly found in ISO 27001–aligned systems.
Relationship to Filament Passport UI
This package is the domain core for Filament Passport UI:
- Core: domain model + use cases
- Filament UI: admin interface for managing permissions
- Independent evolution with stable boundary
Status
Actively developed. Feedback and contributions welcome.