README

A Filament plugin to manage Laravel Passport OAuth clients, access tokens, and authorization codes. Ships with default OAuth consent views so Passport works out of the box.

Note: Device flow (Device Authorization grant) requires Laravel Passport v13. All other features work with Passport v12 and v13.

Requirements

• PHP 8.2+
• Filament 4.x or 5.x
• Laravel Passport 12.x or 13.x

Installation

Make sure Laravel Passport is installed and migrated first:

php artisan install:api --passport

Then install the plugin:

composer require webteractive/filament-passport

Register the plugin in your panel provider:

use Webteractive\FilamentPassport\FilamentPassportPlugin;

public function panel(Panel $panel): Panel
{
    return $panel
        // ...
        ->plugins([
            FilamentPassportPlugin::make(),
        ]);
}

Publish the config (optional):

php artisan vendor:publish --tag=filament-passport-config

Authorization Views

This package provides default OAuth consent views so you don't have to build them yourself:

• Authorization — consent screen for OAuth authorization requests (v12 & v13)
• Device Authorization — consent screen for device flow (v13 only)
• Device User Code — form for entering a device code (v13 only)

Customizing Views

Publish the views to your app and edit them:

php artisan vendor:publish --tag=filament-passport-views

This copies the views to resources/views/vendor/filament-passport/ where they take precedence.

Using Your Own Views

You can override individual views via config — set a custom view name or null to skip registration for that view:

// config/filament-passport.php
'views' => [
    'enabled' => true,

    // Set to a custom view name, or null to skip
    'authorization' => 'my-custom-views.authorize',
    'device_authorization' => 'filament-passport::device.authorize',
    'device_user_code' => 'filament-passport::device.user-code',
],

For example, Laravel MCP requires its own authorization view for AI agent OAuth consent. Set authorization to null so this package skips it, then register the MCP view in your AppServiceProvider:

// config/filament-passport.php
'views' => [
    'enabled' => true,

    'authorization' => null, // Let MCP handle this
    'device_authorization' => 'filament-passport::device.authorize',
    'device_user_code' => 'filament-passport::device.user-code',
],

// app/Providers/AppServiceProvider.php
use Laravel\Passport\Passport;

public function boot(): void
{
    Passport::authorizationView(fn ($parameters) => view('mcp.authorize', $parameters));
}

To skip all view bindings entirely:

// config/filament-passport.php
'views' => [
    'enabled' => false,
],

Configuration

Toggle Resources

Disable any resource via config or fluently on the plugin:

// config/filament-passport.php
'resources' => [
    'client'       => ['enabled' => true],
    'access_token' => ['enabled' => true],
    'auth_code'    => ['enabled' => false],
],

// Or in your panel provider
FilamentPassportPlugin::make()
    ->clients()
    ->accessTokens()
    ->authCodes(false),

Navigation

// config/filament-passport.php
'navigation' => [
    'group' => 'OAuth',
    'sort'  => null,
],

Access Control

The plugin checks authorization in this order:

1. Gate — if a viewFilamentPassport gate is defined, it is used.
2. Callback — a closure passed via canAccess().
3. Default — open access (returns true).

// Gate
Gate::define('viewFilamentPassport', fn ($user) => $user->isAdmin());

// Or callback
FilamentPassportPlugin::make()
    ->canAccess(fn () => auth()->user()->isAdmin()),

Supported Grant Profiles

Testing

composer test

License

MIT. See LICENSE for details.