narakode/fineauth

There is no license information available for the latest version (v0.0.5) of this package.

A simple authentication package for Laravel REST APIs.

Maintainers

Package info

github.com/narakode/fineauth

pkg:composer/narakode/fineauth

Transparency log

Statistics

Installs: 3

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 0

v0.0.5 2026-07-04 07:39 UTC

This package is not auto-updated.

Last update: 2026-07-04 07:41:09 UTC


README

A simple authentication package for Laravel REST APIs.

Features

  • Login
  • Access Tokens
  • Refresh Tokens
  • Current Authenticated User

Requirements

  • PHP ^8.3
  • Laravel ^13
  • Laravel Sanctum ^4.3

Installation

Install the package:

composer require narakode/fineauth

Publish the package configuration:

php artisan vendor:publish --provider="Narakode\FineAuth\FineAuthServiceProvider"

This package requires Laravel Sanctum. If you haven't installed it yet, run:

php artisan install:api

Add the HasApiTokens and HasRefreshTokens traits to your User model.

use Illuminate\Foundation\Auth\User as Authenticatable;
use Laravel\Sanctum\HasApiTokens;
use Narakode\FineAuth\HasRefreshTokens;

class User extends Authenticatable
{
    use HasApiTokens, HasRefreshTokens;
}

Usage

Register the authentication routes in your routes file (for example, routes/api.php):

use Narakode\FineAuth\FineAuth;

FineAuth::routes();

You can verify that the routes have been registered by listing your application's routes:

php artisan route:list

# Example:
# POST  api/login

Endpoints

Login

The POST /login endpoint requires the following request parameters:

  • email
  • password

The package uses Laravel's authentication system to validate the provided credentials.

If the credentials are invalid, it returns a 401 Unauthorized response:

{
    "message": "The provided credentials do not match our records."
}

If authentication succeeds, it returns a 200 OK response:

{
    "access_token": "xxxx",
    "user": {
        "id": "xxx",
        "name": "xxx",
        "email": "xxx"
    }
}

A refresh token is also returned as an HTTP cookie named refresh_token with the following attributes:

  • Expires in 1 hour
  • HttpOnly
  • Secure
  • SameSite

Current User

The GET /me endpoint returns the authenticated user associated with the provided access token.

Provide the access token in the Authorization header using the following format:

Authorization: Bearer <access_token>

If the access token is valid, the response will be:

{
    "user": {
        "id": "xxx",
        "name": "xxx",
        "email": "xxx"
    }
}

If the access token is missing or invalid, the endpoint returns a 401 Unauthorized response.

Get Current User

The GET /me endpoint returns the authenticated user associated with the provided access token.

If the access token is valid, the response will be:

{
    "user": {
        "id": "xxx",
        "name": "xxx",
        "email": "xxx"
    }
}

If the access token is missing or invalid, the endpoint returns a 401 Unauthorized response.

Refresh Token

The POST /refresh-token endpoint returns a new access token and the authenticated user using the refresh token stored in a cookie.

If the cookie is exists and has not expired, the response is the same as login. Otherwise, the endpoint returns 401 Unauthorized.