README

Low-level auth primitives for Nawasara packages. Lives below the application shell (nawasara/core) so any domain package can depend on it without pulling in the rest of Nawasara.

What's in the box

What's NOT in here

The OTP step-up itself (IdP redirect, callback, ID-token verification) is not in this package. It lives in nawasara/core's SudoController, which calls Sudo::confirm($userId) on a verified step-up. This split lets domain packages enforce a sudo window without depending on the integration plumbing.

Usage

Route-level

Route::get('db/drop/{name}', ...)->middleware(['auth', 'sudo']);

The sudo alias is registered automatically by AuthPrimitivesServiceProvider.

Livewire action-level

use Livewire\Component;
use Nawasara\AuthPrimitives\Attributes\RequiresSudo;
use Nawasara\AuthPrimitives\Traits\WithSudo;

class DangerousThings extends Component
{
    use WithSudo;

    #[RequiresSudo(reason: 'menghapus database')]
    public function dropDatabase(string $name): void
    {
        // …only runs inside an active sudo window
    }
}

Blade display

@if (sudo_active())
    <button wire:click="dropDatabase">Hapus</button>
@else
    <button wire:click="$dispatch('sudo-required')">Hapus (butuh konfirmasi)</button>
@endif

Config

Defaults are bundled. Publish to override:

php artisan vendor:publish --tag=auth-primitives:config

// config/auth-primitives.php
return [
    'sudo' => [
        'window_minutes' => env('NAWASARA_SUDO_WINDOW_MINUTES', 15),
        'acr' => env('NAWASARA_SUDO_ACR', 'sudo'),
    ],
];

License

MIT.