seatplus / auth
SeAT plus package that handles authentication agnostic to SeAT plus usage as pure API or Web
Maintainers
Requires
- php: ^8.5
- laravel/framework: ^13.0
- laravel/socialite: ^5.0
- seatplus/eveapi: ^4.1.4
- socialiteproviders/eveonline: ^4.0
- spatie/laravel-permission: ^6.10
Requires (Dev)
- driftingly/rector-laravel: ^2.0
- larastan/larastan: ^3.0
- laravel/pint: ^1.9
- nunomaduro/collision: ^8.1
- orchestra/testbench: ^11.0
- pestphp/pest: ^4.0
- pestphp/pest-plugin-laravel: ^4.1
- pestphp/pest-plugin-type-coverage: ^4.0
- phpstan/phpstan: ^2.0
- rector/rector: ^2.0
This package is auto-updated.
Last update: 2026-06-19 14:02:36 UTC
README
Handles authentication, authorisation, and SSO scope compliance for the seatplus EVE Online management platform. This is the core package — seatplus/eveapi and seatplus/web both depend on it.
Overview
Role system
Four role types with distinct membership and permission semantics:
| Type | Membership | Use case |
|---|---|---|
automatic |
Auto-assigned when a character belongs to a configured corporation or alliance | Fleet / alliance access |
on-request |
User applies, moderator approves or denies | Corp-specific elevated access |
manual |
Admin explicitly adds / removes individual users | One-off grants |
opt-in |
User self-joins if they meet the criteria | Opt-in programmes |
Affiliation system
Every role has Affiliation records that define permission scope (which EVE entities the role holder can access data for), not membership. Three types:
allowed— these corporations / alliances / characters are in scopeinverse— everyone except these is in scopeforbidden— always excluded, overridesallowed/inverse
SSO scope compliance
IsUserCompliantService checks whether every character owned by a user has all required OAuth scopes. Required scopes are aggregated from global settings, corporation-level SsoScopes records, and alliance-level records. Non-compliant users have their role memberships set to inactive automatically on the next handleMembers() call.
Permission checking
CanUserService::check() runs a Laravel Pipeline to validate a set of EVE entity IDs against a user's permissions. The pipeline strips IDs the user owns, IDs covered by in-game corporation roles (e.g. Director), and IDs covered by Spatie permissions. Any remaining IDs are denied. The superuser permission bypasses all checks.
Installation
composer require seatplus/auth
Publish and run migrations:
php artisan vendor:publish --provider="Seatplus\Auth\AuthServiceProvider"
php artisan migrate
Usage
Add OAuth scopes to a character
By default the minimal scopes are requested. To step up a character to additional scopes, redirect to:
/eve/sso/{character_id}/step_up?add_scopes=esi-skills.read_skills.v1,esi-wallet.read_character_wallet.v1
Check permissions
use Seatplus\Auth\Services\Dtos\ValidateIdsDTO; use Seatplus\Auth\Services\CanUserService; $dto = ValidateIdsDTO::make(entity_ids: [12345678], user: $user); CanUserService::check($user, $dto, permissions: ['view member tracking']);
Development
Requirements
- PHP 8.3+
- PostgreSQL (user
seatplus, passwordsecret, databaselaravel@127.0.0.1:5432) - Redis @
127.0.0.1:6379
Running the test suite
composer run test # lint + PHPStan + type-coverage + unit tests composer run test:unit # unit tests only composer run test:lint # Pint formatting check composer run lint # auto-fix formatting with Pint composer run test:types # PHPStan static analysis composer run test:type-coverage # 100% type coverage check