Skip to content
Vendidit Auth

auth-server-laravel quickstart

See also Laravel quickstart for the role-oriented walkthrough.

Install

Terminal window
composer require vendidit/auth-server-laravel
php artisan vendor:publish --tag=vauth-config

Env

AUTH_SERVER_URL=https://auth.vendidit.com
JWT_ACCESS_SECRET=<shared with auth-server>
AUTH_APP_CODE=marketplace-buyer

Configure the guard

config/auth.php:

'defaults' => ['guard' => 'web'],
'guards' => [
    'web' => ['driver' => 'vendidit-jwt', 'provider' => 'users'],
],
'providers' => [
    'users' => [
        'driver' => 'vendidit',
        'model'  => \App\Models\User::class, // omit for Pattern A (stateless)
    ],
],

Add the trait (Pattern B)

use Vendidit\AuthServer\Laravel\Concerns\HasVenAuth;


class User extends Authenticatable
{
    use HasVenAuth;


    // Your normal Eloquent setup …
}

If you’re on Pattern A (no local users table), skip the trait and just use auth()->user() — it returns a VenAuthUser.

Protect routes

Route::middleware('vauth')->group(function () {
    Route::get('/me', fn() => auth()->user());
    Route::post('/me/password', [PasswordController::class, 'change']);


    Route::middleware('vauth.role:org_admin,system_admin')->group(function () {
        Route::get('/admin/users', [AdminController::class, 'index']);
        Route::post('/admin/invite', [AdminController::class, 'invite']);
    });


    Route::middleware('vauth.permission:listings:create')
        ->post('/listings', [ListingController::class, 'store']);


    Route::middleware(['vauth', 'vauth.app:marketplace-buyer'])
        ->get('/buyer-only', BuyerController::class);
});

Use the facade

use Vendidit\AuthServer\Laravel\Facades\VenAuth;


if (VenAuth::hasPermission('listings:edit')) {
    // …
}


if (VenAuth::isImpersonating()) {
    Log::warning('action.taken_while_impersonated', ['by' => VenAuth::user()->id]);
}

Register permissions on boot

Add to app/Providers/AppServiceProvider.php:

public function boot(): void
{
    if ($this->app->runningInConsole() && !$this->app->runningUnitTests()) {
        // Register on artisan first-boot only
        return;
    }


    app(\Vendidit\AuthServer\Flows::class)->registerPermissions(
        token: VenAuth::serviceToken(),
        manifest: [
            'service' => 'orders',
            'permissions' => [
                ['code' => 'orders:read',   'resource' => 'orders', 'action' => 'read',   'name' => 'Read orders'],
                ['code' => 'orders:create', 'resource' => 'orders', 'action' => 'create', 'name' => 'Create order'],
            ],
        ],
    );
}