Laravel quickstart

The 80% case in under 30 lines of code.

Prerequisites

• An app registered in the auth-server. See App registration.
• The shared JWT_ACCESS_SECRET.
• Laravel 11+.

Install

composer require vendidit/auth-server-laravel
php artisan vendor:publish --tag=vauth-config

Configure

.env:

AUTH_SERVER_URL=https://auth.vendidit.com
JWT_ACCESS_SECRET=<shared with auth-server>
AUTH_APP_CODE=marketplace-buyer

config/auth.php:

'defaults' => ['guard' => 'web'],
'guards'   => ['web' => ['driver' => 'vendidit-jwt', 'provider' => 'users']],
'providers'=> [
    'users' => [
        'driver' => 'vendidit',
        'model'  => \App\Models\User::class, // optional — for Pattern B
    ],
],

Drop the trait on your User model:

use Vendidit\AuthServer\Laravel\Concerns\HasVenAuth;

class User extends Authenticatable
{
    use HasVenAuth;
}

Protect routes

// routes/web.php (or api.php)
Route::middleware('vauth')->group(function () {
    Route::get('/me', fn() => auth()->user());

    Route::middleware('vauth.role:org_admin,system_admin')
        ->get('/admin/users', AdminUsersController::class);

    Route::middleware('vauth.permission:listings:create')
        ->post('/listings', CreateListingController::class);
});

Use the facade

use Vendidit\AuthServer\Laravel\Facades\VenAuth;

$user = VenAuth::user();
$canEdit = VenAuth::hasPermission('listings:edit');
$isInOrg = VenAuth::hasOrg($orgId);

Blade directives

@vauth
    <a href="/profile">Profile</a>
@endvauth

@vrole('org_admin')
    <a href="/admin">Admin</a>
@endvrole

@vperm('listings:create')
    <button>New listing</button>
@endvperm

Next reads

• auth-server-laravel Overview — middleware aliases, directive list, trait surface.
• auth-server-laravel How it works — guard wiring, user provider, error mapping.
• auth-server-php Overview — the core the Laravel adapter wraps.