Download the PHP package hadefication/simple-token-auth without Composer
On this page you can find all versions of the php package hadefication/simple-token-auth. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download hadefication/simple-token-auth
More information about hadefication/simple-token-auth
Files in hadefication/simple-token-auth
Package simple-token-auth
Short Description A lightweight Laravel package for server-to-server API authentication using static bearer tokens. This package provides a simpler alternative to Laravel Sanctum for internal APIs, microservices, and trusted system integrations. Uses spatie/laravel-package-tools package as base.
License MIT
Homepage https://github.com/hadefication/simple-token-auth
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package simple-token-auth
Simple Token Auth
A lightweight, secure, and easy-to-use authentication package for server-to-server communication in Laravel applications. This package provides simple token-based authentication with built-in security features like rate limiting, timing attack protection, and comprehensive logging.
Features
- 🔐 Secure Token Validation: Uses
hash_equals()to prevent timing attacks - 🚀 Multiple Service Support: Named tokens for different services with fallback support
- 🛡️ Rate Limiting: Built-in protection against brute-force attacks
- 📝 Comprehensive Logging: Failed authentication attempts with IP and endpoint tracking
- 🔧 Developer Tools: CLI commands for token generation and configuration inspection
- 🎯 Flexible Headers: Supports both
Authorization: BearerandX-API-Tokenheaders - 🔒 Token Masking: Secure token masking in logs and debug outputs
Installation
You can install the package via Composer:
The package will automatically register its service provider and configuration.
Configuration
Publishing Configuration
Publish the configuration file to customize the package settings:
Environment Variables
Add the following to your .env file:
Configuration File
The config/simple-token-auth.php file contains all configuration options:
Usage
Basic Middleware Usage
Apply the middleware to your routes:
Service-Specific Authentication
Authenticate with a specific service token:
Accessing Service Context
When using service-specific authentication, you can access the authenticated service:
Token Headers
The package supports two header formats:
Developer Tools
Generate Tokens
Generate cryptographically secure tokens:
Example output:
With --save flag:
Adding Generated Tokens to Configuration
After generating a token, you need to manually add it to your configuration:
1. Add to .env file
Copy the generated token and add it to your .env file:
2. Update config file (optional)
If you want to reference the token in your config/simple-token-auth.php file:
3. Clear configuration cache
After updating the configuration, clear the cache:
4. Verify the token
Use the info command to verify your token is properly configured:
Inspect Configuration
View your current token configuration:
Example output:
Security Features
Timing Attack Protection
All token comparisons use hash_equals() to prevent timing attacks, ensuring that comparing valid and invalid tokens takes the same amount of time.
Rate Limiting
The package implements rate limiting to protect against brute-force attacks:
- Configurable Limits: Set maximum attempts and lockout duration
- IP-based Tracking: Uses hashed IP addresses to protect privacy
- Automatic Reset: Rate limits are cleared on successful authentication
Token Masking
Tokens are automatically masked in logs and debug outputs:
- Log Security: Failed authentication attempts log IP and endpoint without exposing tokens
- Debug Safety: Configuration inspection shows masked tokens only
Comprehensive Logging
Failed authentication attempts are logged with:
- IP address of the requester
- Full URL that was accessed
- Timestamp of the attempt
Error Responses
The package returns standardized JSON error responses:
Unauthorized (401)
Too Many Requests (429)
Testing
The package includes comprehensive tests covering:
- Token validation and generation
- Middleware functionality
- Rate limiting behavior
- Security features (timing attacks, token masking)
- Command-line tools
Run the test suite:
Contributing
Please see CONTRIBUTING.md for details.
Security
If you discover any security-related issues, please email [email protected] instead of using the issue tracker.
License
The MIT License (MIT). Please see License File for more information.
All versions of simple-token-auth with dependencies
spatie/laravel-package-tools Version ^1.16
illuminate/contracts Version ^10.0||^11.0||^12.0