Download the PHP package hamzi/vaultic without Composer

On this page you can find all versions of the php package hamzi/vaultic. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package vaultic

Vaultic

Vaultic is a Laravel package for WebAuthn/Passkeys (FIDO2) with challenge storage, fallback authentication flows, multi-guard support, and web/API-ready response handling.

This v4.X release is optimized for Laravel 13 projects and modern PHP 8.3+ runtimes.

Compatibility

Version Matrix

Vaultic Tag PHP Laravel
v1.0.2 7.1.3+ 5.5-5.8
v1.2.1 7.2.5+ 6.x
v1.3.0 7.2.5+ 7.x
v3.0.1 8.0.2+ 9.x
v3.1.0 8.1+ 10.x
v3.2.1 8.2+ 11.x
v3.3.1 8.2+ 12.x
v4.0.0 8.3+ 13.x

Architecture

Vaultic uses a layered architecture to keep framework glue and business logic separated:

Flow:

Highlights

Installation

Publish package assets:

Laravel package discovery is enabled by default. Manual registration remains available when needed:

Configuration

Vaultic ships with config/vaultic.php.

Vaultic no longer requires package-specific .env entries for the default setup.

By default, Vaultic derives the relying party from your main Laravel application settings (APP_URL, APP_NAME) and uses the default cache store configured in your app:

If your app runs behind Cloudflare, Nginx, or a load balancer, configure Laravel trusted proxies correctly so passkey activity IP addresses are recorded accurately.

Guard configuration lives under auth.guards in config/vaultic.php. Each guard can define:

For modern passkey UX, Vaultic enables discoverable credentials by default and can hint browsers toward:

Browser and Device Coverage

Vaultic follows the WebAuthn/FIDO2 standard and supports platform passkeys (Face ID, Touch ID, Windows Hello), hybrid phone flows, and roaming authenticators (USB/NFC/BLE security keys) when the client browser/device supports them.

In production, always test your own target matrix (OS + browser + authenticator type), because browser vendors may differ in UX details, transport handling, and conditional behavior.

Routes

Vaultic exposes two channels by default:

Rate limiting is applied using your Vaultic config values (rate_limit.attempts, rate_limit.decay_seconds) through Laravel throttle middleware.

All endpoints return JSON, so the package is not tied to any UI stack.

WebAuthn Verifier Contract

Vaultic does not force a specific FIDO2 vendor package. Bind your own verifier implementation:

If no verifier is bound, Vaultic throws a clear runtime exception instead of silently failing.

API Token Issuing

For stateless guards, Vaultic can return token payloads after a successful passkey assertion.

Bind your own issuer:

Or use the included Sanctum-oriented issuer when your authenticatable model exposes createToken():

Successful API authentication responses include a tokens array in the JSON payload.

Blade Integration

Vaultic now ships with publishable Tailwind-ready Blade primitives on top of the JSON endpoints, so you can use the package without building your own JavaScript WebAuthn bridge first.

Passkey Login Button

The default button is compact, Tailwind-based, and intentionally small so you can place it inline in forms, toolbars, modals, or profile screens.

Minimal discoverable login button:

Full-width button inside a card or auth form:

Component usage:

Optional account-scoped login when you still want an identifier field:

Directive usage:

Helper usage:

Passkey Management Panel

Render the Tailwind registration form and linked-passkeys table anywhere inside your authenticated Blade views:

The management panel stays fully Tailwind-based and includes:

Or through the directive/helper APIs:

Both primitives are customizable through props, route overrides, labels, sizes, width control, and by publishing the package views with vaultic-views.

Supported authenticator experiences depend on the browser and device, but Vaultic is configured to work well with:

Frontend Integration

If you prefer a custom client, Vaultic still exposes the raw JSON endpoints for:

Middleware

Use passkey.required for routes that must have a passkey-authenticated session.

Events

Tests

Includes:

Repository Standards

License

vaultic is open-sourced software licensed under the MIT license. See LICENSE for more details.


All versions of vaultic with dependencies

PHP Build Version
Package Version
Requires php Version ^8.3
illuminate/contracts Version ^13.0
illuminate/support Version ^13.0
illuminate/routing Version ^13.0
illuminate/cache Version ^13.0
illuminate/auth Version ^13.0
illuminate/database Version ^13.0
illuminate/events Version ^13.0
illuminate/view Version ^13.0
illuminate/session Version ^13.0
illuminate/http Version ^13.0
illuminate/validation Version ^13.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package hamzi/vaultic contains the following files

Loading the files please wait ...