Download the PHP package kango/auth without Composer
On this page you can find all versions of the php package kango/auth. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Package auth
Short Description Multi-vendor authentication package with roles, OTP, email/phone verification (Blade + API). Spatie Permission compatible.
License MIT
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package auth
Kango Auth
Multi-vendor authentication for Laravel 13 — Blade UI, REST API, roles, OTP, and email/phone verification.
Requirements
- PHP
^8.3 - Laravel
^12.0 - laravel/sanctum
^4.0(API tokens) - spatie/laravel-translatable
^6.14(installed automatically with this package)
Features
- Registration, login, logout (web session + API Sanctum tokens)
- Email/password and phone/password (configurable per project)
- OTP via phone or email (login, register, password reset, verification)
- Roles:
super_admin,admin,vendor,vendor_staff,customer,delivery - Enum roles (default,
rolecolumn) or Spatie Permission (role_driver=spatie) - Guest locale switcher on auth pages (
en/ar) - Swappable SMS provider for OTP (
SmsSenderInterface)
Installing the package
From Packagist (recommended)
After the package is published:
From a private Git repository
Add the repository to the host app composer.json, then require the package:
Use a tagged release (e.g. v1.0.0). The @dev constraint is only for local monorepo development.
Host application setup
1. Install Sanctum and run migrations
This creates Sanctum’s personal_access_tokens table (required for API auth).
2. Publish package config (optional)
Available publish tags:
| Tag | Purpose |
|---|---|
kango-auth-config |
config/auth-package.php |
kango-auth-migrations |
Copy migrations into database/migrations (only if you need to customize them) |
kango-auth-views |
Copy Blade views into resources/views/vendor/kango-auth |
By default, migrations and views are loaded from the package — publishing is optional.
3. Users table / migrations
The package registers migrations for:
users(withrole,phone,vendor_id, verification timestamps, soft deletes)auth_package_otpsauth_package_password_reset_tokens
Important: If your Laravel app already has a default
create_users_tablemigration, remove or skip it before runningphp artisan migrateto avoid a duplicateuserstable error. This package owns theusersschema for auth.
Then migrate:
4. User model
Create or update app/Models/User.php:
5. Laravel config/auth.php
Point the user provider at your application model:
6. Environment variables
Add to .env:
7. Middleware (bootstrap/app.php)
Register the verification middleware alias and optional guest redirect:
Protect routes that require a verified user:
8. Clear config cache
Configuration
Main file: config/auth-package.php (merged automatically; publish to override).
| Key | Env | Description |
|---|---|---|
user_model |
AUTH_PACKAGE_USER_MODEL |
Eloquent user class |
role_driver |
AUTH_PACKAGE_ROLE_DRIVER |
enum or spatie |
methods.email_password |
AUTH_PACKAGE_EMAIL_PASSWORD |
Email + password login |
methods.phone_password |
AUTH_PACKAGE_PHONE_PASSWORD |
Phone + password login |
methods.phone_otp |
AUTH_PACKAGE_PHONE_OTP |
Phone OTP flows |
methods.email_otp |
AUTH_PACKAGE_EMAIL_OTP |
Email OTP flows |
verification.email_required |
AUTH_PACKAGE_EMAIL_VERIFICATION_REQUIRED |
Block until email verified |
verification.phone_required |
AUTH_PACKAGE_PHONE_VERIFICATION_REQUIRED |
Block until phone verified |
sms.sender |
AUTH_PACKAGE_SMS_SENDER |
SMS implementation class |
web.prefix |
— | URL prefix for Blade routes (default: auth) |
api.prefix / api.version |
— | API base: /api/v1/... |
Disable web or API routes by setting clients.web / clients.api to false in the published config.
Spatie Permission (optional)
Run Spatie’s migrations and seed roles that match config('auth-package.roles').
API reference
Base URL: /api/v1/auth
Protected routes require Authorization: Bearer {token} (Sanctum).
| Method | Endpoint | Auth |
|---|---|---|
| POST | /register |
Guest |
| POST | /login |
Guest |
| POST | /otp/send |
Guest (throttled) |
| POST | /otp/verify |
Guest |
| POST | /password/forgot |
Guest (throttled) |
| POST | /password/reset |
Guest |
| POST | /logout |
Sanctum |
| POST | /email/send-verification |
Sanctum (throttled) |
| POST | /email/verify |
Sanctum |
| POST | /phone/send-verification |
Sanctum (throttled) |
| POST | /phone/verify |
Sanctum |
| GET | /me |
Sanctum + verified |
JSON responses use the package’s standard success/error envelope.
Web routes
Prefix: /auth (configurable via auth-package.web.prefix).
| Method | Path | Route name | Access |
|---|---|---|---|
| GET | /locale/{locale} |
kango.auth.locale |
Guest |
| GET | /register |
kango.auth.register |
Guest |
| POST | /register |
kango.auth.register.store |
Guest |
| GET | /login |
kango.auth.login |
Guest |
| POST | /login |
— | Guest |
| GET | /password/forgot |
kango.auth.password.forgot |
Guest |
| POST | /password/forgot |
kango.auth.password.forgot.store |
Guest |
| GET | /password/reset/{token} |
kango.auth.password.reset |
Guest |
| POST | /password/reset |
kango.auth.password.reset.store |
Guest |
| GET | /password/reset-phone |
kango.auth.password.reset-phone |
Guest |
| POST | /password/reset-phone |
kango.auth.password.reset-phone.store |
Guest |
| GET | /verify |
kango.auth.verify |
Auth |
| POST | /verify/email |
kango.auth.verify.email |
Auth |
| POST | /verify/phone |
kango.auth.verify.phone |
Auth |
| POST | /verify/email/resend |
kango.auth.verify.email.resend |
Auth |
| POST | /verify/phone/resend |
kango.auth.verify.phone.resend |
Auth |
| GET | /profile |
kango.auth.profile |
Auth + verified |
| POST | /logout |
kango.auth.logout |
Auth |
Role-based redirects after login are configured under auth-package.redirects.roles.
Custom SMS provider
Implement Kango\Auth\Contracts\SmsSenderInterface and register the class:
If unset, OTP codes are written to the log via LogSmsSender (local development only).
Production checklist
- [ ] Package installed via Composer (Packagist or tagged VCS release)
- [ ] Sanctum installed and migrated
- [ ] No duplicate Laravel
usersmigration - [ ]
App\Models\Userextends package base user - [ ]
config/auth.phpprovider usesApp\Models\User - [ ]
.envauth method and verification flags set for your product - [ ]
AUTH_PACKAGE_SMS_SENDERconfigured (do not rely on log driver in production) - [ ]
verifiedmiddleware registered; guest redirect configured if needed - [ ]
php artisan config:cacherun in deployment pipeline after env is set - [ ] HTTPS enabled for session cookies and Sanctum tokens
License
MIT
All versions of auth with dependencies
illuminate/support Version ^11.0|^12.0|^13.0
illuminate/database Version ^11.0|^12.0|^13.0
illuminate/http Version ^11.0|^12.0|^13.0
illuminate/routing Version ^11.0|^12.0|^13.0
illuminate/auth Version ^11.0|^12.0|^13.0
illuminate/notifications Version ^11.0|^12.0|^13.0
spatie/laravel-translatable Version ^6.14