SP JWT Auth PackageJWT Authentication Package for Laravel

A modular Laravel package for first-party JWT auth, account security, API keys, external identity, and optional OAuth server mode.

Core JWT

Laravel sp-jwt guard, signed access tokens, persisted jti rows, opaque rotating refresh tokens, scopes, claims, and revocation.

MFA challenge broker, hashed OTP codes, email verification tokens, and password reset tokens with app-owned delivery.

Scoped API keys with public-id lookup, hashed secret validation, rotation, revocation, and middleware.

Socialite/OIDC-style identity normalization and storage while apps own account linking policy.

Optional third-party OAuth clients, authorization-code + PKCE, client credentials, refresh tokens, introspection, and resource middleware.

Lifecycle events and hook points for app audit logging, policy checks, and custom token context rules.