Tutorials

Step-by-step examples for common auth patterns using sopheak/sp-jwt-auth.

• Auth Controller Example — full controller with register, login, logout, refresh, password reset
• Login with MFA — OTP challenge flow with token issuance after verification
• Email Verification During Registration — verify before issuing tokens
• API Key Client Usage — create and use scoped API keys
• OAuth Server — Authorization Code + PKCE — full OAuth authorization code flow for third-party apps
• OAuth Server — Client Credentials — machine-to-machine OAuth grant for service integrations
• External Identity — Social Login — social login with Google/GitHub using ExternalIdentity + Socialite
• Testing — PHPUnit tests for auth endpoints
• SPA and Mobile Integration — token storage, refresh, logout for first-party clients
• Migration from Sanctum or Passport — switch existing apps to sp-jwt-auth
• Tenant Isolation — multi-tenant auth with subject and claims