Antirius Auth Cloud for Laravel

Composer package for Laravel 10/11: messenger login at /login, phone-only matching, Composer registry on your Auth Cloud host.

⬇ Download module ZIP

Version 1.0.0

Laravel 10/11, PHP 8.1+ with openssl

What the package does

Registers /login with the Auth Cloud widget when the module is enabled.
composer require from https://id.antirius.com/composer/ or install from ZIP.
JWT (RS256) verification via JWKS — no shared secrets on your server.
Matches users by users.phone only; optional auto-create on first login.
Settings UI at /admin/antirius-auth-cloud (base URL, app_id, enable, roles).
Admin must bind phone via widget before enabling the module.
Password fallback link on messenger screen on by default; direct /login?abc_bypass=1 always works.

Before installation

1. Sign in to the Auth Cloud cabinet and create an application.

2. Connect at least one messenger bot (Telegram, WhatsApp or MAX).

3. Add your site origin (e.g. https://yoursite.com) to allowed domains.

4. Copy the application _id — Application ID in Laravel settings.

Installation via Composer

1. Add the Antirius repository to composer.json: "repositories": [{ "type": "composer", "url": "https://id.antirius.com/composer/" }].

2. Run: composer require antirius/laravel-auth-cloud

3. Run: php artisan vendor:publish --tag=antirius-auth-cloud-config && php artisan migrate

4. Open /admin/antirius-auth-cloud, bind admin phone, enable the module.

Configuration

1. Web form at /admin/antirius-auth-cloud or .env: AUTH_CLOUD_BASE_URL, AUTH_CLOUD_APP_ID, AUTH_CLOUD_ENABLED.

2. Bind administrator phone before AUTH_CLOUD_ENABLED=true.

3. Optional: AUTH_CLOUD_AUTO_CREATE, AUTH_CLOUD_DEFAULT_ROLE, AUTH_CLOUD_HIDE_PASSWORD_FALLBACK.

Settings reference

Setting	Description
Auth Cloud URL	Base URL (API, JWKS, default widget.js).
Application ID	Application _id from the cabinet.
Widget script URL	Optional; default {base_url}/widget.js.
Enable module	Replace /login with the widget.
Auto-create users	Create a user if no match by phone.
Default role	Role name for new users (if using a roles package).
Hide password fallback	Opt-out: hide link on messenger screen only.

How it works

1. Guest opens /login → widget AuthBotsWidget.init.

2. User confirms in messenger; browser POSTs session_id to /antirius-auth-cloud/callback.

3. Package fetches session, verifies JWT via JWKS, finds user by phone, Auth::login().

4. Redirect to intended URL or AUTH_CLOUD post-login path.

Emergency password login

Link on messenger screen by default, or open directly:

https://yoursite.com/login?abc_bypass=1

Hide only the on-screen link in module settings; the URL above still works.

Security

JWT verified with JWKS (RS256); app_id in token must match Application ID. CSRF on callback. No cloud secrets stored in Laravel.

Requirements

Laravel 10 or 11, PHP 8.1+ with openssl.
Outbound HTTPS to Base URL.
Site origin in application allowed domains.

← Documentation

Composer repository

Your Auth Cloud instance serves packages.json at /composer/. After deploy, composer require resolves the zip from /download/antirius-auth-cloud-laravel.zip with a matching shasum.

https://id.antirius.com/composer/

Installation from ZIP

1. Download antirius-auth-cloud-laravel.zip (button above).

2. Unpack into your project or add as a path repository, then composer dump-autoload.

3. Publish config and migrate as above.