Auth Module
The Auth module handles everything related to user identity: email/password login, registration, password reset, email verification, OAuth via Google and GitHub, and admin impersonation. It is the foundation that all other modules depend on.
What you get
- Login and registration — standard email/password flows with rate limiting (5 attempts before a temporary lockout)
- Password reset — token-based email reset flow
- Email verification — signed links; users can request a resend from the prompt page
- Social login (OAuth) — Google and GitHub via Laravel Socialite. Guests can log in or register; authenticated users can link additional providers to their account
- Provider disconnect protection — a user cannot disconnect their only login method (no password + one social account)
- Admin panel — Filament resource at
/adminto list, create, view, and edit users - User impersonation — admins can impersonate any user from the admin panel; up to 3 recently impersonated users are shown for quick switching
Installation
composer require saucebase/auth
composer dump-autoload
php artisan module:enable Auth
php artisan module:migrate Auth --seed
npm run build
Docker:
composer require saucebase/auth && composer dump-autoload
docker compose exec workspace php artisan module:enable Auth
docker compose exec workspace php artisan module:migrate Auth --seed
npm run build
Add the Sociable trait to your User model
This step is required for social login and the Settings module's provider display to work:
use Modules\Auth\Traits\Sociable;
class User extends Authenticatable
{
use Sociable;
}
The trait adds socialAccounts(), connected_providers, and the disconnect helper to your User model.
Configuration
Default admin credentials
The seeder creates a default admin account:
- Email:
chef@saucebase.dev - Password:
secretsauce
Change these before going to production.
OAuth (optional)
Social login works out of the box once you set the credentials. Add to .env:
GOOGLE_CLIENT_ID=your-client-id.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=your-client-secret
GOOGLE_CLIENT_REDIRECT_URI=/auth/socialite/google/callback
GITHUB_CLIENT_ID=your-client-id
GITHUB_CLIENT_SECRET=your-client-secret
GITHUB_CLIENT_REDIRECT_URI=/auth/socialite/github/callback
Create OAuth apps here:
- Google — Google Cloud Console → APIs & Services → Credentials
- GitHub — GitHub Developer Settings → OAuth Apps
The redirect URI to register in each provider's dashboard is /auth/socialite/{provider}/callback (relative to your app URL).
When a user registers via OAuth (Google or GitHub), their email is automatically marked as verified and a random password is assigned. This means they have no usable password — if they ever want to switch to email/password login, they must go through Forgot password to set one. Keep this in mind when handling support requests from social-login users.
Admin panel
The Filament admin panel at /admin provides a Users resource to list, create, view, and edit users.
Single role per user: The role selector in the admin panel is limited to one selection per user. While the underlying Spatie permission system supports multiple roles, the admin UI enforces a single role at a time when editing a user.
Impersonation
Start impersonation from the Users table in the Filament admin panel (/admin). A floating alert appears on screen with a "Stop impersonating" button and links to recently impersonated users. The session remembers the last 4 users; up to 3 are shown.
See the Impersonation guide for full details.
Testing
php artisan test --testsuite=Modules --filter=Auth
npx playwright test --project="@Auth [Desktop Chrome]"