Skip to content
ByteAuth

Configuration

Configuration

Section titled “Configuration”

The ByteAuth Laravel SDK is configured through the config/byteauth.php file and environment variables.

Configuration File

Section titled “Configuration File”

After publishing the config, you’ll find config/byteauth.php:

<?php


return [
    /*
    |--------------------------------------------------------------------------
    | Domain Registration
    |--------------------------------------------------------------------------
    |
    | The domain registered with ByteAuth. This must match exactly what
    | users see when they scan the QR code in ByteVault.
    |
    */
    'domain' => env('BYTEAUTH_DOMAIN_REGISTERED', 'localhost'),


    /*
    |--------------------------------------------------------------------------
    | API Key
    |--------------------------------------------------------------------------
    |
    | Your ByteAuth API key from the developer portal.
    |
    */
    'api_key' => env('BYTEAUTH_API_KEY'),


    /*
    |--------------------------------------------------------------------------
    | Webhook Secret
    |--------------------------------------------------------------------------
    |
    | Secret used to verify webhook signatures. This ensures webhooks
    | actually come from ByteAuth.
    |
    */
    'webhook_secret' => env('BYTEAUTH_WEBHOOK_SECRET'),


    /*
    |--------------------------------------------------------------------------
    | Session Configuration
    |--------------------------------------------------------------------------
    */
    'session' => [
        // Session lifetime in minutes
        'lifetime' => env('BYTEAUTH_SESSION_LIFETIME', 60),


        // Session driver (database, redis, etc.)
        'driver' => env('BYTEAUTH_SESSION_DRIVER', 'database'),
    ],


    /*
    |--------------------------------------------------------------------------
    | Challenge Configuration
    |--------------------------------------------------------------------------
    */
    'challenge' => [
        // Challenge validity in seconds (default: 30)
        'lifetime' => 30,


        // Challenge refresh interval for QR code (client-side)
        'refresh_interval' => 30,
    ],


    /*
    |--------------------------------------------------------------------------
    | User Model
    |--------------------------------------------------------------------------
    |
    | The Eloquent model used for users. ByteAuth will create/find users
    | using this model.
    |
    */
    'user_model' => App\Models\User::class,


    /*
    |--------------------------------------------------------------------------
    | Callbacks
    |--------------------------------------------------------------------------
    |
    | Custom callback classes for authentication events.
    |
    */
    'callbacks' => [
        'on_register' => null, // e.g., App\ByteAuth\OnRegister::class
        'on_login' => null,    // e.g., App\ByteAuth\OnLogin::class
    ],


    /*
    |--------------------------------------------------------------------------
    | Routes
    |--------------------------------------------------------------------------
    |
    | Customize the route paths for ByteAuth endpoints.
    |
    */
    'routes' => [
        'webhook_registration' => '/webhook/registration',
        'webhook_login' => '/webhook/login',
        'check' => '/api/check',
    ],


    /*
    |--------------------------------------------------------------------------
    | Redirect URLs
    |--------------------------------------------------------------------------
    */
    'redirects' => [
        'after_login' => '/dashboard',
        'after_register' => '/welcome',
        'on_failure' => '/login?error=auth_failed',
    ],
];

Environment Variables

Section titled “Environment Variables”

All sensitive configuration should be in your .env file:

# Required
BYTEAUTH_DOMAIN_REGISTERED=yourdomain.com
BYTEAUTH_API_KEY=ba_live_xxxxxxxxxxxxx


# Recommended
BYTEAUTH_WEBHOOK_SECRET=whsec_xxxxxxxxxxxxx


# Optional
BYTEAUTH_SESSION_LIFETIME=60
BYTEAUTH_SESSION_DRIVER=database

User Model Configuration

Section titled “User Model Configuration”

Default Behavior

Section titled “Default Behavior”

By default, ByteAuth creates users with:

  • A unique public_key identifier
  • A random email placeholder (can be updated by user)
  • A random password hash (never used)

Custom User Model

Section titled “Custom User Model”

To customize user creation, implement the ByteAuthUser interface:

<?php


namespace App\Models;


use ByteFederal\ByteAuthLaravel\Contracts\ByteAuthUser;
use Illuminate\Foundation\Auth\User as Authenticatable;


class User extends Authenticatable implements ByteAuthUser
{
    protected $fillable = [
        'name',
        'email',
        'password',
        'public_key',
    ];


    /**
     * Find a user by their ByteAuth public key.
     */
    public static function findByPublicKey(string $publicKey): ?self
    {
        return static::where('public_key', $publicKey)->first();
    }


    /**
     * Create a new user from ByteAuth registration.
     */
    public static function createFromByteAuth(array $data): self
    {
        return static::create([
            'public_key' => $data['public_key'],
            'name' => $data['name'] ?? 'ByteAuth User',
            'email' => $data['email'] ?? $data['public_key'] . '@byteauth.local',
            'password' => bcrypt(Str::random(32)),
        ]);
    }
}

Callback Configuration

Section titled “Callback Configuration”

On Registration

Section titled “On Registration”

Create a callback class to handle new registrations:

<?php


namespace App\ByteAuth;


use App\Models\User;
use ByteFederal\ByteAuthLaravel\Contracts\RegistrationCallback;


class OnRegister implements RegistrationCallback
{
    public function handle(User $user, array $data): void
    {
        // Send welcome email
        $user->notify(new WelcomeNotification());


        // Log the registration
        activity()
            ->performedOn($user)
            ->log('User registered via ByteAuth');


        // Assign default role
        $user->assignRole('member');
    }
}

Register in config/byteauth.php:

'callbacks' => [
    'on_register' => App\ByteAuth\OnRegister::class,
],

On Login

Section titled “On Login”

Similarly for login events:

<?php


namespace App\ByteAuth;


use App\Models\User;
use ByteFederal\ByteAuthLaravel\Contracts\LoginCallback;


class OnLogin implements LoginCallback
{
    public function handle(User $user, array $data): void
    {
        // Update last login timestamp
        $user->update(['last_login_at' => now()]);


        // Log the authentication
        activity()
            ->performedOn($user)
            ->log('User logged in via ByteAuth');
    }
}

Guard Configuration

Section titled “Guard Configuration”

ByteAuth uses Laravel’s standard authentication guards. Configure in config/auth.php:

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],


    'byteauth' => [
        'driver' => 'session',
        'provider' => 'users',
    ],
],

To use a separate guard:

config/byteauth.php
'guard' => 'byteauth',

CORS Configuration

Section titled “CORS Configuration”

If your frontend is on a different domain, configure CORS in config/cors.php:

'paths' => ['api/*', 'webhook/*'],


'allowed_origins' => ['https://yourfrontend.com'],


'allowed_methods' => ['GET', 'POST'],


'allowed_headers' => ['Content-Type', 'X-ByteAuth-Signature'],

Next Steps

Section titled “Next Steps”