Skip to content

lukkFirst-party JWT auth for Laravel

Short-lived access JWTs and rotating refresh tokens on the server — with a TypeScript client and a Nuxt module that mirror the contract exactly. One package on each side, documented together.

The two halves

lukk is documented as one story with two sides:

  • lukk — the Laravel package. Issues and verifies the tokens, owns rotation, reuse detection, the denylist, and the optional 2FA / passkey / email-verification / password-reset flows.
  • lukk-js — the TypeScript client (lukk-core) and Nuxt module (lukk-nuxt). Attaches the bearer, refreshes before requests fail, and drives the browser ceremonies.

Throughout these docs, a feature page shows both sides: what you configure on the server, and how you call it from the client. New here? Start with the Introduction.