Polaris · identity module for Univeros

Auth your users can trust, and your agents can operate.

Polaris is the official identity module for Univeros, the agent-native PHP framework. One module registration adds email-verified login, JWT with rotating refresh tokens, multi-factor auth with recovery codes, and multi-tenant RBAC. Specified end to end, so humans can audit it and agents can build on it.

Read the docs View on GitHub
$ composer require univeros/polaris

One registration contributes

  • routes
  • entities
  • migrations
  • middleware
  • events
01

Drop-in

Register one class in config/modules.php and the host gains the full identity stack. Routes, entities, migrations, and middleware arrive wired and ready.

02

Security-critical by design

A written threat model behind every decision: hashing, token lifetimes, enumeration resistance, rate limits. Held to a minimum of 80% test coverage.

03

Multi-tenant

Identity is global, authority is per organization. Users carry roles scoped to each org they belong to, enforced consistently by middleware.

04

Agent-operable

Specified end to end and observable through PSR-14 events for every auth action, so humans can audit the module and agents can build on it.

Batteries included · production-grade

A complete identity stack from one module registration.

One line in config/modules.php contributes routes, entities, migrations, and middleware to the host. No further wiring.

flows

Authentication flows

Email-verified registration and login, JWT access tokens with rotating refresh tokens, password reset, and session revocation. Every flow specified, every edge case covered.

/docs/auth/flows
mfa-otp

MFA & OTP

Three factor types out of the box: TOTP with QR enrollment, SMS, and email codes. Single-use recovery codes and step-up authentication for sensitive operations.

/docs/auth/mfa-otp
rbac

Organizations & RBAC

Multi-tenant by design: identity is global, authority is per organization. Users join organizations and carry roles scoped to each one, enforced by middleware.

/docs/auth/rbac
jwks

Zero-downtime key rotation

A documented runbook for rotating the JWT signing keypair with JWKS kid versioning. Old tokens keep verifying while new ones sign with the fresh key.

/docs/auth/key-rotation
events

Domain events

PSR-14 events on the Happen dispatcher for every auth action: registrations, logins, failures, MFA challenges, role changes. Audit trails and side effects without forking the module.

/docs/auth/events
security

Security & threat model

A written threat model behind every decision: hashing, token lifetimes, enumeration resistance, rate limits. Security-critical code held to an explicit, reviewable standard.

/docs/auth/security

Get started

Start with the Polaris documentation.

Everything you need to understand and adopt Polaris, in one place.

Read the docs View on GitHub