Authentication in Laravel 8 π
Laravel provides a built-in authentication system that includes login, registration, password reset, and more. You can implement authentication using Laravelβs Jetstream, Breeze, or UI package.
1. Install Laravel Authentication System
Laravel offers different authentication options:
β Option 1: Laravel Breeze (Lightweight)
Breeze provides a simple authentication setup using Blade and Tailwind CSS.
composer require laravel/breeze --dev
php artisan breeze:install
php artisan migrate
npm install && npm run dev
php artisan serve
π This sets up login, registration, password reset, and email verification.
β Option 2: Laravel UI (Bootstrap-based)
Laravel UI provides authentication scaffolding for Blade and Bootstrap.
composer require laravel/ui
php artisan ui bootstrap --auth
npm install && npm run dev
php artisan migrate
php artisan serve
π This sets up authentication views with Bootstrap styling.
β Option 3: Laravel Jetstream (Advanced)
Jetstream provides authentication with Livewire or Inertia.js.
composer require laravel/jetstream
php artisan jetstream:install livewire
php artisan migrate
npm install && npm run dev
php artisan serve
π This includes authentication, two-factor authentication, session management, and API tokens.
2. Laravel Default Authentication Routes
After installing authentication, Laravel provides built-in routes for:
- Login (
/login) - Register (
/register) - Logout (
/logout) - Forgot Password (
/forgot-password) - Password Reset (
/reset-password)
You can check available routes using:
php artisan route:list
3. Custom Authentication Logic
Laravelβs authentication system is powered by guards and providers.
β
Configuring authentication:
Modify config/auth.php if needed.
β Changing the default guard:
'defaults' => [
'guard' => 'web',
'passwords' => 'users',
],
β Middleware for authentication protection: To restrict access, use middleware in routes:
Route::get('/dashboard', function () {
return view('dashboard');
})->middleware('auth');
4. Custom Login & Registration
If you need custom authentication, you can manually create controllers.
β
Custom Login Controller (app/Http/Controllers/Auth/LoginController.php)
namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
class LoginController extends Controller
{
public function showLoginForm()
{
return view('auth.login');
}
public function login(Request $request)
{
$credentials = $request->validate([
'email' => 'required|email',
'password' => 'required',
]);
if (Auth::attempt($credentials)) {
return redirect()->intended('/dashboard');
}
return back()->withErrors(['email' => 'Invalid login details']);
}
public function logout()
{
Auth::logout();
return redirect('/');
}
}
β
Routes (routes/web.php)
use App\Http\Controllers\Auth\LoginController;
Route::get('/login', [LoginController::class, 'showLoginForm'])->name('login');
Route::post('/login', [LoginController::class, 'login']);
Route::post('/logout', [LoginController::class, 'logout'])->name('logout');
5. Protecting Routes with Middleware
To protect pages, use auth middleware.
β Example: Restrict access to dashboard
Route::get('/dashboard', function () {
return view('dashboard');
})->middleware('auth');
β
Redirect users after login
Modify app/Providers/RouteServiceProvider.php:
public const HOME = '/dashboard';
6. Role-Based Authentication
If you have different roles like Admin, User, Editor, define them in the users table.
β
Add role column in users migration
Schema::table('users', function (Blueprint $table) {
$table->string('role')->default('user');
});
β
Check role in middleware (app/Http/Middleware/CheckRole.php)
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
class CheckRole
{
public function handle(Request $request, Closure $next, $role)
{
if (Auth::check() && Auth::user()->role === $role) {
return $next($request);
}
return redirect('/home')->with('error', 'Unauthorized access!');
}
}
β
Register middleware in app/Http/Kernel.php
protected $routeMiddleware = [
'role' => \App\Http\Middleware\CheckRole::class,
];
β Apply middleware in routes
Route::get('/admin', function () {
return "Welcome Admin";
})->middleware('role:admin');
7. Social Media Authentication (Google, Facebook, etc.)
Use Laravel Socialite for OAuth login.
β Install Socialite
composer require laravel/socialite
β
Configure OAuth in config/services.php
'google' => [
'client_id' => env('GOOGLE_CLIENT_ID'),
'client_secret' => env('GOOGLE_CLIENT_SECRET'),
'redirect' => env('GOOGLE_REDIRECT_URL'),
],
β Routes for Social Login
use Laravel\Socialite\Facades\Socialite;
Route::get('/auth/google', function () {
return Socialite::driver('google')->redirect();
});
Route::get('/auth/google/callback', function () {
$user = Socialite::driver('google')->user();
// Handle user login/register logic
});
8. API Authentication (Laravel Sanctum)
For API authentication, use Laravel Sanctum.
β Install Sanctum
composer require laravel/sanctum
php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"
php artisan migrate
β
Enable Sanctum in app/Http/Kernel.php
protected $middlewareGroups = [
'api' => [
\Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
'throttle:api',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
],
];
β Protect API Routes
use Illuminate\Http\Request;
Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
return $request->user();
});
β Issue API Token
$user = Auth::user();
$token = $user->createToken('API Token')->plainTextToken;
β
Authenticate with Token
Use Authorization: Bearer <token> in API requests.
Conclusion
Laravel makes authentication quick and secure with built-in tools. You can use:
- Laravel Breeze (simple Blade-based authentication)
- Laravel UI (Bootstrap-based)
- Laravel Jetstream (Livewire & Inertia.js)
- Laravel Sanctum (API authentication)
Let me know if you need help implementing any of these! π
Authorization in Laravel (Roles & Permissions) π
Laravel provides Authorization using Gates and Policies, allowing control over user access.
1. Authentication vs Authorization
- Authentication: Verifies who the user is (login).
- Authorization: Determines what a user can do (permissions, roles).
2. Gates (Simple Authorization)
Gates are closures that define authorization logic.
β
Define a Gate in AuthServiceProvider.php
π app/Providers/AuthServiceProvider.php
use Illuminate\Support\Facades\Gate;
use App\Models\User;
public function boot()
{
Gate::define('edit-posts', function (User $user) {
return $user->is_admin; // Only admins can edit posts
});
}
β Use in Controllers or Views
if (Gate::allows('edit-posts')) {
echo "You can edit posts.";
} else {
echo "Access denied.";
}
β Use in Blade Template
@can('edit-posts')
<button>Edit Post</button>
@endcan
3. Policies (Advanced Authorization)
Policies handle authorization for models.
β
Create a Policy for Post Model
php artisan make:policy PostPolicy --model=Post
π File: app/Policies/PostPolicy.php
use App\Models\User;
use App\Models\Post;
public function update(User $user, Post $post)
{
return $user->id === $post->user_id; // Only post owners can edit
}
β
Register Policy in AuthServiceProvider.php
protected $policies = [
Post::class => PostPolicy::class,
];
β Using Policies in Controllers
$this->authorize('update', $post);
β Blade Authorization Check
@can('update', $post)
<button>Edit</button>
@endcan
4. Role-Based Access Control (RBAC)
Laravel does not have built-in roles, but you can define them manually.
β
Add role Column to users Table
php artisan make:migration add_role_to_users_table
π File: Migration
Schema::table('users', function (Blueprint $table) {
$table->string('role')->default('user');
});
β
Define Middleware for Roles
π File: app/Http/Middleware/CheckRole.php
use Closure;
public function handle($request, Closure $next, $role)
{
if (auth()->user()->role !== $role) {
abort(403, 'Unauthorized');
}
return $next($request);
}
β
Register Middleware in Kernel.php
protected $routeMiddleware = [
'role' => \App\Http\Middleware\CheckRole::class,
];
β
Use Middleware in Routes
π File: routes/web.php
Route::get('/admin', function () {
return "Admin Panel";
})->middleware('role:admin');
5. Laravel Permissions Package (Spatie)
To handle roles & permissions dynamically, use Spatie Laravel Permission.
β Install Package
composer require spatie/laravel-permission
β Publish Config & Migrate
php artisan vendor:publish --provider="Spatie\Permission\PermissionServiceProvider"
php artisan migrate
β
Add HasRoles Trait to User Model
π File: app/Models/User.php
use Spatie\Permission\Traits\HasRoles;
class User extends Authenticatable
{
use HasRoles;
}
β Create Roles & Permissions
use Spatie\Permission\Models\Role;
use Spatie\Permission\Models\Permission;
$role = Role::create(['name' => 'admin']);
$permission = Permission::create(['name' => 'edit posts']);
$role->givePermissionTo($permission);
$user = User::find(1);
$user->assignRole('admin');
β Check Role & Permissions
if ($user->hasRole('admin')) {
echo "User is an admin.";
}
if ($user->can('edit posts')) {
echo "User can edit posts.";
}
β Use in Blade
@role('admin')
<button>Admin Panel</button>
@endrole
@can('edit posts')
<button>Edit Post</button>
@endcan
Conclusion
Laravel provides flexible authorization through Gates, Policies, Middleware, and Role-Based Access Control (RBAC). For large apps, Spatie Laravel Permission is recommended.
π Need more help? π
At Online Learner, we're on a mission to ignite a passion for learning and empower individuals to reach their full potential. Founded by a team of dedicated educators and industry experts, our platform is designed to provide accessible and engaging educational resources for learners of all ages and backgrounds.
Copyright 2023-2025 © All rights reserved.