This detailed tutorial covers how to set up authentication in Laravel using modern starter kits like Breeze and Jetstream. You’ll learn how to create login and registration pages, secure routes, handle sessions, and apply best practices in under an hour.
Table of contents [Show]
User authentication is one of the most common features in web applications. Every app that requires user accounts needs a login and registration system. Laravel makes authentication simple with built-in scaffolding and tools. In this tutorial, you’ll learn step by step how to set up authentication, customize it, and secure your app.
Authentication is the process of verifying who a user is. Without it, any user could access private parts of your application. By implementing proper authentication, you ensure:
First, let’s create a new Laravel project for authentication.
composer create-project laravel/laravel laravel-authStart the local server:
php artisan serveLaravel provides several ways to implement authentication. The most popular ones are:
| Package | Description | Best For |
|---|---|---|
| Breeze | Simple authentication with Blade or Inertia | Beginners, simple apps |
| Jetstream | Full-featured auth with teams, profiles, API tokens | Advanced apps |
| Fortify | Backend implementation for custom frontends | API-driven apps |
Laravel Breeze is the recommended starter kit for beginners. Let’s install it.
composer require laravel/breeze --devRun the Breeze installation:
php artisan breeze:installThen, migrate the default tables:
php artisan migrateInstall frontend assets:
npm install && npm run devBreeze automatically sets up routes for login, registration, password reset, and logout. You can find them in routes/auth.php.
// Example login route
Route::get('/login', [AuthenticatedSessionController::class, 'create']);
Route::post('/login', [AuthenticatedSessionController::class, 'store']);
Breeze generates Blade views in resources/views/auth. For example, login.blade.php contains a simple login form:
<form method="POST" action="{{ route('login') }}">
@csrf
<input type="email" name="email" required autofocus />
<input type="password" name="password" required />
<button type="submit">Login</button>
</form>
Laravel handles registration via the RegisteredUserController. The default code looks like this:
// app/Http/Controllers/Auth/RegisteredUserController.php
public function store(Request $request)
{
$request->validate([
'name' => 'required|string|max:255',
'email' => 'required|string|email|max:255|unique:users',
'password' => 'required|string|confirmed|min:8',
]);
$user = User::create([
'name' => $request->name,
'email' => $request->email,
'password' => Hash::make($request->password),
]);
Auth::login($user);
return redirect(RouteServiceProvider::HOME);
}
By default, Laravel provides auth middleware to protect routes. Example:
// routes/web.php
Route::get('/dashboard', function () {
return view('dashboard');
})->middleware(['auth']);
Logging out is handled with a simple POST request:
<form method="POST" action="{{ route('logout') }}">
@csrf
<button type="submit">Logout</button>
</form>
Breeze also includes password reset scaffolding:
// routes/auth.php
Route::get('/forgot-password', [PasswordResetLinkController::class, 'create']);
Route::post('/forgot-password', [PasswordResetLinkController::class, 'store']);
If you want to capture additional fields like username or phone, update the migration and controller:
// database/migrations/add_phone_to_users.php
$table->string('phone')->nullable();
// app/Http/Controllers/Auth/RegisteredUserController.php
$user = User::create([
'name' => $request->name,
'email' => $request->email,
'phone' => $request->phone,
'password' => Hash::make($request->password),
]);
Change the HOME path in RouteServiceProvider:
// app/Providers/RouteServiceProvider.php
public const HOME = '/dashboard';
Hash facade.Laravel’s authentication system allows you to set up login, registration, and password management in minutes. With starter kits like Breeze and Jetstream, you can build secure authentication features without reinventing the wheel. By applying middleware, customizing registration, and following best practices, you’ll have a production-ready authentication system for your app.
Now that you know how to set up authentication, you can focus on building the core functionality of your web app while ensuring users are protected and authenticated properly.
This article is a comprehensive tutorial on using the Prohibited Validation Rules in Laravel. You will learn how to apply prohibited, prohibited_if, and prohibited_unless with clear explanations, real-life scenarios, and code examples. This guide is perfect for developers who want to master advanced validation techniques in Laravel applications.
This detailed tutorial explores request validation in Laravel controllers. You’ll learn multiple techniques—basic controller validation, using form request classes, custom rules, conditional validation, error handling, localization, and best practices. With practical examples, code snippets, and structured explanations, this article is designed for beginners to advance learner.
This guide teaches you how to deploy Laravel applications to production servers. From preparing your environment and configuring Nginx or Apache, to database migrations, caching, performance optimization, CI/CD pipelines, and security practices—this article covers everything step by step.It’s suitable for both beginners and advanced developers who want to ship stable, secure & scalable app.
