Laravel's Built-In Authentication
Laravel ships with a complete authentication system out of the box. You get login, registration, password reset, and email verification with minimal setup.
Generating Auth Scaffolding
Use artisan to generate the authentication views, routes, and controllers in one command. This saves you from building everything from scratch.
php artisan make:auth
This creates login and registration routes, controllers, and Blade views. Visit /login or /register to see them in action.
The Login Controller
The generated LoginController handles the authentication logic. You can customize where users are redirected after login.
class LoginController extends Controller
{
use AuthenticatesUsers;
protected $redirectTo = '/dashboard';
public function __construct()
{
$this->middleware('guest')->except('logout');
}
}
The AuthenticatesUsers trait does the heavy lifting. Override methods to tweak behavior.
Password Reset and Email Verification
Laravel includes password reset functionality. Users receive a secure link to set a new password. Email verification ensures users own their email addresses.
// Enable email verification in User model
use Illuminate\Contracts\Auth\MustVerifyEmail;
class User extends Authenticatable implements MustVerifyEmail
{
}
Once the model implements MustVerifyEmail, unverified users are redirected to a verification prompt page.
Guards and Middleware
Guards define how users are authenticated for each request. Middleware protects routes by checking if a user is logged in.
Route::middleware('auth')->group(function () {
Route::get('/dashboard', [DashboardController::class, 'index']);
Route::get('/profile', [ProfileController::class, 'show']);
});
You can create custom guards for different authentication methods like API tokens or admin panels.