Laravel Authentication

Authentication is a process of identifying user credentials.

Laravel makes implementing authentication very simple.

The authentication configuration file is located at config/auth.php that contains various documented options for adjusting the behavior of the authentication services.

Laravel authentication facilities are made up of “guards” and “providers”.

Guards specify us how users are authenticated for each request.

Providers specify how users are retrieved from storage.

Laravel support retrieving users by using Eloquent and the database query builder.

Database Considerations

Laravel includes an App\User Eloquent model in our app directory.

This model used with the default Eloquent authentication.

We use the database authentication driver that uses the Laravel query builder only if our application is not using Eloquent.

The database schema for the App\User model, we have to make sure that the password column is at least 60 characters in length while building the database schema.

The default string of the column length of 255 characters would be the right choice.

We also verify that our users table contains a nullable, string remember_token column of 100 characters.

This column will be used to store a token for the users who select the “remember me” option when logging into our application.

Authentication Quickstart

Laravel ships with some pre-built authentication controller that are located in the App\Http\Controllers\Auth namespace. The RegisterController handlesnew user registration, and the LoginController handles authentication. The ForgotPasswordController handles e-mailing links for resetting passwords.

We do not need to modify these controllers at all for many of the applications.


Laravel provides an easy way for all the routes and views of the platform, it needs authentication using one simple command.

php artisan make:auth

This command is used on a fresh application, and it will install a layout view, registration and login views, and the routes for all authentication end-points.

A HomeContoller will also be generated, it handles the post-login requests to our application`s dashboard.


We disable the application if it doesn`t need registration by removing the newly created RegisterController and it modifying our route declaration:

Auth::route([‘register’ => false]);


The php artisan make:auth command will create all of the views that we need for authentication and place them in the resources/views/auth directory.

The make:auth command will also create a resources/views/layouts directory containing a base layout for our application.


We access our application in a browser since the authentication controllers already contain the logic with their traits to authenticate existing users, and it stores new users in the database.

Path Customization

When a user is successfully authenticated, it will be redirected to the /home URI.

The redirect location for customizing the post-authentication is used by defining a redirectTo property on the LoginController, RegisterController, ResetPasswordController, and VerificationController

protected $redirectTo = '/';

We have to modify the RedirectIfAuthenticated middleware`s handle method by using new URI when it is redirecting the user.

If the redirect path needs custom generation logic that we have to define a redirectTo method instead of a redirectTo property

protected function redirectTo()
     return '/path';

Note: The redirectTo method takes preference over the redirectTo attribute.

Username Customization

Laravel uses the email field for authentication. If we would like to customize this, we can specify a \

public function username()
     return 'username';

Guard Customization

The “guard” is used to authenticate and register the users. It specifies a guard method on our LoginController, RegisterController, and ResetPasswordController.

The method will return a guard:

use Illuminate\Support\Facades\Auth;
 protected function guard()
     return Auth::guard('guard-name');

Validation/Storage Customization

The form fields modify which is required when a new user registers with our application, or to customize how new users are stored into our database, we modify the RegisterController class.

The validator method of the RegisterController stores the validation rules for new users of the application. We are free to modify this method as we wish.

The create method of the RegisterController is responsible for creating new App\User records in our database by using the EloquentORM.

We are modifying this method according to the needs of our database.

Retrieving the Authenticated User

To access the authenticated user via the Auth façade:

use Illuminate\Support\Facades\Auth;
$user = Auth::user();
$id = Auth::id(); 

Once a user is authenticated, we can access the authenticated user via an Illuminate\Http\Request instance.

By type-hinted classes the controller methods will automatically be injected:

 namespace App\Http\Controllers;
 use Illuminate\Http\Request;
 class ProfileController extends Controller
      * Update the user's profile. 
      * @param  Request  $request
      * @return Response
     public function update(Request $request)

Determining If The Current User Is Authenticated

To specify if the user is already logged into the application, we use the check method on the Auth façade that will return true if the user is authenticated:

use Illuminate\Support\Facades\Auth;
 if (Auth::check()) {
     // The user is logged in...