Version Show
Authentication
Introduction
Laravel makes implementing authentication very simple. In fact, almost everything is configured for you out of the box. The authentication configuration file is located at At its core, Laravel's authentication facilities are made up of "guards" and "providers". Guards define how users are authenticated for each request. For example, Laravel ships with a Providers define how users are retrieved from your persistent storage. Laravel ships with support for retrieving users using Eloquent and the database query builder. However, you are free to define additional providers as needed for your application. Don't worry if this all sounds confusing now! Many applications will never need to modify the default authentication configuration. Database ConsiderationsBy default, Laravel includes an When building the database schema for the Also, you should verify that your Authentication QuickstartLaravel ships with several pre-built authentication controllers, which are located in the RoutingLaravel's
This command should be used on fresh applications and will install a layout view, registration and login views, as well as routes for all authentication end-points. A
Creating Applications Including AuthenticationIf you are starting a brand new application and would like to include the authentication scaffolding, you may use the
ViewsAs mentioned in the previous section, the The AuthenticatingNow that you have routes and views setup for the included authentication controllers, you are ready to register and authenticate new users for your application! You may access your application in a browser since the authentication controllers already contain the logic (via their traits) to authenticate existing users and store new users in the database. Path CustomizationWhen a user is successfully authenticated, they will be redirected to the
If you need more robust customization of the response returned when a user is authenticated, Laravel provides an empty
Username CustomizationBy default, Laravel uses the
Guard CustomizationYou may also customize the
"guard" that is used to authenticate and register users. To get started, define a
Validation / Storage CustomizationTo modify the form fields that are required when a new user registers with your application, or to customize how new users are stored into your database, you may modify the The The Retrieving The Authenticated UserYou may
access the authenticated user via the
Alternatively, once a user is authenticated, you may access the authenticated user via an
Determining If The Current User Is AuthenticatedTo determine if the user is already logged into your application, you may use the
Protecting RoutesRoute middleware can be used to only allow authenticated users to access a given route. Laravel ships with an
If you are using controllers, you may call the
Redirecting Unauthenticated UsersWhen the
Specifying A GuardWhen attaching the
Password ConfirmationSometimes, you may wish to require the user to confirm their password before accessing a specific area of your application. For example, you may require this before the user modifies any billing settings within the application. To accomplish this, Laravel provides a
After the user has successfully confirmed their password, the user is redirected to the route they originally tried to access. By default, after confirming their password, the user will not have to confirm their password again for three hours. You are free to
customize the length of time before the user must re-confirm their password using the Login ThrottlingIf you are using Laravel's built-in Manually Authenticating UsersNote that you are not required to use the authentication controllers included with Laravel. If you choose to remove these controllers, you will need to manage user authentication using the Laravel authentication classes directly. Don't worry, it's a cinch! We will access Laravel's authentication services via the
The The The Specifying Additional ConditionsIf you wish, you may also add extra conditions to the authentication query in addition to the user's e-mail and password. For example, we may verify that user is marked as "active":
Accessing Specific Guard InstancesYou may specify which guard instance you would like to utilize using the The guard name passed to the
Logging OutTo log users out of your application, you may use the
Remembering UsersIf you would like to provide "remember me" functionality in your application, you may pass a boolean value as the second argument to the
If you are "remembering" users, you may use the
Other Authentication MethodsAuthenticate A User InstanceIf you need to log an existing user instance into your application, you may call the
You may specify the guard instance you would like to use:
Authenticate A User By IDTo
log a user into the application by their ID, you may use the
Authenticate A User OnceYou may use the
HTTP Basic AuthenticationHTTP Basic Authentication provides a quick way to authenticate users of your application without setting up a dedicated "login" page. To get started, attach the
Once the middleware has been attached
to the route, you will automatically be prompted for credentials when accessing the route in your browser. By default, the A Note On FastCGIIf you are using PHP FastCGI, HTTP Basic authentication may not work correctly out of the box. The following lines should be added to your
Stateless HTTP Basic AuthenticationYou may also use HTTP Basic Authentication
without setting a user identifier cookie in the session, which is particularly useful for API authentication. To do so, define a middleware that calls the
Next, register the route middleware and attach it to a route:
Logging OutTo manually log users out of your application, you may use the
Invalidating Sessions On Other DevicesLaravel also provides a mechanism for invalidating and "logging out" a user's sessions that are active on other devices without invalidating the session on their current device. This feature is typically utilized when a user is changing or updating their password and you would like to invalidate sessions on other devices while keeping the current device authenticated. Before getting started, you should make sure that the
Then, you may use the
When the
Adding Custom GuardsYou may define your own authentication guards using the
As you can see in the example above, the callback passed to the
Closure Request GuardsThe simplest way to implement a custom, HTTP request based authentication system is by using the To get started, call the
Once your custom authentication driver has been defined, you use it as a driver within
Adding Custom User ProvidersIf you are not using a traditional relational database to store your users, you will need to extend Laravel with your own authentication user provider. We will use the
After you have registered the provider using the
Finally, you may use this provider in your
The User Provider ContractThe Let's take a look at the
The The The The The The Authenticatable ContractNow that we have explored each of the methods on the
This interface is simple. The EventsLaravel raises a variety of
events during the authentication process. You may attach listeners to these events in your
|