Hi there! If you're building a web application with Laravel 12, setting up a secure authentication system is one of the first things you'll need to do. Whether it's for a simple login page or a role-based dashboard, Laravel makes it super easy to implement authentication.

In this article, I’ll walk you through setting up authentication in Laravel 12 in just five steps. I’ll keep things simple, beginner-friendly, and include everything you need to create a secure login system using Laravel Breeze.

Step-by-Step Guide to Setting Up Laravel 12 Authentication

Step 1: Set Up a New Laravel 12 Project

First, I need to create a new Laravel 12 project. Make sure you have PHP 8.2+ and Composer installed on your system. Open your terminal and run:

composer create-project --prefer-dist laravel/laravel laravel-auth
cd laravel-auth

This command sets up a fresh Laravel 12 project named laravel-auth. Next, I’ll configure the database connection in the env file. Open the env file in the root directory and update the database settings like this:

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=laravel_auth
DB_USERNAME=your_username
DB_PASSWORD=your_password

After updating the .env file, I run the migration to create the default users table:

php artisan migrate

This sets up the database for user authentication.

Step 2: Install Laravel Breeze for Authentication Scaffolding

Laravel Breeze is a lightweight package that provides pre-built authentication features like login, registration, and password reset. To install it, I run:

composer require laravel/breeze --dev
php artisan breeze:install
npm install && npm run dev
php artisan migrate

The breeze:install command sets up the authentication views, routes, and controllers. It also generates Blade templates for the login and registration pages. The npm install && npm run dev commands compile the frontend assets (CSS and JavaScript). If prompted, I choose the Blade stack for simplicity.

Step 3: Customize the Login Form

Now, I’ll customize the login form to make it user-friendly. The default login form is located at resources/views/auth/login.blade.php. I open this file and ensure it includes fields for email and password, along with proper validation error handling. Here’s a simplified version of the form:

<form method="POST" action="{{ route('login') }}">
    @csrf
    <div>
        <label for="email">Email</label>
        <input id="email" type="email" name="email" value="{{ old('email') }}" required autofocus>
        @error('email')
            <span class="text-danger">{{ $message }}</span>
        @enderror
    </div>
    <div>
        <label for="password">Password</label>
        <input id="password" type="password" name="password" required>
        @error('password')
            <span class="text-danger">{{ $message }}</span>
        @enderror
    </div>
    <button type="submit">Log In</button>
</form>

This form includes CSRF protection (@csrf) and displays validation errors using the @error directive. It’s simple and ensures users get feedback if they enter invalid credentials.

Step 4: Add Validation for Login

To make the login secure, I’ll add validation rules. Laravel Breeze uses the AuthenticatedSessionController for login logic, located at app/Http/Controllers/Auth/AuthenticatedSessionController.php. I create a custom form request for validation by running:

php artisan make:request LoginRequest

Then, I update the app/Http/Requests/LoginRequest.php file with validation rules:

namespace App\Http\Requests;

use Illuminate\Foundation\Http\FormRequest;

class LoginRequest extends FormRequest
{
    public function authorize()
    {
        return true;
    }

    public function rules()
    {
        return [
            'email' => 'required|email|max:255',
            'password' => 'required|min:8',
        ];
    }

    public function messages()
    {
        return [
            'email.required' => 'Please enter your email address.',
            'email.email' => 'Please enter a valid email address.',
            'password.required' => 'Please enter your password.',
            'password.min' => 'Password must be at least 8 characters.',
        ];
    }
}

Next, I update the AuthenticatedSessionController to use this request:

use App\Http\Requests\LoginRequest;

public function store(LoginRequest $request)
{
    $request->authenticate();
    $request->session()->regenerate();
    return redirect()->intended($this->redirectTo());
}

This ensures the email and password are validated before authentication, improving security.

Step 5: Implement Role-Based Redirects

To make the system more dynamic, I’ll add role-based redirects so users are sent to different dashboards based on their role (e.g., admin or user). First, I add a role column to the users table by creating a new migration:

php artisan make:migration add_role_to_users_table --table=users

In the migration file, I add:

public function up()
{
    Schema::table('users', function (Blueprint $table) {
        $table->string('role')->default('user');
    });
}

public function down()
{
    Schema::table('users', function (Blueprint $table) {
        $table->dropColumn('role');
    });
}

Then, I run:

php artisan migrate

Next, I update the AuthenticatedSessionController to redirect users based on their role:

public function store(LoginRequest $request)
{
    $request->authenticate();
    $request->session()->regenerate();

    $user = Auth::user();
    if ($user->role === 'admin') {
        return redirect()->route('admin.dashboard');
    }
    return redirect()->route('user.dashboard');
}

I also define routes for the dashboards in routes/web.php:

Route::get('/admin/dashboard', function () {
    return view('admin.dashboard');
})->middleware('auth')->name('admin.dashboard');

Route::get('/user/dashboard', function () {
    return view('user.dashboard');
})->middleware('auth')->name('user.dashboard');

Finally, I create simple Blade views (resources/views/admin/dashboard.blade.php and resources/views/user/dashboard.blade.php) for the dashboards.

Conclusion

And there you have it! In just five steps, I’ve set up a secure and user-friendly authentication system in Laravel 12 using Laravel Breeze. From creating the project to adding validation and role-based redirects, this process is straightforward and customizable. Laravel’s built-in tools make authentication a breeze (pun intended!), and you can expand this system further with features like multi-factor authentication or API token-based login.

FAQs

Q1: Why should I use Laravel Breeze for authentication?
A: Laravel Breeze provides a simple, lightweight way to scaffold authentication features like login, registration, and password resets. It’s beginner-friendly and integrates seamlessly with Laravel’s ecosystem.

Q2: Can I use Laravel Fortify instead of Breeze?
A: Yes, Laravel Fortify is an alternative that offers similar authentication features but focuses on backend logic without pre-built views. Breeze is easier for beginners as it includes Blade templates.

Q3: How do I secure my Laravel login page?
A: Use strong validation rules, enable CSRF protection, hash passwords with Bcrypt, and consider adding multi-factor authentication with Laravel Fortify for extra security.

Q4: Why are my validation errors not showing?
A: Ensure your Blade template includes @error directives for each form field and that the form request is correctly applied in the controller.

Q5: Can I add social login to this setup?
A: Yes, you can integrate social login using packages like Laravel Socialite. It allows users to log in with providers like Google or Facebook, but it requires additional setup.

---

You might also like :

• Read Also: How to Set Up Automatic SSL Certificate Renewal in Ubuntu
• Read Also: How to Implement API Authentication in Laravel 12
• Read Also: Laravel 12 Bootstrap Auth Scaffolding: Step-by-Step Guide
• Read Also: Laravel UI Auth Login With Email Or Username