Laravel makes implementing authentication very simple. In fact, almost everything is configured for you out of the box. The authentication configuration file is located at config/auth.php, which contains several well documented options for tweaking the behavior of the authentication services.
By default, Laravel includes an AppUser Eloquent model in your app directory. This model may be used with the default Eloquent authentication driver. If your application is not using Eloquent, you may use the database authentication driver which uses the Laravel query builder.
When building the database schema for the AppUser model, make sure the password column is at least 60 characters in length.
Also, you should verify that your users (or equivalent) table contains a nullable, string remember_token column of 100 characters. This column will be used to store a token for "remember me" sessions being maintained by your application. This can be done by using $table->rememberToken(); in a migration.
Laravel ships with two authentication controllers out of the box, which are located in the AppHttpControllersAuth namespace. The AuthController handles new user registration and authentication, while the PasswordController contains the logic to help existing users reset their forgotten passwords. Each of these controllers uses a trait to include their necessary methods. For many applications, you will not need to modify these controllers at all.
By default, no routes are included to point requests to the authentication controllers. You may manually add them to your app/Http/routes.php file:
Though the authentication controllers are included with the framework, you will need to provide views that these controllers can render. The views should be placed in the resources/views/auth directory. You are free to customize these views however you wish. The login view should be placed at resources/views/auth/login.blade.php, and the registration view should be placed at resources/views/auth/register.blade.php.
Now that you have routes and views setup for the included authentication controllers, you are ready to register and authenticate new users for your application. You may simply access your defined routes in a browser. The authentication controllers already contain the logic (via their traits) to authenticate existing users and store new users in the database.
When a user is successfully authenticated, they will be redirected to the /home URI, which you will need to register a route to handle. You can customize the post-authentication redirect location by defining a redirectPath property on the AuthController:
When a user is not successfully authenticated, they will be redirected to the /auth/login URI. You can customize the failed post-authentication redirect location by defining a loginPath property on the AuthController:
The loginPath will not change where a user is bounced if they try to access a protected route. That is controlled by the AppHttpMiddlewareAuthenticate middleware's handle method.
To modify the form fields that are required when a new user registers with your application, or to customize how new user records are inserted into your database, you may modify the AuthController class. This class is responsible for validating and creating new users of your application.
The validator method of the AuthController contains the validation rules for new users of the application. You are free to modify this method as you wish.
The create method of the AuthController is responsible for creating new AppUser records in your database using the Eloquent ORM. You are free to modify this method according to the needs of your database.
Retrieving The Authenticated User
You may access the authenticated user via the Auth facade:
Alternatively, once a user is authenticated, you may access the authenticated user via an IlluminateHttpRequest instance: