Skip to main content

Authentication with Laravel 12 Starter Kits

18/28
Chapter 5 Authentication and Authorization

Authentication with Laravel 12 Starter Kits

22 min read Lesson 18 / 28

Authentication in Laravel 12

Laravel 12 introduces completely new starter kits that replace Breeze and Jetstream, providing authentication scaffolding with modern frontend stacks.

Choosing a Starter Kit

When creating a new Laravel 12 project, choose your starter kit:

laravel new my-app
# Select: React, Vue, or Livewire starter kit

React Starter Kit — Inertia 2 + React 19 + TypeScript + shadcn/ui Vue Starter Kit — Inertia 2 + Vue 3 + TypeScript + shadcn-vue Livewire Starter Kit — Livewire 3 + Flux UI + Laravel Volt

All include login, registration, password reset, and email verification out of the box.

Manual Authentication Setup

For custom authentication without starter kits:

// routes/web.php
Route::middleware('guest')->group(function () {
    Route::get('/login', [AuthController::class, 'showLogin'])->name('login');
    Route::post('/login', [AuthController::class, 'login']);
    Route::get('/register', [AuthController::class, 'showRegister'])->name('register');
    Route::post('/register', [AuthController::class, 'register']);
});

Route::post('/logout', [AuthController::class, 'logout'])
    ->middleware('auth')
    ->name('logout');

class AuthController extends Controller
{
    public function login(LoginRequest $request): RedirectResponse
    {
        $request->authenticate();
        $request->session()->regenerate();

        return redirect()->intended(route('dashboard'));
    }

    public function register(RegisterRequest $request): RedirectResponse
    {
        $user = User::create([
            'name' => $request->name,
            'email' => $request->email,
            'password' => Hash::make($request->password),
        ]);

        Auth::login($user);

        return redirect()->route('dashboard');
    }

    public function logout(Request $request): RedirectResponse
    {
        Auth::logout();
        $request->session()->invalidate();
        $request->session()->regenerateToken();

        return redirect('/');
    }
}

Protecting Routes

Route::middleware('auth')->group(function () {
    Route::get('/dashboard', DashboardController::class)->name('dashboard');
    Route::resource('/posts', PostController::class);
});

Email Verification

class User extends Authenticatable implements MustVerifyEmail {}

Route::middleware(['auth', 'verified'])->group(function () {
    Route::get('/dashboard', DashboardController::class);
});
Previous Flash Messages and Dynamic UI
Next Lesson Authorization with Gates and Policies