{"id":126,"date":"2025-08-25T16:13:38","date_gmt":"2025-08-25T16:13:38","guid":{"rendered":"https:\/\/1v0.net\/blog\/?p=126"},"modified":"2025-08-26T08:49:57","modified_gmt":"2025-08-26T08:49:57","slug":"how-to-add-authentication-in-laravel-12-without-fortify","status":"publish","type":"post","link":"https:\/\/1v0.net\/blog\/how-to-add-authentication-in-laravel-12-without-fortify\/","title":{"rendered":"How to Add Authentication in Laravel 12 (Without Fortify)"},"content":{"rendered":"\n

Authentication is one of the first features developers add to a new Laravel project. While Laravel Fortify provides a robust solution, sometimes you want to implement basic login, registration, and logout yourself to keep things simple or learn how it works under the hood.<\/p>\n\n\n\n

In this guide, we\u2019ll build a lightweight authentication system in Laravel 12 without using Fortify. You\u2019ll see how to create routes, controllers, and views for user login and registration, as well as handle session-based authentication with Laravel\u2019s built-in features.<\/p>\n\n\n\n

<\/p>\n\n\n\n

<\/div>\n\n\n\n

1 – Setup Database and User Model<\/strong><\/h2>\n\n\n\n

<\/p>\n\n\n\n

Make sure your .env<\/code> file has database credentials set up and run the default Laravel migration. This will create the users<\/code> table.<\/p>\n\n\n

php artisan migrate<\/code><\/span><\/pre>\n\n\n
The default User<\/code> model is already included in app\/Models\/User.php<\/code> and comes with fields like name<\/code>, email<\/code>, and password<\/code> which are enough for our basic authentication system.<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/div>\n\n\n\n
2 – Define Authentication Routes<\/strong><\/h2>\n\n\n\n
<\/p>\n\n\n
\/\/ routes\/web.php<\/span>\n<\/span><\/span>\n<\/span><\/span>use<\/span> App<\/span>\\Http<\/span>\\Controllers<\/span>\\AuthController<\/span>;\n<\/span><\/span>use<\/span> Illuminate<\/span>\\Support<\/span>\\Facades<\/span>\\Route<\/span>;\n<\/span><\/span>\n<\/span><\/span>\/\/ Guest routes<\/span>\n<\/span><\/span>Route::middleware('guest'<\/span>)->group(function<\/span> ()<\/span> <\/span>{\n<\/span><\/span>    Route::get('\/register'<\/span>, [AuthController::class, 'showRegister'<\/span>])->name('register.show'<\/span>);\n<\/span><\/span>    Route::post('\/register'<\/span>, [AuthController::class, 'register'<\/span>])->name('register'<\/span>);\n<\/span><\/span>    Route::get('\/login'<\/span>, [AuthController::class, 'showLogin'<\/span>])->name('login.show'<\/span>);\n<\/span><\/span>    Route::post('\/login'<\/span>, [AuthController::class, 'login'<\/span>])->name('login'<\/span>);\n<\/span><\/span>});\n<\/span><\/span>\n<\/span><\/span>\/\/ Authenticated routes<\/span>\n<\/span><\/span>Route::middleware('auth'<\/span>)->group(function<\/span> ()<\/span> <\/span>{\n<\/span><\/span>    Route::post('\/logout'<\/span>, [AuthController::class, 'logout'<\/span>])->name('logout'<\/span>);\n<\/span><\/span>    Route::get('\/dashboard'<\/span>, function<\/span> ()<\/span> <\/span>{\n<\/span><\/span>        return<\/span> view('dashboard'<\/span>);\n<\/span><\/span>    })->name('dashboard'<\/span>);\n<\/span><\/span>});\n<\/span><\/span><\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
Here we define routes for registration, login, and logout. The guest<\/code> middleware ensures only non-logged-in users can access login and registration. The auth<\/code> middleware ensures only authenticated users can see the dashboard or logout.<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/div>\n\n\n\n
3 – Build the AuthController<\/strong><\/h2>\n\n\n\n
<\/p>\n\n\n
\/\/ app\/Http\/Controllers\/AuthController.php<\/span>\n<\/span><\/span>\n<\/span><\/span>namespace<\/span> App<\/span>\\Http<\/span>\\Controllers<\/span>;\n<\/span><\/span>\n<\/span><\/span>use<\/span> App<\/span>\\Models<\/span>\\User<\/span>;\n<\/span><\/span>use<\/span> Illuminate<\/span>\\Http<\/span>\\Request<\/span>;\n<\/span><\/span>use<\/span> Illuminate<\/span>\\Support<\/span>\\Facades<\/span>\\Auth<\/span>;\n<\/span><\/span>use<\/span> Illuminate<\/span>\\Support<\/span>\\Facades<\/span>\\Hash<\/span>;\n<\/span><\/span>\n<\/span><\/span>class<\/span> AuthController<\/span> extends<\/span> Controller<\/span><\/span>\n<\/span><\/span><\/span>{\n<\/span><\/span>    public<\/span> function<\/span> showRegister<\/span>()<\/span><\/span>\n<\/span><\/span>    <\/span>{\n<\/span><\/span>        return<\/span> view('auth.register'<\/span>);\n<\/span><\/span>    }\n<\/span><\/span>\n<\/span><\/span>    public<\/span> function<\/span> register<\/span>(Request $request)<\/span><\/span>\n<\/span><\/span>    <\/span>{\n<\/span><\/span>        $request->validate([\n<\/span><\/span>            'name'<\/span> => 'required|string|max:255'<\/span>,\n<\/span><\/span>            'email'<\/span> => 'required|email|unique:users'<\/span>,\n<\/span><\/span>            'password'<\/span> => 'required|min:6|confirmed'<\/span>,\n<\/span><\/span>        ]);\n<\/span><\/span>\n<\/span><\/span>        $user = User::create([\n<\/span><\/span>            'name'<\/span> => $request->name,\n<\/span><\/span>            'email'<\/span> => $request->email,\n<\/span><\/span>            'password'<\/span> => Hash::make($request->password),\n<\/span><\/span>        ]);\n<\/span><\/span>\n<\/span><\/span>        Auth::login($user);\n<\/span><\/span>\n<\/span><\/span>        return<\/span> redirect()->route('dashboard'<\/span>);\n<\/span><\/span>    }\n<\/span><\/span>\n<\/span><\/span>    public<\/span> function<\/span> showLogin<\/span>()<\/span><\/span>\n<\/span><\/span>    <\/span>{\n<\/span><\/span>        return<\/span> view('auth.login'<\/span>);\n<\/span><\/span>    }\n<\/span><\/span>\n<\/span><\/span>    public<\/span> function<\/span> login<\/span>(Request $request)<\/span><\/span>\n<\/span><\/span>    <\/span>{\n<\/span><\/span>        $credentials = $request->validate([\n<\/span><\/span>            'email'<\/span> => 'required|email'<\/span>,\n<\/span><\/span>            'password'<\/span> => 'required'<\/span>,\n<\/span><\/span>        ]);\n<\/span><\/span>\n<\/span><\/span>        if<\/span> (Auth::attempt($credentials, $request->filled('remember'<\/span>))) {\n<\/span><\/span>            $request->session()->regenerate();\n<\/span><\/span>            return<\/span> redirect()->route('dashboard'<\/span>);\n<\/span><\/span>        }\n<\/span><\/span>\n<\/span><\/span>        return<\/span> back()->withErrors([\n<\/span><\/span>            'email'<\/span> => 'Invalid credentials provided.'<\/span>,\n<\/span><\/span>        ]);\n<\/span><\/span>    }\n<\/span><\/span>\n<\/span><\/span>    public<\/span> function<\/span> logout<\/span>(Request $request)<\/span><\/span>\n<\/span><\/span>    <\/span>{\n<\/span><\/span>        Auth::logout();\n<\/span><\/span>        $request->session()->invalidate();\n<\/span><\/span>        $request->session()->regenerateToken();\n<\/span><\/span>\n<\/span><\/span>        return<\/span> redirect()->route('login.show'<\/span>);\n<\/span><\/span>    }\n<\/span><\/span>}\n<\/span><\/span><\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
This controller handles showing login\/register forms, creating new users, authenticating credentials, and logging users out. Laravel\u2019s Auth<\/code> facade is used to manage sessions securely.<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/div>\n\n\n\n
4 – Create Blade Views<\/strong><\/h2>\n\n\n\n
<\/p>\n\n\n\n
We\u2019ll need three simple Blade templates: one for registration, one for login, and one for the dashboard.<\/p>\n\n\n
\/\/ resources\/views\/auth\/register.blade.php<\/span>\n\n<form method=\"POST\"<\/span> action=\"{{ route('register') }}\"<\/span> class<\/span>=\"card<\/span> card<\/span>-body<\/span>\">\n    @csrf<\/span>\n    <h2<\/span>>Register<\/span><\/h2<\/span>>\n    <input<\/span> type<\/span>=\"text<\/span>\" name<\/span>=\"name<\/span>\" placeholder<\/span>=\"Name<\/span>\" required<\/span> class<\/span>=\"form<\/span>-control<\/span> mb<\/span>-2\">\n    <input<\/span> type<\/span>=\"email<\/span>\" name<\/span>=\"email<\/span>\" placeholder<\/span>=\"Email<\/span>\" required<\/span> class<\/span>=\"form<\/span>-control<\/span> mb<\/span>-2\">\n    <input<\/span> type<\/span>=\"password<\/span>\" name<\/span>=\"password<\/span>\" placeholder<\/span>=\"Password<\/span>\" required<\/span> class<\/span>=\"form<\/span>-control<\/span> mb<\/span>-2\">\n    <input<\/span> type<\/span>=\"password<\/span>\" name<\/span>=\"password_confirmation<\/span>\" placeholder<\/span>=\"Confirm<\/span> Password<\/span>\" required<\/span> class<\/span>=\"form<\/span>-control<\/span> mb<\/span>-2\">\n    <button<\/span> class<\/span>=\"btn<\/span> btn<\/span>-primary<\/span>\">Register<\/span><\/button<\/span>>\n<\/form<\/span>><\/span><\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
The registration form collects user details and submits them to the register<\/code> route. Laravel automatically handles CSRF protection with the @csrf<\/code> directive.<\/p>\n\n\n
\/\/ resources\/views\/auth\/login.blade.php<\/span>\n\n<form method=\"POST\"<\/span> action=\"{{ route('login') }}\"<\/span> class<\/span>=\"card<\/span> card<\/span>-body<\/span>\">\n    @csrf<\/span>\n    <h2<\/span>>Login<\/span><\/h2<\/span>>\n    <input<\/span> type<\/span>=\"email<\/span>\" name<\/span>=\"email<\/span>\" placeholder<\/span>=\"Email<\/span>\" required<\/span> class<\/span>=\"form<\/span>-control<\/span> mb<\/span>-2\">\n    <input<\/span> type<\/span>=\"password<\/span>\" name<\/span>=\"password<\/span>\" placeholder<\/span>=\"Password<\/span>\" required<\/span> class<\/span>=\"form<\/span>-control<\/span> mb<\/span>-2\">\n    <div<\/span> class<\/span>=\"form<\/span>-check<\/span> mb<\/span>-2\">\n        <input<\/span> class<\/span>=\"form<\/span>-check<\/span>-input<\/span>\" type<\/span>=\"checkbox<\/span>\" name<\/span>=\"remember<\/span>\" id<\/span>=\"remember<\/span>\">\n        <label<\/span> class<\/span>=\"form<\/span>-check<\/span>-label<\/span>\" for<\/span>=\"remember<\/span>\">Remember<\/span> Me<\/span><\/label<\/span>>\n    <\/div<\/span>>\n    <button<\/span> class<\/span>=\"btn<\/span> btn<\/span>-primary<\/span>\">Login<\/span><\/button<\/span>>\n<\/form<\/span>><\/span><\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
The login form accepts an email and password, and optionally a \u201cremember me\u201d checkbox to keep the user logged in across sessions.<\/p>\n\n\n
\/\/ resources\/views\/dashboard.blade.php<\/span>\n\n<div class<\/span>=\"container<\/span> py<\/span>-5\">\n    <h1<\/span>>Welcome<\/span>, <\/span>{{ auth()->user()->name }}!<\/h1>\n    <p>You are logged in.<\/p>\n\n    <form method=\"POST\"<\/span> action=\"{{ route('logout') }}\"<\/span>>\n        @csrf\n        <button class<\/span>=\"btn<\/span> btn<\/span>-danger<\/span>\">Logout<\/span><\/button<\/span>>\n    <\/form<\/span>>\n<\/div<\/span>><\/span><\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
The dashboard displays the logged-in user\u2019s name and provides a logout form. The auth()<\/code> helper makes the authenticated user available in views.<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/div>\n\n\n\n
5 – Protecting Routes with Middleware<\/strong><\/h2>\n\n\n\n
<\/p>\n\n\n\n
We already wrapped our routes in guest<\/code> and auth<\/code> middleware. This ensures only the correct type of user can access each page. For example, if a logged-in user tries to go to \/login<\/code>, they\u2019ll be redirected away, and if a guest tries to reach \/dashboard<\/code>, they\u2019ll be blocked.<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/div>\n\n\n\n
6 – Common Errors<\/strong><\/h2>\n\n\n\n
<\/p>\n\n\n\n
Invalid CSRF token<\/strong>
Always include @csrf<\/code> inside your forms. If missing, Laravel will reject the request with a 419 error.<\/p>\n\n\n\n
Session not persisting<\/strong>
Check your .env<\/code> file for correct APP_URL<\/code> and SESSION_DOMAIN<\/code> settings. Also verify that cookies are enabled in your browser.<\/p>\n\n\n\n
Too many redirects<\/strong>
This usually means routes are protected incorrectly. For example, if your dashboard route is missing auth<\/code> middleware, or if your login route isn\u2019t wrapped in guest<\/code>, you can end up looping.<\/p>\n\n\n\n
Password not hashing<\/strong>
Make sure you use Hash::make()<\/code> when storing passwords. Storing plain text passwords is insecure and will break login attempts.<\/p>\n\n\n\n
Email already taken<\/strong>
If you try registering twice with the same email, the validation rule unique:users<\/code> will stop it. This is expected behavior to keep emails unique.<\/p>\n\n\n\n
<\/p>\n\n\n\n
<\/div>\n\n\n\n
Conclusion<\/strong><\/h2>\n\n\n\n
<\/p>\n\n\n\n
You now have a fully functional authentication system in Laravel 12 without relying on Fortify. You created routes, a controller, and Blade views for registration, login, and logout \u2014 plus middleware protection and error handling. This hands-on approach helps you understand how authentication really works in Laravel, and gives you a foundation to expand with features like email verification, roles, or password resets later.<\/p>\n\n\n\n
<\/p>\n\n\n
<\/div>\n\n\n\n
Next Steps<\/strong><\/h2>\n\n\n\n
<\/p>\n\n\n\n
Now that you have the basics of authentication working, here are some features you can explore next to make your app production-ready:<\/p>\n\n\n\n
    \n
  • Password Reset:<\/strong> Allow users to reset their password using email tokens.<\/li>\n
  • Email Verification:<\/strong> Ensure new users confirm their email before accessing protected areas.<\/li>\n
  • Social Logins:<\/strong> Add Google, GitHub, or other OAuth logins with Laravel Socialite.<\/li>\n
  • Roles and Permissions:<\/strong> Restrict actions with role-based access control (e.g., Admin, Editor, User).<\/li>\n
  • Security Enhancements:<\/strong> Enable two-factor authentication (2FA) for sensitive accounts.<\/li>\n<\/ul>\n\n\n\n
    These additions help secure your app further and provide a better user experience as your project grows.<\/p>\n\n\n\n
    <\/p>\n\n","protected":false},"excerpt":{"rendered":"
    Authentication is one of the first features developers add to a new Laravel project. While Laravel Fortify provides a robust solution, sometimes you want to implement basic login, registration, and logout yourself to keep things simple or learn how it works under the hood. In this guide, we\u2019ll build a lightweight authentication system in Laravel […]<\/p>\n","protected":false},"author":1,"featured_media":128,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[12,13],"class_list":["post-126","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-laravel","tag-authentication","tag-login"],"_links":{"self":[{"href":"https:\/\/1v0.net\/blog\/wp-json\/wp\/v2\/posts\/126","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/1v0.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/1v0.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/1v0.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/1v0.net\/blog\/wp-json\/wp\/v2\/comments?post=126"}],"version-history":[{"count":1,"href":"https:\/\/1v0.net\/blog\/wp-json\/wp\/v2\/posts\/126\/revisions"}],"predecessor-version":[{"id":127,"href":"https:\/\/1v0.net\/blog\/wp-json\/wp\/v2\/posts\/126\/revisions\/127"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/1v0.net\/blog\/wp-json\/wp\/v2\/media\/128"}],"wp:attachment":[{"href":"https:\/\/1v0.net\/blog\/wp-json\/wp\/v2\/media?parent=126"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/1v0.net\/blog\/wp-json\/wp\/v2\/categories?post=126"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/1v0.net\/blog\/wp-json\/wp\/v2\/tags?post=126"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}