Laravel Tutorials
WhatsApp Channel
Join
Facebook Page
Follow

Authentication and Authorization

📘 Laravel 👁 68 views 📅 Dec 22, 2025
⏱ Estimated reading time: 2 min

Authentication and authorization are essential for securing Laravel applications. Authentication verifies who a user is, while authorization determines what an authenticated user is allowed to do. Laravel provides powerful, built-in tools to handle both efficiently.

1. Authentication in Laravel

Authentication manages user login, registration, and logout.

Built-in Authentication Options

Laravel offers ready-made authentication systems:

  • Laravel Breeze – Simple authentication (login, register, password reset)

  • Laravel Jetstream – Advanced features (2FA, teams)

  • Laravel Fortify – Backend-only authentication logic

Example (Breeze installation):

composer require laravel/breeze --dev
php artisan breeze:install
php artisan migrate
npm install && npm run dev

2. User Model

Authentication uses the User model:

app/Models/User.php

Key traits:

use Illuminate\Foundation\Auth\User as Authenticatable;

This model connects users to the authentication system.

3. Login and Registration Flow

Typical authentication process:

  1. User submits login form

  2. Credentials are validated

  3. Password is checked (hashed)

  4. User session is created

  5. User is redirected

Laravel handles this automatically when using Breeze or Jetstream.

4. Password Hashing

Laravel securely hashes passwords:

use Illuminate\Support\Facades\Hash;

Hash::make($request->password);

Passwords are never stored in plain text.

5. Protecting Routes (Authentication)

Use the auth middleware to protect routes:

Route::middleware('auth')->group(function () {
    Route::get('/dashboard', function () {
        return view('dashboard');
    });
});

Only authenticated users can access these routes.

6. Authorization in Laravel

Authorization determines user permissions.

Laravel supports:

  • Gates – Simple permission checks

  • Policies – Model-based authorization

7. Gates

Define gates in AuthServiceProvider:

Gate::define('edit-post', function ($user, $post) {
    return $user->id === $post->user_id;
});

Usage:

@can('edit-post', $post)
    <button>Edit</button>
@endcan

8. Policies

Policies group authorization logic per model.

Create a policy:

php artisan make:policy PostPolicy --model=Post

Example:

public function update(User $user, Post $post)
{
    return $user->id === $post->user_id;
}

Usage in controller:

$this->authorize('update', $post);

9. Role-Based Authorization

Example using roles:

if ($user->role === 'admin') {
    // allow access
}

Middleware can also be used for role checks.

10. Authorization in Blade

Blade directives:

@can('update', $post)
    Edit
@endcan

11. API Authentication

Laravel supports API authentication via:

  • Sanctum – Token-based authentication

  • Passport – OAuth2 authentication

Example (Sanctum):

composer require laravel/sanctum

Conclusion

Laravel provides a complete, secure, and flexible system for authentication and authorization. With built-in tools like Breeze, middleware, gates, and policies, developers can easily protect applications and manage user permissions in a clean and scalable way.

🔒 Some advanced sections are available for Registered Members
Register Now
← Previous
Form Handling and Validation
Next →
Middleware in Laravel
Share this Post
🚀 Want to Test Your Knowledge?

Take quizzes related to this topic and see where you stand!

Start Quiz Now
← Back to Tutorials

Popular Competitive Exam Quizzes

GK/GS Quiz | UPSC Exam Quiz | English Grammar Basics Quiz | Science Quiz