Laravel 6 Authentication

In this tutorial, we’ll see how to add authentication with login, registration, logout and password reset example.

If you have used Laravel before, you’ll find some changes in Laravel 6. For example, the auth routes and views are now part of the separated laravel/ui package that you need to install in your project using Composer before you can call the php artisan ui vue --auth command that replaced the Laravel 5′ artisan php artisan make:auth command.

Laravel 6 has moved the auth scaffolding into a separate Laravel/UI package that you need to install in your project using the following command from a new terminal:

$ cd blog
$ composer require laravel/ui

Run next command for generating a complete layout with registration, login, and password reset views and routes for adding authentication. It will create the necessary views for authentication and put them in the resources/views/auth folder. The ui command will also generate a resources/views/layouts folder that contains a base layout for your application which makes use of the Bootstrap CSS framework. This will also generate a HomeController for handling the requests after login.

$ php artisan ui vue --auth

This is the output of the command:

Vue scaffolding installed successfully.
Please run "npm install && npm run dev" to compile your fresh scaffolding.
Authentication scaffolding generated successfully.

Now that you have added the routes and views for the existing authentication controllers, users can register and authenticate.

In order to create database tables you should run:

$ php artisan migrate

Login and Register pages will be like in the images below:

The views have no styling yet. You can change that by installing and building the frontend dependencies using the following commands from the root of your project:

$ npm install
$ npm run dev

We now have a better looking UI. This is a screenshot of the login page:

See routes: routes/web.php


Route::get('/', function () {
    return view('welcome');


Route::get('/home', 'HomeController@index')->name('home');

The Auth::routes() method includes the routes for login, registration, logout, and password reset.

LoginControllerRegisterController, and ResetPasswordController.

Laravel provides the LoginControllerRegisterController, and ResetPasswordController controllers out of the box.

The authentication controllers are located in the app/Http/Controllers/Auth folder.

If your application doesn’t need registration, you may disable it by removing the newly created app/Http/Controllers/Auth/RegisterController and modifying your route declaration: Auth::routes(['register' => false]);.

How to Protect Routes

In a web application, you add authentication for primarily protecting some pages or routes for unauthorized access.

In Laravel, you can protect a route using a middelware.

Laravel has a builtin auth middleware, which exists in Illuminate\Auth\Middleware\Authenticate. It’s also registered in the HTTP kernel of your app, you can simply add it to your desired route to prevent unauthenticated users from accessing it.

Let’s see how the home page is protected so we can protect other pages in the same way:

Open the app/Http/Controllers/HomeController.php file. It has the following code:


namespace App\Http\Controllers;

use Illuminate\Http\Request;

class HomeController extends Controller

    public function __construct()
    public function index()
        return view('home');

In the constructor (the __construct() method) of the controller, you can see a call to the middleware() method with the auth middleware.

The middleware() method can be either called from the controller or the route definition. So let’s remove the call from the controller. Next, open the routes/web.php file and update the home route defintion as follows:

Route::get('/home', 'HomeController@index')->name('home')->middleware('auth');