Donate with
Categories
Donate with
82uymVXLkvVbB4c4JpTd1tYm1yj1cKPKR2wqmw3XF8YXKTmY7JrTriP4pVwp2EJYBnCFdXhLq4zfFA6ic7VAWCFX5wfQbCC
Created: March 3rd 2025
Last updated: March 4th 2025
Categories: Common Web Development, IT Development, Laravel, Php
Author: Tim Fürer
Last updated: March 4th 2025
Categories: Common Web Development, IT Development, Laravel, Php
Author: Tim Fürer
Laravel: Migrate from Laravel UI Authentication to Fortify
Donate with
82uymVXLkvVbB4c4JpTd1tYm1yj1cKPKR2wqmw3XF8YXKTmY7JrTriP4pVwp2EJYBnCFdXhLq4zfFA6ic7VAWCFX5wfQbCC
If your Laravel project is already a bit older, chances are you used some Laravel UI scaffolding preset or starter kit to implement authentication (along with the necessary screens or views). That means a major part of the authentication logic is included in your application's code in the form of boilerplate code. The trend in recent years, as Laravel and its ecosystem has kept evolving, has been to tuck more and more boilerplate away into the framework itself or re-locate it to external packages. The idea is that the Laravel project skeleton should be as slim as possible; ideally, your application's code should only contain what is exclusively relevant to itself and exclude any generic logic. In most cases, authentication is one such generic kind of logic and the modern approach is to handle it through a package called Laravel Fortify. Fortify does all your Laravel UI authentication could (login, registration, password reset) and more (email verification, TOTP 2FA aka time-based one-time password two-factor authentication, etc.). In this guide, we'll show you how to quickly and easily swap out your Laravel UI authentication for Fortify while keeping your Laravel UI-based views.
Note that the following instructions are detailed assuming that you rely on Laravel UI's stock authentication code and not some heavily modified form of it. If you do, you may use this as a rough guide for migration.
Installing Fortify
Firstly, install Fortify to your Laravel project through Composer:
composer require laravel/fortifyNext, let Artisan generate the resources necessary to integrate Fortify into your project:
php artisan fortify:installMake sure Fortify's service provider is correctly registered in your "config/app.php" file:
'providers' => [
...
App\Providers\FortifyServiceProvider::class,
...
]Finally, run the new database migrations:
php artisan migrateConfiguring Fortify
Fortify's feature set is opt-in, meaning we need to define in its "config/fortify.php" file's "features" array which features we'd like to use. To decide which of Fortify's features to activate, we can compare each feature against our Laravel UI authentication and which of its features we're using.
Features::registration()The registration feature enables all logic and routes relevant to user self registration. It validates the registration data and creates new users in the database.
Features::resetPasswords()The reset password feature enables all logic and routes relevant to password reset by email. It sends password reset emails and generates and manages the necessary tokens.
Features::emailVerification()The email verification feature enables all logic and routes relevant to user email verification. This is usually paired with the registration feature and allows us to restrict unverified users and verify them through email.
Features::updateProfileInformation()The update profile information feature enables all logic and routes relevant to user profile editing.
Features::updatePasswords()The update passwords feature enables all logic and routes relevant to user password editing.
Features::twoFactorAuthentication($options)The two-factor authentication feature enables all logic and routes relevant to handling 2FA. It generates TOTP codes and recovery codes and allows us to add a 2FA challenge to the login process.
Here's an example of what a basic setup of features could look like:
'features' => [
Features::registration(),
Features::resetPasswords(),
]
Be sure to map all necessary handlers according to your used Fortify features in the "app/Providers/FortifyServiceProvider.php" file's boot() method:
use App\Actions\Fortify\CreateNewUser;
use App\Actions\Fortify\ResetUserPassword;
use App\Actions\Fortify\UpdateUserPassword;
use App\Actions\Fortify\UpdateUserProfileInformation;
public function boot(): void
{
Fortify::createUsersUsing(CreateNewUser::class);
Fortify::resetUserPasswordsUsing(ResetUserPassword::class);
Fortify::updateUserPasswordsUsing(UpdateUserPassword::class);
Fortify::updateUserProfileInformationUsing(UpdateUserProfileInformation::class);
}Note that these handlers can be customised if needed.
Removing Old Authentication
First we need to remove all of Laravel UI's authentication logic, namely the controllers. To do that, delete the "app/Http/Controllers/Auth/" directory and its contents.
Next we need to remove the legacy authentication routes. Delete the following function call ($options may vary) from your "routes/web.php" file:
Auth::routes($options)Lastly, we need to map our existing views to Fortify, again according to the features we intend to use. This, too, is done in the "app/Providers/FortifyServiceProvider.php" file's boot() method:
Fortify::loginView(function () {
return view('auth.login');
});
Fortify::registerView(function () {
return view('auth.register');
});
Fortify::verifyEmailView(function () {
return view('auth.verify');
});
Fortify::requestPasswordResetLinkView(function () {
return view('auth.passwords.email');
});
Fortify::resetPasswordView(function (Request $request) {
return view('auth.passwords.reset', ['request' => $request]);
});
Fortify::confirmPasswordView(function () {
return view('auth.passwords.confirm');
});Due to how we now provide our password reset token to the "auth.passwords.reset" view, we need to replace $token with $request->route('token') in the Blade template.
Thus this:
<input type="hidden" name="token" value="{{ $token }}">Becomes this:
<input type="hidden" name="token" value="{{ $request->route('token') }}">Et voila, you're done migrating to Laravel Fortify!