Home 9 Software Development 9 The Ingenuity of Built-in Authentication in Laravel

The Ingenuity of Built-in Authentication in Laravel

Laravel is an excellent PHP framework. This web application framework is used worldwide for many reasons. One is that it’s free and open-source. Two is because it has a large community supporting it and plenty of documentation available. And three is because it boasts valuable features such as database migrations, queuing, and especially: built-in authentication. In this article, I will take you through Laravel’s built-in authentication, explain what it is, how it works, and how you can implement it. Let’s get started.
Daniel Zacharias

Code Power Team

August 28, 2023

The importance of authentication in web applications

The importance of authentication in web applications is self-explanatory: it helps confirm the user is who they say they are before giving them access to the application. 

This is useful because someone may have your username and password without you giving it to them (either through spyware or data leaks online, for instance). Authentication prevents this person from accessing your account. 

How Laravel makes use of guards

The framework makes use of guards (which are essentially the “gatekeepers”) that determine whether a user is denied or granted access. The user also provides their email address and password despite the type of guard used. 

Laravel makes use of token guards. These use API tokens for authenticating users. Unlike session guards, API tokens offer a secure way of authentication without relying on sessions. 

Token guards store unique API tokens in a database. This is sent to the client in their HTTP header. The token guard works to get this token on each request from the header for authentication. 

Typically the token is stored on a JSON Web Token (JWT) and includes the issuing entity, the user being authenticated, the time of the token’s issue, the time of the token’s expiry, and any other custom choices such as roles and permissions. 

The returned token can either be stored locally in the cookies. 

Laravel also makes use of session guards. Sessions are created when a user logs in. At this point, a session ID is made and stored in the cookies. With each request, the session guard gets the ID from the cookies and uses the related session data for authentication. 

How Laravel authenticates users using session-based authentication

After creating a database in Laravel and storing user data in it, you’ll be able to see the user, their email, and their password. Laravel protects the user’s password by encrypting it and only being able to interpret it itself. 

You’ll also need routes:

  • One for showing where the user can input their credentials, 
  • Another to handle the form submission, 
  • And one, finally, for the dashboard that the successfully authenticated users go to.

The form should have two fields, one for an email address and another to input the password. You should also have an error variable to display validation errors after form submission. 

Each form submission should also have a controller. This is known as the Auth Controller. This includes the validator that validates the user input and the attempt method to match the credentials with database records. There also needs to be a redirect field that returns the user with an error such as “invalid credentials.” 

In a nutshell: Laravel matches the credentials given by the user with a record within the database. It considers this user currently logged in. The user ID is stored in the session data. For logging out, Laravel removes the user ID from the session data.

Laravel also provides many different configuration options which can be used for session management. This includes session lifetime, secure session handling, and session storage drivers. 

As you can see, Laravel is secure and well-thought-out.

 But this isn’t the only reason the PHP platform is so popular. Documentation for Laravel can be found on their official website. So please refer to it for in-depth information and the best practices relevant today. 

Laravel’s authentication packages

Now that we’ve gone into some depth about Laravel’s authentication processes let’s take a moment to explore the packages available.

Built-in browser authentication

These can be accessed either through the Auth or Session facades. This is a cookie-based authentication initiated from your web browser. This lets you verify and authenticate users and automatically store the appropriate data on the session cookie. 

API authentication services

There are two packages you can use to manage API tokens and requests. These are Passport and Sanctum

Passport allows you to issue a variety of tokens and is the most comprehensive option for authentication in this way. This OAuth2 provider may not always be needed and may be unnecessarily complicated.

The second package available is Sanctum, which is much simpler than Passport and solves the complexity issue. This can handle API requests and first-part web requests. 

Space to build dynamic web solutions

Laravel offers an ideal space to build great web solutions. And I can’t even begin to cover the depth of in-built authentication in this article as the framework is so well-developed and established. I hope at least I’ve been able to create a mental “framework” for how it all works and give you a better understanding of Laravel.

Get the best of Code Power News in your inbox every week

    You may also like

    Principles and Benefits of Reactive Programming

    Principles and Benefits of Reactive Programming

    Unlike traditional programming, reactive programming revolves around asynchronous data streams. However, code is usually written linearly, one step after another. Reactive programming offers a way for developers to deal with scenarios where events occur unpredictably...

    Get the best of Code Power News in your inbox every week