This package was developed to give you a quick start to authenticate in laravel. It is opinionated and uses the following packages:

πŸ’‘ What is Laravel Auth?

Laravel Auth is an internal Laravel Nova Authentication replacement to gain more control over authorizing into Laravel Nova.

πŸ›  Requirements

> = v1.0

  • PHP: ^8.2
  • Laravel: ^10.*
  • Microsoft SSO

βš™οΈ Installation

You can install the package via composer:

composer require codebar-ag/laravel-auth

Add the following script to your composer.json file:

"scripts": {
    "post-update-cmd": [
      "@php artisan vendor:publish --tag=auth-assets --ansi --force"

Add configuration to your config/services.php file:

'microsoft' => [
    'client_id' => env('MICROSOFT_CLIENT_ID'),
    'client_secret' => env('MICROSOFT_CLIENT_SECRET'),
    'redirect' => env('MICROSOFT_REDIRECT_URI'),
    'tenant' => env('MICROSOFT_TENANT_ID'),
    'include_tenant_info' => true,

Add the following environment variables to your .env file:


⚠️ You need to provide a publicly accessible URL for the MICROSOFT_REDIRECT_URI environment variable. You can use expose or ngrok for local development.


# βœ… This is recommended for production as well:

Add the following trait to your User model:

use CodebarAg\LaravelAuth\Traits\HasAuthProviders;

Update your App\Http\Middleware\Authenticate middleware:

protected function redirectTo(Request $request): ?string
-    return $request->expectsJson() ? null : route('login');
+   return $request->expectsJson() ? null : route('auth.login');

Finally, run the following command:

php artisan auth:install

πŸ’‰ Tests

If you wish to add pest tests, run the following command:

php artisan auth:install-tests

Next add the following to your phpunit.xml file:

<testsuite name="Auth">

You will also need to add Auth to your Pest.php file:

uses(Tests\TestCase::class)->in('Feature', 'Auth');

🚏 Routes

Below are the following routes provided by this package:

Method URI Name Middleware
GET | HEAD /auth/login auth.login web
POST /auth/login/store web
ANY /auth/logout auth.logout web
GET | HEAD /auth/password auth.request-password web
POST /auth/password/store web
POST /auth/password/reset auth.reset-password web
GET | HEAD /auth/password/token/{token} web
GET | HEAD /auth/service/{service} auth.provider web
GET | HEAD /auth/service/{service}/redirect auth.provider.redirect web
GET | HEAD /auth/email/verify auth.verification.notice web
GET | HEAD /auth/email/verify/{id}/{hash} auth.verification.verify web
POST /auth/email/verification-notification auth.verification.send web

πŸͺ Nova Adjustments

Add the user menu for logout to your NovaServiceProvider boot method:

use Illuminate\Http\Request;
use Laravel\Nova\Menu\Menu;
use Laravel\Nova\Menu\MenuItem;

class NovaServiceProvider extends NovaApplicationServiceProvider
     * Bootstrap any application services.
     * @return void
    public function boot()

        Nova::userMenu(function (Request $request, Menu $menu) {
            return $menu
                ->append(MenuItem::externalLink('Logout', route('auth.logout')));

Next in your nova.php config add the following:

| Nova Routes
| These are the routes that are used by Nova to authenticate users.

'routes' => [
    'login' => 'auth/login',

Next in your NovaServiceProvider replace the routes method with the following:

Note: you can not register routes for ->withAuthenticationRoutes() or ->withPasswordResetRoutes() as this will override the changes we made in the nova.php config to routes.

     * Register the Nova routes.
     * @return void
    protected function routes()
-        Nova::routes()
-            ->withAuthenticationRoutes()
-            ->withPasswordResetRoutes();
+        Nova::routes();

πŸ”§ Configuration file

You can publish the config file with:

php artisan vendor:publish --tag=auth-config

This is the contents of the published config file:


// config for CodebarAg/LaravelAuth

use CodebarAg\LaravelAuth\Enums\ProviderEnum;

return [
    | Redirect Settings
    | You may like to define a different route once the user is
    | logged in or out. If no redirects are defined, the package will redirect to the
    | intended route. (This is the normal Laravel behaviour)
    | Use the route name as defined in your routes file.
    | If password-reset is not defined, the package will redirect to the login redirect route.
    'redirect' => [
        // 'login' => 'dashboard',
        // 'logout' => '',
        // 'password-reset' => '',
    | Logo Settings
    | You may like to define a different logo for the login page.
    | You can pass either a path relative to the public folder or a full url.
    'logo' => [
        'path' => 'vendor/auth/images/lock.svg',
        // 'path' => 'https://example.test/images/logo.png',
        'width' => '25%',

    | Middleware Settings
    | By default, the package will use the web middleware group.
    | You may define them the same way you would in your routes file.
    'middleware' => [

    | Link  Settings
    | By default, the package will use 60 minutes as the expiration time for
    | the signed links used in the email verification process.
    | You may define a different value here.
    'link_expiration_in_minutes' => 60,

    | Toast Settings
    | By default, the package will use 5000 milliseconds as the time to fade
    | out the toast messages.
    | You may define a different value here.
    'toast_fade_time_in_milliseconds' => 5000,
    | Password Reset Settings
    | By default, the package will use the password_resets table.
    | You may define a different table name here.
    'password_reset_table' => 'password_resets',
    | Provider Settings
    | Add the providers you want to use here.
    | e.g ProviderEnum::MICROSOFT_OFFICE_365,
    'providers' => [
    | Feature Settings
    | By default, all features are enabled.
    | You may disable a provider by adding changing the value to false.
    'features' => [
        'basic' => true,
        'sso' => true,
        'password_reset' => true,
        'email_verification' => true,

πŸ” Verify

If you wish to use email verification, you can add the following to your User model:

use Illuminate\Contracts\Auth\MustVerifyEmail;

class User extends Authenticatable implements MustVerifyEmail

Then you can use the following middleware to protect your routes:


You use verification in nova, add the middleware into in your nova.php config:

| Nova Route Middleware
| These middleware will be assigned to every Nova route, giving you the
| chance to add your own middleware to this stack or override any of
| the existing middleware. Or, you can just stick with this stack.

'middleware' => [

🎨 Customisation

You can publish the views using:

php artisan vendor:publish --tag=auth-views

You can publish the assets using:

php artisan vendor:publish --tag=auth-assets

You can publish the config using:

php artisan vendor:publish --tag=auth-config

You can publish the migrations using:

php artisan vendor:publish --tag=auth-migrations

You can publish the translations using:

php artisan vendor:publish --tag=auth-translations

This package uses Laravel Honeypot to prevent spam.Check out the documentation to learn how to customise it.

🚧 Testing

Copy your own phpunit.xml-file.

cp phpunit.xml.dist phpunit.xml

Run the tests:


πŸ“ Changelog

Please see CHANGELOG for more information on what has changed recently.

✏️ Contributing

Please see CONTRIBUTING for details.

πŸ§‘β€πŸ’» Security Vulnerabilities

Please review our security policy on how to report security vulnerabilities.

πŸ™ Credits

🎭 License

The MIT License (MIT). Please see License File for more information.


