Laravel Fortify is a backend authentication implementation for Laravel. Fortify registers the routes and controllers required to implement all of Laravel’s authentication features, including login, registration, password reset, email verification, and more. After installing Fortify, you can run the route:list Artisan command to see the routes that Fortify has registered. Fortify does not render its own user interface, which means that you can pair it with your own user interface which makes requests to the routes it registers.

Remember, Fortify is a package that can provide you a head start implementing Laravel’s authentication features. You are not required to use Fortify to use Laravel’s authentication features. You are always free to manually interact with Laravel’s authentication services by following the documentation available in the authentication, password reset, and email verification documentation.

When Use Fortify?

You may be curious when it is appropriate to utilize Laravel Fortify. Let me tell you one thing if you are using one of Laravel’s application starter kits like Laravel Jetstream and Laravel Breeze and you do not require to install Laravel Fortify since all of Laravel’s application starter kits already provide a full authentication implementation. If you are not utilizing an application starter kit and your application needs authentication features, you have two options: manually implement your application’s authentication features or use Laravel Fortify to provide the backend implementation of these features. If you choose to install Fortify, your user interface will make requests to Fortify’s authentication routes that I will explain in this article to authenticate and register users.

Installation

To get started, you can install Fortify using the Composer package manager:

composer require laravel/fortify

Configuration

After the installation, you’ve to publish Fortify’s resources using the vendor:publish command:

php artisan vendor:publish --provider="Laravel\Fortify\FortifyServiceProvider"

This command will publish Fortify’s actions to your app/Actions directory, which will be created if it does not exist. In addition, it also publishes the App\Providers\FortifyServiceProvider class. You should ensure this class is registered within the providers array of your application’s config/app.php configuration file.

Next, you should migrate your database:

php artisan migrate

Authentication

To get started, we need to instruct Fortify on how to return our login view.
All of the authentication view’s rendering logic may be customized using the appropriate methods available via the Laravel\Fortify\Fortify class. Typically, you should call this method from the boot method of your application’s App\Providers\FortifyServiceProvider class. Fortify will take care of defining the /login route that returns this view:

use Laravel\Fortify\Fortify;

/**
 * Bootstrap any application services.
 *
 * @return void
 */
public function boot()
{
    Fortify::loginView(function () {
        return view('auth.login');
    });

    // ...
}

Your login template should include a form that makes a POST request to /login. The /login endpoint expects a string email/username and a password. The name of the email/username field should match the username value within the config/fortify.php configuration file. In addition, a boolean remember field may be provided to indicate that the user would like to use the “remember me” functionality provided by Laravel.

If the login attempt is successful, Fortify will redirect you to the URI configured via the home configuration option within your application’s fortify configuration file. If the login request was an XHR request, a 200 HTTP response will be returned. If the request was not successful, the user will be redirected back to the login screen and the validation errors will be available to you via the shared $errors Blade template variable. Or, in the case of an XHR request, the validation errors will be returned with the 422 HTTP response.

Laravel fortify offers many authentication customization options:

• Customizing User Authentication
• Customizing The Authentication Pipeline
• Customizing Authentication Guard
• Customizing Redirects

Two Factor Authentication

You can also use two-factor authentication in Laravel Fortify. When Fortify’s two-factor authentication feature is enabled, the user is required to input a six-digit numeric token during the authentication process. This token is generated using a time-based one-time password (TOTP) that can be retrieved from any TOTP compatible mobile authentication application such as Google Authenticator. You can see its detailed documentation here. To get started, you should view it’s detailed documentation here.

Registration

To begin implementing your application’s registration functionality, you need to instruct Fortify on how to return your register view.
You can easily customize all of Fortify’s view rendering logic by utilizing the appropriate methods available via the Laravel\Fortify\Fortify class. Typically, you should call this method from the boot method of your App\Providers\FortifyServiceProvider class:

use Laravel\Fortify\Fortify;

/**
 * Bootstrap any application services.
 *
 * @return void
 */
public function boot()
{
    Fortify::registerView(function () {
        return view('auth.register');
    });

    // ...
}

Fortify will take care of defining the /register route that returns this view.
Your register template should include a form that makes a POST request to the /register endpoint defined by Fortify. The /register endpoint expects a string name, string email address / username, password, and password_confirmation fields. The name of the email/ username field should match the username configuration value defined within your application’s fortify configuration file.

The user validation and creation process may be customized by modifying the App\Actions\Fortify\CreateNewUser action that was generated when you installed Laravel Fortify.

Here above, I’ve explained the basic authentication and registration in Laravel Fortify, But laravel fortify offers a lot more. You can explore all the features and customization options by visiting it’s detailed documentation here.

If you want to learn about Laravel Starter Kits like Laravel Jetstream and Laravel Breeze you can visit our previous blogs on these topics.