How to create and customise login in Laravel6

Laravel has great features out of the box, like Routing, Security, migration etc. Laravel also has comes authentication feature.

From version 6.X, Laravel has made some changes in authentication module. To activate Laravel auth module, simply run bellow command in Terminal.

composer require laravel/ui --dev

php artisan ui vue --auth

This will insert login and register views as well as routes.

You can change default options for the auth from the config/auth.php file. Here is also some tricks you can customise in authentication.

You can change redirect url after the user successfully authenticated in App/Providers/RouteServiceProvider.php file.

public const HOME = '/home';

You can also login user by its username instead of email address at App/Http/Controllers/auth/LoginController.php file. Just add username() method in LoginController.

public function username()
    return 'username';

Get the current registered user with bellow Auth class methods.

use Illuminate\Support\Facades\Auth;

// this will return user object
$user = Auth::user();

// this will return user id
$id = Auth::id()

You can check if user is already logged in or not by check() method. It will return true if user is already logged in.

use Illuminate\Support\Facades\Auth;

if (Auth::check()) {
    // user is logged in

You can also manually authenticate users by using attempt() method.

public function login(Request $request)
    $credentials = $request->only('email', 'password');

    if (Auth::attempt($credentials)) {
        // user logged in
        return redirect()->intended('dashboard');

If you want to login to different guard other than default one, just chain guard() method.

if (Auth::guard('admin')->attempt($credentials)) {
    // user logged in
    return redirect()->intended('dashboard');

You can also login user with remember me also. Just pass $remember = true boolean value.

if (Auth::attempt($credentials, $remember)) {
    // The user is being remembered...

If you want to protect some routes by authentication middleware, just add auth middleware.

Route::get('my-profile', 'ProfileController@index')->middleware('auth');

You can also set middleware in the controllers also. Just add middleware() method in __construct() method in controller class.

public function __construct()

This will redirect user to loggin page if it is not logged in. If you want to change this url, change return route in redirectTo() function of app/Http/Middleware/Authenticate.php file.

protected function redirectTo($request)
    return route('login');

LoginController.php class already use Illuminate\Foundation\Auth\ThrottlesLogins.php trait. So if you want to restrict user from entering wrong credentials for several times, add bellow properties in the LoginController.php

// Default is 5
protected $maxAttempts = 3;

// Default is 1
protected $decayMinutes = 3;

$maxAttempts is the number of wrong attempts to login. After that user will have to wait for $decayMinutes.

This way you can customise Laravel authentication scafolding.