Skip to main content

Overview

The authentication routes handle user registration, login, logout, email verification, password reset, and social authentication via OAuth providers.

Guest Routes

These routes are accessible only to unauthenticated users (middleware: guest).

Registration

Registration Form

GET /register
Middleware: guest
Controller: RegisteredUserController@create
Route Name: register Displays the user registration form.

Process Registration

POST /register
Middleware: guest
Controller: RegisteredUserController@store Processes the registration form and creates a new user account.

Login

Login Form

GET /login
Middleware: guest
Controller: AuthenticatedSessionController@create
Route Name: login Displays the login form.

Process Login

POST /login
Middleware: guest
Controller: AuthenticatedSessionController@store Authenticates the user and creates a new session.

Password Reset

Forgot Password Form

GET /forgot-password
Middleware: guest
Controller: PasswordResetLinkController@create
Route Name: password.request Displays the forgot password form. 
POST /forgot-password
Middleware: guest
Controller: PasswordResetLinkController@store
Route Name: password.email Sends a password reset link to the user’s email.

Reset Password Form

GET /reset-password/{token}
Middleware: guest
Controller: NewPasswordController@create
Route Name: password.reset
Parameters:
  • token (string): Password reset token from email
Displays the password reset form with the token.

Process Password Reset

POST /reset-password
Middleware: guest
Controller: NewPasswordController@store
Route Name: password.store Resets the user’s password using the provided token.

Social Authentication

OAuth Redirect

GET /auth/{driver}/redirect
Middleware: guest
Controller: SocialiteSessionController@redirectToProvider
Route Name: socialite.redirect
Parameters:
  • driver (string): OAuth provider (github or google)
Redirects to the OAuth provider’s authorization page.

OAuth Callback

GET /auth/{driver}/callback
Middleware: guest
Controller: SocialiteSessionController@handleProviderCallback
Route Name: socialite.callback
Parameters:
  • driver (string): OAuth provider
Handles the callback from the OAuth provider and authenticates the user.

Authenticated Routes

These routes require authentication (middleware: auth).

Email Verification

Email Verification Prompt

GET /verify-email
Middleware: auth
Controller: EmailVerificationPromptController
Route Name: verification.notice Displays a prompt asking the user to verify their email address.

Verify Email

GET /verify-email/{id}/{hash}
Middleware: auth, signed, throttle:6,1
Controller: VerifyEmailController
Route Name: verification.verify
Parameters:
  • id (integer): User ID
  • hash (string): Verification hash
Verifies the user’s email address using the signed URL.

Resend Verification Email

POST /email/verification-notification
Middleware: auth, throttle:6,1
Controller: EmailVerificationNotificationController@store
Route Name: verification.send Resends the email verification notification. Rate limited to 6 attempts per minute.

Password Management

Confirm Password Form

GET /confirm-password
Middleware: auth
Controller: ConfirmablePasswordController@show
Route Name: password.confirm Displays the password confirmation form for sensitive operations.

Confirm Password

POST /confirm-password
Middleware: auth
Controller: ConfirmablePasswordController@store Validates the user’s current password.

Update Password

PUT /password
Middleware: auth
Controller: PasswordController@update
Route Name: password.update Updates the authenticated user’s password.

Logout

Logout

POST /logout
Middleware: auth
Controller: AuthenticatedSessionController@destroy
Route Name: logout Logs out the authenticated user and destroys their session.

Middleware Reference

  • guest: Only accessible to unauthenticated users
  • auth: Requires authentication
  • signed: Validates signed URLs
  • throttle:6,1: Rate limits to 6 requests per 1 minute

Build docs developers (and LLMs) love

Get started for freeTalk to us