Authenticating users in Laravel

Choosing the right authentication package in Laravel can be overwhelming—but fear not! This article discusses the most popular authentication options and when to use them.

Laravel comes packed with many ways to authenticate users. When installing a new application and wanting to add authentication to it, your choices are not limited. The options available to authenticate users within Laravel:

As we can see, there are many installable packages that aim to make the whole process of authentication simple and easy for any developer to get started. However, it may be overwhelming at times to determine which one to use. This article aims to cover what each package is and when it is a good idea to choose one over the others.

Laravel's Default Auth Facade

Before we take a look at the installable packages that can be used to authenticate our users, it may be an important to note that Laravel can authenticate users without having to install any additional packages. One may use the default Auth Facade that ships with the framework. To use it, just ensure that your database has a record for the user that you want to authenticate; thus, we can simply find the user and log him or her in as follows:

$user = User::where('email', '');


This will authenticate the user and create the session as needed. You are free to build whatever custom logic you want around this facade. A small note and something to remember is that all the packages and installable options available within the Laravel ecosystem will make use of this Facade and the login() method to generate authentication sessions.

For more information about how Laravel handles this and what is available to you directly from the framework, check out the complete documentation.

Laravel Breeze

If you are looking for a simple and easy to customize authentication option, then Laravel Breeze is for you. Breeze is the easiest and most customizable of all the options available within the ecosystem. Out of the box, Breeze will provide you with the following:

  1. Login
  2. Registration
  3. Password Resets
  4. Password Confirmations
  5. Profile Management
  6. Email Verification

Furthermore, all of this will come fully unit tested. For most projects, Breeze is the perfect starting point. When installing Breeze, you can also choose the type of project you would like to build, and the package will scaffold the required dependencies for you. This makes Breeze a great way to begin a project. Need Livewire? Breeze will automatically install Livewire and connect all the authentication to use Livewire. Prefer Inertia? Same thing; simply choose which stack you want to work with when installing, and from there, you are ready to build. Pretty neat!

To get started with Laravel Breeze, check out the complete documentation.

Laravel Jetstream

Laravel Jetstream is a more complicated version of Breeze in that it gives you a lot more features available to use. Jetstream comes with the following out of the box:

  1. Login
  2. Registration
  3. Profile Management
  4. Password Reset
  5. Email Verification
  6. Two-Factor Authentication (2FA)
  7. Teams Management
  8. Browser Sessions Management
  9. API Tokens & Permissions

When using Laravel Jetstream, you are able to choose which features you would like to have enabled and can expand the features as you go. The main difference between Jetstream and Breeze is the ease of use. In my personal opinion, Jetstream is a little harder to customize, although it is fully customizable for someone who knows what they are doing. The docs are packed full of examples and methods for overriding the default behavior, so if Jetstream sounds like your cup of tea, I recommend starting there.

Jetstream is a good option if you are looking to build a fully fledged web app. To get started with Laravel Jetstream and learn more about what it can do, check out the complete documentation.

Laravel Fortify

Laravel Fortify is a frontend agnostic implementation of authentication. What this means is the package installed will provide all the needed backend tools to get started with authentication, leaving the entire frontend of your app up to you.

Out of the box, Fortify will provide the backend implementation for the following:

  1. Login
  2. Registration
  3. Password Management
  4. Two-Factor Authentication
  5. Email Verification

We have previously discussed Laravel Jetstream, which makes use of Laravel Fortify for their complete implementation. Fortify is a great option for anyone who wants to get started with Authentication quickly but would prefer to handle the auth logic without being coupled to any UI options that come with the other authentication options.

Installing Fortify on your project is simple and fully documented; check out the complete documentation.

Laravel Sanctum

Unlike the other methods of authentication described above, Sanctum is a way to authenticate based on API tokens. This is really helpful for API-based or SPA-based applications.

When building an SPA or PI, the client (browser) typically makes a request to retrieve an authentication token. This token is then passed to subsequent requests that tell the application whether the token is allowed to access specific types of data. Laravel Sanctum offers a simple way to create these tokens.

Sanctum is a great choice when dealing with mobile apps or providing additional API endpoints to an existing application. The use case for these simple "personal access tokens" is vast and can be applied in many circumstances.

The installation of Sanctum is essentially only going to install a Trait and a Middleware that will hook into your existing authentication system. This allows you to build an app UI using one of the methods implemented above and then implement sanctum on top of it for anything extra.

For more information on Laravel Sanctum, as well as installation instructions, check out the complete documentation.

Laravel Passport

Laravel Passport functions the same as Sanctum. However, the biggest difference is that Passport makes use of OAuth protocol. Thus, the app will need to grant access before API calls can be made. Think about "Login With Facebook" or "Connect to GitHub", these are examples of OAuth.

Laravel Passport provides a way for users to obtain an API key by connecting their app to your app. Once the connection is successful, an API key will be given for the connection.

In most cases, Laravel Passport is not preferred over Laravel Sanctum, and this should be considered when building your application. Passport should only be used when the requirement is to build an OAuth system. It is important to note that Passport requires considerable knowledge and server management to keep it up and running.

Once Passport is installed, and keys have been generated, it functions the same as Sanctum in providing a middleware to authenticate requests.

To Learn more about Laravel Passport, check out the complete documentation.

Which Option Should You Choose?

With all the options above, we can see that it is easy to get overwhelmed with the choices, and it may be difficult at times to decide which one to use.

In my personal opinion, if you are going to be building an application from scratch, the best choice would be Laravel Breeze. Simply install it, publish all files, and hack away on your next application.

Furthermore, if you will be extending an existing application but want to make use of the "Laravel Way", then Laravel Fortify is for you! Install the package and refactor each feature to use the new methods provided.

Additionally, if you want to build a quick MVP but do not care too much about how it looks, I would go with Jetstream and refactor after the initial MVP phase.

Moreover, if you need an API, use any of the above methods and slap Sanctum on top of it.

However, in most cases. Laravel Breeze is the easiest and simplest to work with without locking you in to any hidden pieces of code or methodologies.


The Laravel ecosystem is vast, and each of the above packages are actively maintained, which means that they will get better over time. This makes Laravel a good choice for your next application. With so many approaches to authentication, developers have the freedom to build whatever they want with as much freedom as they could ever need. What will you build next?

What to do next:
  1. Try Honeybadger for FREE
    Honeybadger helps you find and fix errors before your users can even report them. Get set up in minutes and check monitoring off your to-do list.
    Start free trial
    Easy 5-minute setup — No credit card required
  2. Get the Honeybadger newsletter
    Each month we share news, best practices, and stories from the DevOps & monitoring community—exclusively for developers like you.
    author photo

    Devin Gray

    Laravel Enthusiast… Part Time Human Being

    More articles by Devin Gray
    Stop wasting time manually checking logs for errors!

    Try the only application health monitoring tool that allows you to track application errors, uptime, and cron jobs in one simple platform.

    • Know when critical errors occur, and which customers are affected.
    • Respond instantly when your systems go down.
    • Improve the health of your systems over time.
    • Fix problems before your customers can report them!

    As developers ourselves, we hated wasting time tracking down errors—so we built the system we always wanted.

    Honeybadger tracks everything you need and nothing you don't, creating one simple solution to keep your application running and error free so you can do what you do best—release new code. Try it free and see for yourself.

    Start free trial
    Simple 5-minute setup — No credit card required

    Learn more

    "We've looked at a lot of error management systems. Honeybadger is head and shoulders above the rest and somehow gets better with every new release."
    — Michael Smith, Cofounder & CTO of YvesBlue

    Honeybadger is trusted by top companies like:

    “Everyone is in love with Honeybadger ... the UI is spot on.”
    Molly Struve, Sr. Site Reliability Engineer, Netflix
    Start free trial
    Are you using Sentry, Rollbar, Bugsnag, or Airbrake for your monitoring? Honeybadger includes error tracking with a whole suite of amazing monitoring tools — all for probably less than you're paying now. Discover why so many companies are switching to Honeybadger here.
    Start free trial