Passwordless Authentication with Laravel

Sign in Get started

This episode is for members only

Sign up to access "Passwordless Authentication with Laravel" right now.

Already a member? Sign in to continue

Playing

06. Authenticating the user securely

Episodes

0%

Your progress

Total: 58m
Played: 0m
Remaining: 58m

Join or sign in to track your progress

01. Introduction and demo

02. Crafting the login page

03. Making use of Laravel Actions

04. The magic login link email

05. Generating a signed URL for authentication

06. Authenticating the user securely

07. Registering users

08. Sending the magic login link again

09. Testing the login flow

10. Testing the registration flow

Transcript

00:00

Before we move on to actually authenticate the user within this route just here, let's create out a home page here to replace the default welcome page. So let's open up welcome.blade.php and let's go ahead and grab the template for login.

00:14

We just want to show the currently authenticated user in here. So let's get rid of everything that we have inside of this form here. Let's switch this form over to a div and let's, of course, get rid of the action and method because that's now not a form.

00:28

Inside of here we're just going to go ahead and use the auth blade directive and that's only going to show if the user is signed in. And let's just greet the user in here with a header. We can bring back them styles that we saw before.

00:44

In fact, let's just say text gray 600 and we'll make this a paragraph instead. So we're just going to say hey and then the authenticated user's name. So auth user and name. OK, so if we head over to the home page now, of course, we don't see anything because

01:03

this directive is stopping this from being rendered out because we're not signed in. But once we are signed in, once we update our login controller, we, of course, should see that details or those details. So I'm just going to give this a name real quick.

01:17

So let's call this home just so we have somewhere to redirect to. While we're here as well, a good idea is to head over to our root service provider. By default, this is set to slash home for the home page. And Laravel uses this internally within middleware to redirect the user

01:34

if they are already signed in. So I'm going to change that back to slash because that is technically our home page. OK, so now that we've done that, we can actually authenticate the user within this login controller and we should be good to go.

01:46

This is really, really simple because we know this is a signed protected controller, signed URL protected controller. So no one can access this unless they have the correct signature and it's not expired. So in here, there's no real other checks that we need to do

02:01

apart from just logging the user in. We know we've got the user model in here, so we can just use the auth helper or the auth facade. You could do this like this if you prefer and log the user in.

02:13

That's all we need to do. Now we can go ahead and return and redirect the user to the home page. And that's going to greet them with their signed in name. So let's head over.

02:28

Of course, that doesn't work at the moment, but we're going to go over to auth and login, enter our email address and hit that get magic link button, grab the magic link, sign in. And that should redirect us over and we now signed it.

Episode summary

In this episode, we're focusing on securely authenticating a user in our app. First, we swap out the default Laravel welcome page with our own custom home view. Instead of showing a login form, we clean things up so that it will just greet the authenticated user by name using the @auth Blade directive. We style the message a bit, and set up the home page so it's ready to show when a user is logged in.

Next, we take care of some backend housekeeping by updating the root service provider, making sure that when users are redirected (for example, after login), they come back to the main home page at / rather than /home.

With the home view prepped, we turn to the login logic. Since we're using a signed URL to access the authentication route, we don't need any extra checks—if the request makes it this far, the user is good to go! We log them in using Laravel's Auth system and then redirect them to the home page, where they'll see their name displayed.

Finally, we test the flow end-to-end: submitting the email, clicking the magic link, getting logged in, and seeing a friendly greeting as confirmation. This makes sure the authentication is both secure and user-friendly.

Episode discussion

No comments, yet. Be the first!