Authentication backends shouldn't dictate frontend. Laravel Fortify separates authentication logic from views, enabling any frontend framework. At ZIRA Software, Fortify powers authentication for React, Vue, and mobile applications.
Installation
composer require laravel/fortify
php artisan vendor:publish --provider="Laravel\Fortify\FortifyServiceProvider"
php artisan migrateConfiguration
config/fortify.php:
'features' => [
Features::registration(),
Features::resetPasswords(),
Features::emailVerification(),
Features::updateProfileInformation(),
Features::updatePasswords(),
Features::twoFactorAuthentication([
'confirmPassword' => true,
]),
],Registration
API endpoint (automatic):
POST /register
{
"name": "John Doe",
"email": "john@example.com",
"password": "password",
"password_confirmation": "password"
}Customize registration:
// app/Actions/Fortify/CreateNewUser.php
use Laravel\Fortify\Contracts\CreatesNewUsers;
class CreateNewUser implements CreatesNewUsers
{
public function create(array $input)
{
Validator::make($input, [
'name' => ['required', 'string', 'max:255'],
'email' => ['required', 'string', 'email', 'max:255', 'unique:users'],
'password' => $this->passwordRules(),
])->validate();
return User::create([
'name' => $input['name'],
'email' => $input['email'],
'password' => Hash::make($input['password']),
]);
}
protected function passwordRules()
{
return ['required', 'string', new Password, 'confirmed'];
}
}Login
POST /login
{
"email": "john@example.com",
"password": "password"
}Customize authentication:
// app/Providers/FortifyServiceProvider.php
use Laravel\Fortify\Fortify;
Fortify::authenticateUsing(function (Request $request) {
$user = User::where('email', $request->email)->first();
if ($user && Hash::check($request->password, $user->password)) {
return $user;
}
});Two-Factor Authentication
Enable 2FA:
POST /user/two-factor-authentication
# Enables 2FA and returns QR codeGet QR code:
GET /user/two-factor-qr-code
# Returns SVG QR codeGet recovery codes:
GET /user/two-factor-recovery-codesConfirm 2FA:
POST /user/confirmed-two-factor-authentication
{
"code": "123456"
}Password Reset
Request reset:
POST /forgot-password
{
"email": "john@example.com"
}Reset password:
POST /reset-password
{
"token": "...",
"email": "john@example.com",
"password": "newpassword",
"password_confirmation": "newpassword"
}Email Verification
Send verification:
POST /email/verification-notificationVerify email:
GET /email/verify/{id}/{hash}?expires=...&signature=...Profile Update
PUT /user/profile-information
{
"name": "John Updated",
"email": "john.updated@example.com"
}Password Update
PUT /user/password
{
"current_password": "oldpassword",
"password": "newpassword",
"password_confirmation": "newpassword"
}Frontend Integration
React example:
// Login component
async function handleLogin(email, password) {
// Get CSRF cookie first
await axios.get('/sanctum/csrf-cookie');
// Login
const response = await axios.post('/login', {
email,
password,
});
// User is now authenticated
// Subsequent requests include session cookie
}
// Enable 2FA
async function enable2FA() {
await axios.post('/user/two-factor-authentication');
// Get QR code
const qrResponse = await axios.get('/user/two-factor-qr-code');
setQrCode(qrResponse.data.svg);
// Get recovery codes
const codesResponse = await axios.get('/user/two-factor-recovery-codes');
setRecoveryCodes(codesResponse.data);
}Responses
Fortify responses:
// app/Providers/FortifyServiceProvider.php
use Laravel\Fortify\Fortify;
Fortify::loginView(function () {
return view('auth.login');
});
// For API/SPA, return JSON
Fortify::registerView(function () {
abort(404); // Disable view, use API only
});Validation
Custom validation:
use Laravel\Fortify\Rules\Password;
// In CreateNewUser action
'password' => ['required', 'string', (new Password)->length(10)->requireNumeric(), 'confirmed'],Conclusion
Laravel Fortify provides authentication backend without views. Perfect for SPAs, mobile apps, and custom frontends requiring flexible authentication.
Need headless authentication? Contact ZIRA Software for Laravel Fortify implementation.