Laravel Breeze & Starter Kits: Quick Authentication Setup
Learn Laravel Breeze and starter kits to scaffold authentication, Blade & Livewire stacks, plus production debugging and security best practices..
20+ years shipping production PHP systems at scale. Written from production experience, not tutorials.
- ✓Basic knowledge of PHP and Laravel (routing, controllers, Blade)
- ✓PHP 8.0+ and Composer installed
- ✓Node.js and NPM for frontend assets
- ✓A database (MySQL, PostgreSQL, SQLite)
- Laravel Breeze provides minimal, simple authentication scaffolding.
- It offers Blade with Alpine, Livewire, and Inertia stacks.
- Starter kits like Jetstream add teams, two-factor auth, and API support.
- Breeze is ideal for small to medium projects; Jetstream for larger apps.
- Customization is easy via published views and controllers.
Think of Laravel Breeze as a pre-built starter pack for your house. Instead of building the walls, doors, and locks from scratch, Breeze gives you a ready-made entrance (login, registration) that you can paint and decorate as you like. Starter kits like Jetstream are like a luxury package that also includes a security system, guest rooms (teams), and a separate service entrance (API).
| Chrome | Firefox | Safari | Edge |
|---|---|---|---|
| ✓ | ✓ | ✓ | ✓ |
Building authentication from scratch in Laravel is doable but repetitive. Laravel Breeze and starter kits solve this by providing pre-built, secure authentication scaffolding that you can customize. Breeze is the lightweight option—perfect for small to medium projects where you just need login, registration, password reset, and email verification. It offers multiple frontend stacks: Blade with Alpine.js, Livewire, or Inertia (React/Vue/Svelte). Starter kits like Laravel Jetstream go further with team management, two-factor authentication, and API support via Sanctum.
In this tutorial, you'll learn how to install Breeze, choose a stack, customize views, and add features. We'll also cover production debugging, common mistakes, and interview questions. By the end, you'll be able to scaffold a complete authentication system in minutes and adapt it to your project's needs.
Real-world motivation: Imagine you're building a SaaS app. You need user accounts, password resets, and maybe teams. Writing all that from scratch takes days and risks security holes. Breeze gives you a solid foundation in seconds, letting you focus on your unique features.
What is Laravel Breeze?
Laravel Breeze is a minimal, simple implementation of all Laravel's authentication features, including login, registration, password reset, email verification, and password confirmation. It's designed to be a starting point that you can easily customize. Breeze offers three frontend stacks:
- Blade with Alpine.js: Uses Blade templates and Alpine.js for interactivity. Ideal for traditional server-rendered apps.
- Livewire: Uses Laravel Livewire for dynamic components without writing JavaScript. Great for real-time interfaces.
- Inertia: Uses Inertia.js with Vue or React for a single-page application feel while keeping server-side routing.
Breeze does not include team management or two-factor authentication. For those features, consider Laravel Jetstream.
To install Breeze, you need a fresh Laravel application. Then run:
``bash composer require laravel/breeze --dev php artisan breeze:install blade npm install && npm run dev php artisan migrate ``
This scaffolds the authentication views, controllers, routes, and migrations. After installation, you can access /login, /register, etc.
Customizing Breeze Views and Routes
After installing Breeze, you can customize the views, routes, and controllers. The views are located in resources/views/auth/ and resources/views/layouts/. To publish the views for customization, run:
``bash php artisan vendor:publish --tag=laravel-breeze-views ``
This copies the views to resources/views/vendor/breeze/. You can then edit them as needed. For example, to change the login form, edit resources/views/vendor/breeze/auth/login.blade.php.
Routes are defined in routes/auth.php (included from routes/web.php). You can modify the redirect path after login by editing the HOME constant in App\Providers\RouteServiceProvider:
``php public const HOME = '/dashboard'; ``
Controllers are in App\Http\Controllers\Auth\. You can override any method by extending the controller. For example, to add custom logic after registration, override the registered() method in RegisteredUserController.
To change validation rules, modify the requests in App\Http\Requests\Auth\.
Adding Two-Factor Authentication with Breeze
Breeze does not include two-factor authentication (2FA) out of the box. However, you can easily add it using Laravel's built-in support or packages like 'laravel/fortify'. Fortify is a headless authentication backend that works well with Breeze.
To add 2FA with Fortify:
- Install Fortify:
composer require laravel/fortify - Publish Fortify's config and views:
php artisan vendor:publish --provider="Laravel\Fortify\FortifyServiceProvider" - Enable 2FA in config/fortify.php:
'features' => ['two-factor-authentication'], - Add the TwoFactorAuthenticatable trait to your User model.
- Run migrations:
php artisan migrate - Update your login view to include a 2FA challenge form.
Alternatively, you can implement 2FA manually using the 'google2fa-laravel' package. This is more flexible but requires more code.
Example of enabling 2FA in User model:
```php use Laravel\Fortify\TwoFactorAuthenticatable;
class User extends Authenticatable { use TwoFactorAuthenticatable; } ```
Then users can enable 2FA from their profile settings.
Laravel Jetstream: The Advanced Starter Kit
Laravel Jetstream is a more feature-rich starter kit compared to Breeze. It includes:
- Team management (invite, remove members)
- Two-factor authentication
- Session management (log out other devices)
- API support via Laravel Sanctum
- Profile management with profile photos
Jetstream also offers Livewire and Inertia stacks. To install Jetstream:
``bash composer require laravel/jetstream php artisan jetstream:install livewire npm install && npm run dev php artisan migrate ``
Jetstream uses Livewire components for its UI. You can customize them by publishing the Livewire components:
``bash php artisan vendor:publish --tag=jetstream-views ``
Jetstream's team management allows users to create teams and invite others. Each team can have its own settings. This is ideal for SaaS applications where users belong to organizations.
API support is built-in via Sanctum. You can issue API tokens from the user's profile. This enables mobile app or third-party integrations.
Jetstream is more opinionated than Breeze, so customization may require more effort. However, it saves time for complex applications.
Securing Your Breeze Application
Security is paramount when dealing with authentication. Here are best practices for Breeze applications:
- Use HTTPS: Always serve your app over HTTPS in production. Set
SESSION_SECURE_COOKIE=trueandSANCTUM_STATEFUL_DOMAINSaccordingly. - Rate Limiting: Laravel includes rate limiting for login and other routes. Ensure it's enabled in
App\Http\Kernel. - Password Strength: Enforce strong passwords using validation rules. Breeze uses
min:8by default; consider addingmixedCase,letters,numbers,symbols. - CSRF Protection: All forms include
@csrf. Never remove it. - Email Verification: Enable email verification to ensure users own their email addresses. Add the
verifiedmiddleware to sensitive routes. - Session Management: Regenerate session ID after login to prevent session fixation. Breeze does this automatically.
- Logging: Log authentication attempts for monitoring. You can listen to events like
Illuminate\Auth\Events\Login.
Example of adding password validation in a request:
```php use Illuminate\Validation\Rules\Password;
$request->validate([ 'password' => ['required', 'confirmed', Password::min(8)->mixedCase()->numbers()->symbols()], ]); ```
Also, consider using Laravel's built-in security features like 'throttle' middleware on login routes.
Testing Authentication with PHPUnit
Laravel provides testing helpers for authentication. Breeze scaffolds tests in tests/Feature/Auth/. You can run them with:
``bash php artisan test ``
These tests cover registration, login, password reset, email verification, and password confirmation. You can extend them to cover custom logic.
Example of a registration test:
```php public function test_new_users_can_register() { $response = $this->post('/register', [ 'name' => 'Test User', 'email' => 'test@example.com', 'password' => 'password', 'password_confirmation' => 'password', ]);
$this->assertAuthenticated(); $response->assertRedirect(RouteServiceProvider::HOME); } ```
When testing email verification, you may need to use Mail::fake() to prevent actual emails.
For Jetstream, tests are also provided. They cover team creation, invitations, and API token management.
Always run tests before deploying to ensure nothing is broken.
The Case of the Missing Email Verification
- Always configure mail drivers when using email verification.
- Check middleware stack for routes that require verification.
- Test the full registration flow in a staging environment.
- Use logging to catch silent redirect failures.
- Document authentication assumptions in your project README.
tail -f storage/logs/laravel.logphp artisan route:list | grep home| File | Command / Code | Purpose |
|---|---|---|
| install-breeze.sh | composer require laravel/breeze --dev | What is Laravel Breeze? |
| customize-login.blade.php | Customizing Breeze Views and Routes | |
| enable-2fa.php | 'features' => [ | Adding Two-Factor Authentication with Breeze |
| install-jetstream.sh | composer require laravel/jetstream | Laravel Jetstream |
| password-validation.php | use Illuminate\Validation\Rules\Password; | Securing Your Breeze Application |
| registration-test.php | namespace Tests\Feature\Auth; | Testing Authentication with PHPUnit |
Key takeaways
Common mistakes to avoid
3 patternsModifying vendor files directly
Forgetting to run migrations after installing Breeze
Not configuring mail for email verification
Interview Questions on This Topic
What is the difference between Laravel Breeze and Jetstream?
Frequently Asked Questions
20+ years shipping production PHP systems at scale. Written from production experience, not tutorials.
That's Laravel. Mark it forged?
4 min read · try the examples if you haven't