Home PHP Laravel Breeze & Starter Kits: Quick Authentication Setup
Beginner 4 min · July 13, 2026

Laravel Breeze & Starter Kits: Quick Authentication Setup

Learn Laravel Breeze and starter kits to scaffold authentication, Blade & Livewire stacks, plus production debugging and security best practices..

N
Naren Founder & Principal Engineer

20+ years shipping production PHP systems at scale. Written from production experience, not tutorials.

Follow
Production
production tested
July 13, 2026
last updated
2,073
articles · all by Naren
Before you start⏱ 15-20 min read
  • Basic knowledge of PHP and Laravel (routing, controllers, Blade)
  • PHP 8.0+ and Composer installed
  • Node.js and NPM for frontend assets
  • A database (MySQL, PostgreSQL, SQLite)
 ● Production Incident 🔎 Debug Guide ⚙ Triage Commands
Quick Answer
  • Laravel Breeze provides minimal, simple authentication scaffolding.
  • It offers Blade with Alpine, Livewire, and Inertia stacks.
  • Starter kits like Jetstream add teams, two-factor auth, and API support.
  • Breeze is ideal for small to medium projects; Jetstream for larger apps.
  • Customization is easy via published views and controllers.
✦ Definition~90s read
What is Laravel Breeze and Starter Kits?

Laravel Breeze is a minimal, pre-built authentication scaffolding for Laravel that gives you login, registration, password reset, and email verification with multiple frontend options.

Think of Laravel Breeze as a pre-built starter pack for your house.
Plain-English First

Think of Laravel Breeze as a pre-built starter pack for your house. Instead of building the walls, doors, and locks from scratch, Breeze gives you a ready-made entrance (login, registration) that you can paint and decorate as you like. Starter kits like Jetstream are like a luxury package that also includes a security system, guest rooms (teams), and a separate service entrance (API).

⚙ Browser compatibility
Latest versions — ✓ supported
ChromeFirefoxSafariEdge

Building authentication from scratch in Laravel is doable but repetitive. Laravel Breeze and starter kits solve this by providing pre-built, secure authentication scaffolding that you can customize. Breeze is the lightweight option—perfect for small to medium projects where you just need login, registration, password reset, and email verification. It offers multiple frontend stacks: Blade with Alpine.js, Livewire, or Inertia (React/Vue/Svelte). Starter kits like Laravel Jetstream go further with team management, two-factor authentication, and API support via Sanctum.

In this tutorial, you'll learn how to install Breeze, choose a stack, customize views, and add features. We'll also cover production debugging, common mistakes, and interview questions. By the end, you'll be able to scaffold a complete authentication system in minutes and adapt it to your project's needs.

Real-world motivation: Imagine you're building a SaaS app. You need user accounts, password resets, and maybe teams. Writing all that from scratch takes days and risks security holes. Breeze gives you a solid foundation in seconds, letting you focus on your unique features.

What is Laravel Breeze?

Laravel Breeze is a minimal, simple implementation of all Laravel's authentication features, including login, registration, password reset, email verification, and password confirmation. It's designed to be a starting point that you can easily customize. Breeze offers three frontend stacks:

  • Blade with Alpine.js: Uses Blade templates and Alpine.js for interactivity. Ideal for traditional server-rendered apps.
  • Livewire: Uses Laravel Livewire for dynamic components without writing JavaScript. Great for real-time interfaces.
  • Inertia: Uses Inertia.js with Vue or React for a single-page application feel while keeping server-side routing.

Breeze does not include team management or two-factor authentication. For those features, consider Laravel Jetstream.

To install Breeze, you need a fresh Laravel application. Then run:

``bash composer require laravel/breeze --dev php artisan breeze:install blade npm install && npm run dev php artisan migrate ``

This scaffolds the authentication views, controllers, routes, and migrations. After installation, you can access /login, /register, etc.

install-breeze.shPHP
1
2
3
4
composer require laravel/breeze --dev
php artisan breeze:install blade
npm install && npm run dev
php artisan migrate
Output
Breeze scaffolding installed successfully.
💡Choose the Right Stack
📊 Production Insight
In production, always use HTTPS and set SESSION_SECURE_COOKIE=true in .env to prevent session hijacking.
🎯 Key Takeaway
Breeze provides a quick, customizable authentication scaffold with multiple frontend options.

Customizing Breeze Views and Routes

After installing Breeze, you can customize the views, routes, and controllers. The views are located in resources/views/auth/ and resources/views/layouts/. To publish the views for customization, run:

``bash php artisan vendor:publish --tag=laravel-breeze-views ``

This copies the views to resources/views/vendor/breeze/. You can then edit them as needed. For example, to change the login form, edit resources/views/vendor/breeze/auth/login.blade.php.

Routes are defined in routes/auth.php (included from routes/web.php). You can modify the redirect path after login by editing the HOME constant in App\Providers\RouteServiceProvider:

``php public const HOME = '/dashboard'; ``

Controllers are in App\Http\Controllers\Auth\. You can override any method by extending the controller. For example, to add custom logic after registration, override the registered() method in RegisteredUserController.

To change validation rules, modify the requests in App\Http\Requests\Auth\.

customize-login.blade.phpPHP
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
<!-- resources/views/vendor/breeze/auth/login.blade.php -->
<x-guest-layout>
    <x-auth-card>
        <x-slot name="logo">
            <a href="/">
                <x-application-logo class="w-20 h-20 fill-current text-gray-500" />
            </a>
        </x-slot>

        <!-- Session Status -->
        <x-auth-session-status class="mb-4" :status="session('status')" />

        <!-- Validation Errors -->
        <x-auth-validation-errors class="mb-4" :errors="$errors" />

        <form method="POST" action="{{ route('login') }}">
            @csrf

            <!-- Email Address -->
            <div>
                <x-label for="email" :value="__('Email')" />
                <x-input id="email" class="block mt-1 w-full" type="email" name="email" :value="old('email')" required autofocus />
            </div>

            <!-- Password -->
            <div class="mt-4">
                <x-label for="password" :value="__('Password')" />
                <x-input id="password" class="block mt-1 w-full" type="password" name="password" required autocomplete="current-password" />
            </div>

            <!-- Remember Me -->
            <div class="block mt-4">
                <label for="remember_me" class="inline-flex items-center">
                    <input id="remember_me" type="checkbox" class="rounded border-gray-300 text-indigo-600 shadow-sm focus:border-indigo-300 focus:ring focus:ring-indigo-200 focus:ring-opacity-50" name="remember">
                    <span class="ml-2 text-sm text-gray-600">{{ __('Remember me') }}</span>
                </label>
            </div>

            <div class="flex items-center justify-end mt-4">
                @if (Route::has('password.request'))
                    <a class="underline text-sm text-gray-600 hover:text-gray-900" href="{{ route('password.request') }}">
                        {{ __('Forgot your password?') }}
                    </a>
                @endif

                <x-button class="ml-3">
                    {{ __('Log in') }}
                </x-button>
            </div>
        </form>
    </x-auth-card>
</x-guest-layout>
🔥Customization Best Practice
📊 Production Insight
Avoid modifying vendor files directly. Use vendor:publish to keep upgrades smooth.
🎯 Key Takeaway
You can fully customize Breeze's views, routes, and controllers by publishing and overriding them.

Adding Two-Factor Authentication with Breeze

Breeze does not include two-factor authentication (2FA) out of the box. However, you can easily add it using Laravel's built-in support or packages like 'laravel/fortify'. Fortify is a headless authentication backend that works well with Breeze.

  1. Install Fortify: composer require laravel/fortify
  2. Publish Fortify's config and views: php artisan vendor:publish --provider="Laravel\Fortify\FortifyServiceProvider"
  3. Enable 2FA in config/fortify.php: 'features' => ['two-factor-authentication'],
  4. Add the TwoFactorAuthenticatable trait to your User model.
  5. Run migrations: php artisan migrate
  6. Update your login view to include a 2FA challenge form.

Alternatively, you can implement 2FA manually using the 'google2fa-laravel' package. This is more flexible but requires more code.

```php use Laravel\Fortify\TwoFactorAuthenticatable;

class User extends Authenticatable { use TwoFactorAuthenticatable; } ```

Then users can enable 2FA from their profile settings.

enable-2fa.phpPHP
1
2
3
4
5
6
7
8
9
10
11
12
// config/fortify.php
'features' => [
    Features::registration(),
    Features::resetPasswords(),
    Features::emailVerification(),
    Features::updateProfileInformation(),
    Features::updatePasswords(),
    Features::twoFactorAuthentication([
        'confirm' => true,
        'confirmPassword' => true,
    ]),
],
⚠ 2FA Requires Queue and Mail
📊 Production Insight
Always test 2FA flows thoroughly. Users often get confused by recovery codes; provide clear instructions.
🎯 Key Takeaway
Add 2FA to Breeze using Laravel Fortify or a third-party package for enhanced security.

Laravel Jetstream: The Advanced Starter Kit

Laravel Jetstream is a more feature-rich starter kit compared to Breeze. It includes:

  • Team management (invite, remove members)
  • Two-factor authentication
  • Session management (log out other devices)
  • API support via Laravel Sanctum
  • Profile management with profile photos

Jetstream also offers Livewire and Inertia stacks. To install Jetstream:

``bash composer require laravel/jetstream php artisan jetstream:install livewire npm install && npm run dev php artisan migrate ``

Jetstream uses Livewire components for its UI. You can customize them by publishing the Livewire components:

``bash php artisan vendor:publish --tag=jetstream-views ``

Jetstream's team management allows users to create teams and invite others. Each team can have its own settings. This is ideal for SaaS applications where users belong to organizations.

API support is built-in via Sanctum. You can issue API tokens from the user's profile. This enables mobile app or third-party integrations.

Jetstream is more opinionated than Breeze, so customization may require more effort. However, it saves time for complex applications.

install-jetstream.shPHP
1
2
3
4
composer require laravel/jetstream
php artisan jetstream:install livewire
npm install && npm run dev
php artisan migrate
Output
Jetstream scaffolding installed successfully.
💡When to Use Jetstream vs Breeze
📊 Production Insight
Jetstream's team management can become complex. Plan your team hierarchy early to avoid refactoring.
🎯 Key Takeaway
Jetstream extends Breeze with teams, 2FA, and API support, making it suitable for larger applications.

Securing Your Breeze Application

Security is paramount when dealing with authentication. Here are best practices for Breeze applications:

  1. Use HTTPS: Always serve your app over HTTPS in production. Set SESSION_SECURE_COOKIE=true and SANCTUM_STATEFUL_DOMAINS accordingly.
  2. Rate Limiting: Laravel includes rate limiting for login and other routes. Ensure it's enabled in App\Http\Kernel.
  3. Password Strength: Enforce strong passwords using validation rules. Breeze uses min:8 by default; consider adding mixedCase, letters, numbers, symbols.
  4. CSRF Protection: All forms include @csrf. Never remove it.
  5. Email Verification: Enable email verification to ensure users own their email addresses. Add the verified middleware to sensitive routes.
  6. Session Management: Regenerate session ID after login to prevent session fixation. Breeze does this automatically.
  7. Logging: Log authentication attempts for monitoring. You can listen to events like Illuminate\Auth\Events\Login.

```php use Illuminate\Validation\Rules\Password;

$request->validate([ 'password' => ['required', 'confirmed', Password::min(8)->mixedCase()->numbers()->symbols()], ]); ```

Also, consider using Laravel's built-in security features like 'throttle' middleware on login routes.

password-validation.phpPHP
1
2
3
4
5
use Illuminate\Validation\Rules\Password;

$request->validate([
    'password' => ['required', 'confirmed', Password::min(8)->mixedCase()->numbers()->symbols()],
]);
⚠ Never Trust User Input
📊 Production Insight
Use Laravel's built-in security features. Avoid reinventing the wheel; rely on well-tested packages.
🎯 Key Takeaway
Secure your Breeze app with HTTPS, rate limiting, strong passwords, and email verification.

Testing Authentication with PHPUnit

Laravel provides testing helpers for authentication. Breeze scaffolds tests in tests/Feature/Auth/. You can run them with:

``bash php artisan test ``

These tests cover registration, login, password reset, email verification, and password confirmation. You can extend them to cover custom logic.

```php public function test_new_users_can_register() { $response = $this->post('/register', [ 'name' => 'Test User', 'email' => 'test@example.com', 'password' => 'password', 'password_confirmation' => 'password', ]);

$this->assertAuthenticated(); $response->assertRedirect(RouteServiceProvider::HOME); } ```

When testing email verification, you may need to use Mail::fake() to prevent actual emails.

For Jetstream, tests are also provided. They cover team creation, invitations, and API token management.

Always run tests before deploying to ensure nothing is broken.

registration-test.phpPHP
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
<?php

namespace Tests\Feature\Auth;

use App\Providers\RouteServiceProvider;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\TestCase;

class RegistrationTest extends TestCase
{
    use RefreshDatabase;

    public function test_new_users_can_register()
    {
        $response = $this->post('/register', [
            'name' => 'Test User',
            'email' => 'test@example.com',
            'password' => 'password',
            'password_confirmation' => 'password',
        ]);

        $this->assertAuthenticated();
        $response->assertRedirect(RouteServiceProvider::HOME);
    }
}
Output
OK (1 test, 2 assertions)
🔥Test Database
📊 Production Insight
Add tests for any custom authentication logic. This prevents accidental breakage during updates.
🎯 Key Takeaway
Breeze includes tests for all authentication features. Run them regularly to catch regressions.
● Production incidentPOST-MORTEMseverity: high

The Case of the Missing Email Verification

Symptom
New users registered successfully but were redirected to a blank page instead of the dashboard.
Assumption
The developer assumed Breeze's default email verification was optional and disabled it.
Root cause
Breeze's middleware 'verified' was applied to the dashboard route, but the email verification was not configured (no mail driver). The redirect was failing silently.
Fix
Set up a proper mail driver (e.g., Mailtrap for development) and ensure the 'verified' middleware is only applied where needed. Alternatively, disable email verification by removing the middleware.
Key lesson
  • Always configure mail drivers when using email verification.
  • Check middleware stack for routes that require verification.
  • Test the full registration flow in a staging environment.
  • Use logging to catch silent redirect failures.
  • Document authentication assumptions in your project README.
Production debug guideSymptom to Action4 entries
Symptom · 01
Login redirects to /home but user sees 404
Fix
Check routes/web.php for the redirect path. Breeze uses 'home' by default. Ensure a route named 'home' exists or change the redirect in App\Providers\RouteServiceProvider.
Symptom · 02
Registration fails with 'The password confirmation does not match'
Fix
Check that the form includes a 'password_confirmation' field and that validation rules are correct. Also verify that the request uses POST method.
Symptom · 03
Email verification link returns 419
Fix
This is usually a CSRF token mismatch. Ensure the verification route is excluded from CSRF protection in App\Http\Middleware\VerifyCsrfToken if using a custom frontend.
Symptom · 04
Livewire component not rendering after Breeze install
Fix
Run 'php artisan livewire:publish --config' and check that Livewire is properly installed. Also ensure your layout includes @livewireStyles and @livewireScripts.
★ Quick Debug Cheat SheetCommon Breeze issues and immediate fixes.
Blank page after login
Immediate action
Check Laravel logs (storage/logs/laravel.log)
Commands
tail -f storage/logs/laravel.log
php artisan route:list | grep home
Fix now
Add a route named 'home' or change the redirect in RouteServiceProvider.
Email not sent+
Immediate action
Verify mail configuration in .env
Commands
php artisan config:show mail
php artisan tinker --execute="Mail::raw('test', function($msg){ $msg->to('test@example.com'); })"
Fix now
Set MAIL_MAILER=log for development to see emails in storage/logs/laravel.log.
CSRF token mismatch+
Immediate action
Check if the form includes @csrf
Commands
php artisan make:middleware VerifyCsrfToken --exclude=api/*
php artisan route:list | grep csrf
Fix now
Add the route to $except array in App\Http\Middleware\VerifyCsrfToken.
FeatureBreezeJetstream
Login/RegistrationYesYes
Password ResetYesYes
Email VerificationYesYes
Two-Factor AuthNoYes
Team ManagementNoYes
API TokensNoYes (Sanctum)
Profile ManagementBasicAdvanced with photos
Frontend StacksBlade+Alpine, Livewire, InertiaLivewire, Inertia
⚙ Quick Reference
6 commands from this guide
FileCommand / CodePurpose
install-breeze.shcomposer require laravel/breeze --devWhat is Laravel Breeze?
customize-login.blade.phpCustomizing Breeze Views and Routes
enable-2fa.php'features' => [Adding Two-Factor Authentication with Breeze
install-jetstream.shcomposer require laravel/jetstreamLaravel Jetstream
password-validation.phpuse Illuminate\Validation\Rules\Password;Securing Your Breeze Application
registration-test.phpnamespace Tests\Feature\Auth;Testing Authentication with PHPUnit

Key takeaways

1
Laravel Breeze provides a quick, customizable authentication scaffold for Laravel apps.
2
Choose the right frontend stack
Blade+Alpine, Livewire, or Inertia.
3
For advanced features like teams and 2FA, use Laravel Jetstream.
4
Always secure your app with HTTPS, rate limiting, and strong passwords.
5
Test authentication flows thoroughly using Laravel's testing helpers.

Common mistakes to avoid

3 patterns
×

Modifying vendor files directly

×

Forgetting to run migrations after installing Breeze

×

Not configuring mail for email verification

INTERVIEW PREP · PRACTICE MODE

Interview Questions on This Topic

Q01JUNIOR
What is the difference between Laravel Breeze and Jetstream?
Q02SENIOR
How can you customize the registration form in Breeze?
Q03SENIOR
How do you add two-factor authentication to a Breeze application?
Q01 of 03JUNIOR

What is the difference between Laravel Breeze and Jetstream?

ANSWER
Breeze is a minimal authentication scaffold with login, registration, password reset, and email verification. Jetstream extends Breeze with team management, two-factor authentication, session management, and API support via Sanctum.
FAQ · 3 QUESTIONS

Frequently Asked Questions

01
Can I use Breeze with an existing Laravel app?
02
How do I change the login redirect path?
03
Does Breeze support social login (OAuth)?
N
Naren Founder & Principal Engineer

20+ years shipping production PHP systems at scale. Written from production experience, not tutorials.

Follow
Verified
production tested
July 13, 2026
last updated
2,073
articles · all by Naren
🔥

That's Laravel. Mark it forged?

4 min read · try the examples if you haven't

Previous
Laravel Filament: Rapid Admin Panel Development
22 / 24 · Laravel
Next
Laravel Sail: Docker Development Environment