Freek Van der Herten's blog on PHP, Laravel and JavaScript

Posts tagged with authentication

Laravel Permission v7 has been launched

Feb 11th 2026 by Freek Van der Herten – 3 minute read

Laravel's built-in authorization is great when permissions are defined in code. With gates and policies, you can write logic like this:

// Defined in code, requires a deploy to change
Gate::define('edit-posts', function (User $user) {
    return $user->is_admin;
});

But in some projects roles and permissions are dynamic: created by users, managed through an admin panel, or changed at runtime without deploying code. Our Laravel Permission package can help you dynamically create roles and permissions.

We just released v7 which doesn't bring any new features, but cleans up the internal code and modernizes it. Let me walk you through what the package can do.

How to use one-time passwords in Laravel

Jun 11th 2025 – www.youtube.com

A nice video from Povilas on our newest pacakage

A package to handle one-time passwords (OTP) in Laravel apps

May 22nd 2025 – spatie.be

Our new package gives you everything you need to build a secure one-time password auth flow.

A package to handle passkeys in Laravel

May 9th 2025 – spatie.be

I’m proud to announce that we’ve released a new package called spatie/laravel-passkeys that makes adding passkeys to a Laravel app as easy as it can be.

A Sneaky Phish Just Grabbed my Mailchimp Mailing List

Apr 3rd 2025 – www.troyhunt.com

Troy Hunt recently becaming the victim of phising. This proves yet again, that this can happen to anyone, not only non-technical people.

Introducing laravel-tfa-confirmation

Feb 11th 2025 – stefanzweifel.dev - submitted by Stefan Zweifel

A new Laravel package to protect sensitive routes or actions with a confirmation-screen and ask for the two-factor authentication code of a user.

Don't hardcode admin domains for auth

Dec 23rd 2024 – securinglaravel.com

Stephen Rees-Carter tells how hardcoding admin domains in code can lead to security vulnerabilities

Exploring Laravel Login Link

Jan 23rd 2024 – laracasts.com

Here's a cool Laracasts video made by Christoph Rumpel that demostrates our spatie/laravel-login-link package.

Leveraging CloudFlare Workers for Edge API Authentication

Nov 15th 2023 – flareapp.io - submitted by Spatie

Discover how we're using Cloudflare Workers to perform API authentication on the edge to make our infrastructure more cost-effective.

Implementing social logins at Flare

Jul 31st 2023 – flareapp.io

You can now log into Flare and Oh Dear using your Google or GitHub account. In this blog post, you'll see the code that powers the social login feature.

Sending a request with HMAC SHA256 signature using Postman

Jun 26th 2023 – rubenvanassche.com

Here's how my colleague Ruben managed to do this in Flare.

Using Laravel Sanctum to create dynamic abilities

Feb 8th 2023 by Freek Van der Herten – 12 minute read

In Oh Dear, we recently added the ability to create fine-grained API tokens that are scoped by a model. Behind the scenes, it uses Laravel Sanctum to create and verify abilities.

In this blog post, I'd like to give you a peek behind the scenes and show how we set this up.

Learning Laravel: Assets and Authentication

Aug 26th 2022 – tighten.com - submitted by Jamison Valenta

Looking for a fun way to dive deeper into Laravel that's not just a to-do list tutorial? Our "Learning Laravel" series by Kristin Collins is exactly what you've been missing!

How the Laravel Login Link package works under the hood

Aug 4th 2022

Povilas Korop of Laravel Daily made a cool video on the internals of our spatie/laravel-login-link package.

Using login links in a Laravel app

May 30th 2022 by Freek Van der Herten – 3 minute read

I'm proud to announce that our team has launched a new package called spatie/laravel-login-link.

In this blog post, I'd like to tell you all about it.

Why I’m Using HTTP Basic Auth in 2022

Jan 12th 2022 – joeldare.com

If you're going to use basic auth, make sure that you use HTTPS.

Custom Access Tokens in Laravel Sanctum

May 12th 2021 – doeken.org

Thanks to Doeke Norg personal access tokens became more flexible in Sanctum. In this blog post, he explains how you might use the new functionality

Laravel WorldWide Meetup #7: signing in with Laravel and how the Laracon Online website was built

Mar 24th 2021 by Freek Van der Herten – 1 minute read

Here's a recording of the Laravel Worldwide Meetup #7.

Miguel Piedrafita talked about the various options of signing in with Laravel. After that, Caneco shared some of the secrets behind the Laracon Online website.

Customise the Email Verification Expiration

Oct 22nd 2020 – bannister.me - submitted by James Bannister

The article dives into a couple of methods for customising the email verification expiration time for verification email sent by Laravel for new users. In one case we use the config setting, in the other we override the verificationUrl method to customise how this is generated.

Selling digital products using Laravel part 2: Logging in using GitHub

Oct 13th 2020 by Freek Van der Herten – 4 minute read

Let's take a look at how people can log in to spatie.be in via GitHub. For this functionality, we use a wonderful Laravel first-party package called Socialite.