Repository files navigation

• Initialization
• Model and Migration
• Configuration
• Service Provider
• Middlewares
• Controllers
• Routing
• Views
• Conclusion

Create a fresh laravel installation with authentication scaffolding included and configureDatabase andMail in.env

laravel new blog --auth

SetupPassword Confirmation

routes/web.php

• copy documentation demoroute and register it as '/confirmed' and make it return 'password confirmed' string

  Route::get('/confirmed',function () {return'password confirmed';})->middleware(['auth','password.confirm']);

SetupEmail Verification

app/User.php

• inApp\User model implementIlluminate\Contracts\Auth\MustVerifyEmail

routes/web.php

• email verification routes are disabled by default we'll have to enable them, inAuth::routes method set the verify option to true

  Auth::routes(['verify' =>true]);

• copy documentation demoroute and register it as '/verified' and make it return 'email verified' string

  Route::get('/verified',function () {return'email verified';})->middleware('verified');

SetupAPI Authentication

Note: this feature completes laravel authentication by providing simple api authentication which we think is missing but is actually there, it's available since 5.2 release but without documentation it was just mentioned in the authentication documentation, in 5.8 release luckily they decided to document it, in 7.x release for some reason the documentation is gone although the feature still exists (probably it has something to do with releasingSanctum Package that offers similarcapabilities).

database/migrations/xxxx_xx_xx_xxxxxx_create_users_table.php

• api authentication uses the token driver which require a column to store tokens by default this column is named api_token, in users migration add api_token column

  Schema::create('users',function (Blueprint$table) {$table->id();$table->string('name');$table->string('email')->unique();$table->timestamp('email_verified_at')->nullable();$table->string('password');$table->string('api_token',80)->unique()->nullable()->default(null);$table->rememberToken();$table->timestamps();});

app/Http/Controllers/Auth/RegisterController.php

• increate method assign random api token to user during registration

  useIlluminate\Support\Str;protectedfunctioncreate(array$data){return User::create(['name' =>$data['name'],'email' =>$data['email'],'password' => Hash::make($data['password']),'api_token' => Str::random(80),    ]);}

app/User.php

• because user registration logic usemass assignment the previous step won't work unless we make api_token attribute mass assignable by adding it to$fillable property

  protected$fillable = ['name','email','password','api_token'];

Create admin model and it's corresponding migration

php artisan make:model -m Admin

database/migrations/xxxx_xx_xx_xxxxxx_create_admins_table.php

• we'll use user migration as a template for admin migration, copy user migration columns into admin migration

  Schema::create('admins',function (Blueprint$table) {$table->id();$table->string('name');$table->string('email')->unique();$table->timestamp('email_verified_at')->nullable();$table->string('password');$table->string('api_token',80)->unique()->nullable()->default(null);$table->rememberToken();$table->timestamps();});

app/Admin.php

• we'll use user model as a template for admin model, replace admin model code with user model code and change the class name accordingly

  <?phpnamespaceApp;useIlluminate\Contracts\Auth\MustVerifyEmail;useIlluminate\Foundation\Auth\UserasAuthenticatable;useIlluminate\Notifications\Notifiable;class Adminextends Authenticatableimplements MustVerifyEmail{use Notifiable;/**     * The attributes that are mass assignable.     *     * @var array     */protected$fillable = ['name','email','password','api_token'    ];/**     * The attributes that should be hidden for arrays.     *     * @var array     */protected$hidden = ['password','remember_token',    ];/**     * The attributes that should be cast to native types.     *     * @var array     */protected$casts = ['email_verified_at' =>'datetime',    ];}

Password Reset

Admin model extendsAuthenticatable an alias forIlluminate\Foundation\Auth\User which provide authentication functionalities, the latter useIlluminate\Auth\Passwords\CanResetPassword trait to include reset password necessary methods, this trait useResetPasswordNotification an alias forIlluminate\Auth\Notifications\ResetPassword notification to send reset password email containing reset password link that expire after a period specified in user reset password configuration, we'll customize this notification to receive reset password url and configuration as parameters.

Create a new notification namedResetPasswordNotification

php artisan make:notification ResetPasswordNotification

app/Notifications/ResetPasswordNotification.php

• import and extendIlluminate\Auth\Notifications\ResetPassword

• removeIlluminate\Bus\Queueable,Illuminate\Contracts\Queue\ShouldQueue,Illuminate\Notifications\Notification imports

• removeQueueable trait

• removevia,toMail,toArray methods

• define$resetPasswordRoute,$resetPasswordConfig properties

  class ResetPasswordNotificationextends ResetPassword{public$resetPasswordRoute;public$resetPasswordConfig;// ...}

• in constructor define$token parent class property and nullable$resetPasswordRoute,$resetPasswordConfig parameters, call parent constructor, assign$resetPasswordRoute,$resetPasswordConfig parameters to corresponding properties

  publicfunction__construct($token,$resetPasswordRoute =null,$resetPasswordConfig =null){parent::__construct($token);$this->resetPasswordRoute =$resetPasswordRoute;$this->resetPasswordConfig =$resetPasswordConfig;}

• overrideIlluminate\Auth\NotificationsResetPassword notificationtoMail method using same code, use$resetPasswordRoute property instead of 'password.reset' and$resetPasswordConfig property instead ofconfig('auth.defaults.passwords') when properties are not null, importIlluminate\Support\Facades\Lang

  useIlluminate\Support\Facades\Lang;publicfunctiontoMail($notifiable){if (static::$toMailCallback) {returncall_user_func(static::$toMailCallback,$notifiable,$this->token);    }if (static::$createUrlCallback) {$url =call_user_func(static::$createUrlCallback,$notifiable,$this->token);    }else {$url =url(config('app.url').route($this->resetPasswordRoute ?:'password.reset', ['token' =>$this->token,'email' =>$notifiable->getEmailForPasswordReset(),        ],false));    }return (newMailMessage)        ->subject(Lang::get('Reset Password Notification'))        ->line(Lang::get('You are receiving this email because we received a password reset request for your account.'))        ->action(Lang::get('Reset Password'),$url)        ->line(Lang::get('This password reset link will expire in :count minutes.', ['count' =>config('auth.passwords.'.($this->resetPasswordConfig ?:config('auth.defaults.passwords')).'.expire')]))        ->line(Lang::get('If you did not request a password reset, no further action is required.'));}

app/Admin.php

• overrideIlluminate\Auth\Passwords\CanResetPassword traitsendPasswordResetNotification method using same code, inResetPasswordNotification instantiation pass$resetPasswordRoute parameter as 'admin.password.reset' and$resetPasswordConfig parameter as 'admins' alongside$token, importApp\Notifications\ResetPasswordNotification

  useApp\Notifications\ResetPasswordNotification;publicfunctionsendPasswordResetNotification($token){$this->notify(newResetPasswordNotification($token,'admin.password.reset','admins'));}

Email Verification

Admin model extendsAuthenticatable an alias forIlluminate\Foundation\Auth\User which provide authentication functionalities, the latter useIlluminate\Auth\MustVerifyEmail trait to include email verification necessary methods, this trait useIlluminate\Auth\Notifications\VerifyEmail notification to send emails containing verification link, we'll customize this notification to receive email verification route as parameter instead of using staticly defined one.

create a new notification namedVerifyEmailNotification

php artisan make:notification VerifyEmailNotification

app/Notifications/VerifyEmailNotification.php

• import and extendIlluminate\Auth\Notifications\VerifyEmail

• removeIlluminate\Bus\Queueable,Illuminate\Contracts\Queue\ShouldQueue,Illuminate\Notifications\Messages\MailMessage,Illuminate\Notifications\Notification imports

• removeQueueable trait

• removevia,toMail,toArray methods

• define$verifyEmailRoute property

  class VerifyEmailNotificationextends VerifyEmail{public$verifyEmailRoute;// ...}

• in constructor define nullable$verifyEmailRoute parameter, assign$verifyEmailRoute parameter to corresponding property

  publicfunction__construct($verifyEmailRoute){$this->verifyEmailRoute =$verifyEmailRoute;}

• overrideIlluminate\Auth\Notifications\VerifyEmail notificationverificationUrl method using same code, use$verifyEmailRoute property instead of 'verification.verify' when property is not null, importIlluminate\Support\Facades\URL,Illuminate\Support\Carbon,Illuminate\Support\Facades\Config

  useIlluminate\Support\Facades\URL;useIlluminate\Support\Carbon;useIlluminate\Support\Facades\Config;/** * Get the verification URL for the given notifiable. * * @param  mixed  $notifiable * @return string */protectedfunctionverificationUrl($notifiable){returnURL::temporarySignedRoute($this->verifyEmailRoute ?:'verification.verify',        Carbon::now()->addMinutes(Config::get('auth.verification.expire',60)),        ['id' =>$notifiable->getKey(),'hash' =>sha1($notifiable->getEmailForVerification()),        ]    );}

app/Admin.php

• overrideIlluminate\Auth\MustVerifyEmail traitsendEmailVerificationNotification using same code, useApp\Notifications\VerifyEmailNotification instead ofIlluminate\Auth\Notifications\VerifyEmail, in instantiation pass$verifyEmailRoute parameter as 'admin.verification.verify', importApp\Notifications\VerifyEmailNotification

  useApp\Notifications\VerifyEmailNotification;publicfunctionsendEmailVerificationNotification(){$this->notify(newVerifyEmailNotification('admin.verification.verify'));}

config/auth.php

• guards define how users are authenticated, define 'admin-web' / 'admin-api' guards by copying 'web' / 'api' guards and changing provider option to 'admins'

  'guards' => [// ...'admin-web' => ['driver' =>'session','provider' =>'admins',    ],'admin-api' => ['driver' =>'token','provider' =>'admins','hash' =>false,    ],],

• providers define how users are retrieved, define 'admins' provider by copying 'users' provider and changing model option toApp\Admin::class

  'providers' => [// ...'admins' => ['driver' =>'eloquent','model' =>App\Admin::class,    ],],

• passwords define users reset password configurations, define 'admins' reset password configuration by copying 'users' reset password configuration and changing provider option to 'admins'

  'passwords' => [// ...'admins' => ['provider' =>'admins','table' =>'password_resets','expire' =>60,'throttle' =>60,    ],],

Laravel defines user home url usingHOME constant inRouteServiceProvider we'll do the same for admin

app/Providers/RouteServiceProvider.php

• defineADMIN_HOME const and set it to '/admin/home'

  class RouteServiceProviderextends ServiceProvider{publicconstADMIN_HOME ='/admin/home';// ...}

App\Http\Middleware\Authenticate=auth middleware checks if user is authenticated before accessing protected routes if not user is redirected to login route, we'll have to customize redirection logic so that redirection is done based on specified guard

app/Http/Middleware/Authenticate.php

• App\Http\Middleware\Authenticate=auth extendsIlluminate\Auth\Middleware\Authenticate which provide the functionality, we'll have to customizeunauthenticated method to retreive request guard, overrideunauthenticated method using same code, inAuthenticationException instantiation pass$guards as a second parameter onredirectTo method, importIlluminate\Auth\AuthenticationException

  useIlluminate\Auth\AuthenticationException;protectedfunctionunauthenticated($request,array$guards){thrownewAuthenticationException('Unauthenticated.',$guards,$this->redirectTo($request,$guards)    );}

• inredirectTo method add$guards parameter, redirect based on$guards to corresponding login route

  protectedfunctionredirectTo($request,array$guards){if (!$request->expectsJson()) {switch (current($guards)) {case'admin-web':returnroute('admin.login');default:returnroute('login');        }    }}

App\Http\Middleware\RedirectIfAuthenticated=guest middleware checks if user is authenticated before accessing protected routes if so user is redirected to home route, we'll have to customize redirection logic so that redirection is done based on specified guard

app/Http/Middleware/RedirectIfAuthenticated.php

• redirect based on$guard to corresponding home route

  publicfunctionhandle($request,Closure$next,$guard =null){if (Auth::guard($guard)->check()) {switch ($guard) {case'admin-web':returnredirect(RouteServiceProvider::ADMIN_HOME);default:returnredirect(RouteServiceProvider::HOME);        }    }return$next($request);}

Illuminate\Auth\Middleware\EnsureEmailIsVerified=verified middleware checks if user email is verified before accessing protected routes, we'll have to customize it's logic to retrieve user using the specified guard

create a new middleware named EnsureEmailIsVerified

php artisan make:middleware EnsureEmailIsVerified

app/Http/Middleware/EnsureEmailIsVerified.php

• we'll use original middleware as a template forApp\Http\Middleware\EnsureEmailIsVerified middleware, replaceApp\Http\Middleware\EnsureEmailIsVerified code withIlluminate\Auth\Middleware\EnsureEmailIsVerified code, add a new nullable parameter called$guard, in$request->user method occurrences set$guard parameter to the newly defined parameter

  <?phpnamespaceApp\Http\Middleware;useClosure;useIlluminate\Contracts\Auth\MustVerifyEmail;useIlluminate\Support\Facades\Redirect;class EnsureEmailIsVerified{/**     * Handle an incoming request.     *     * @param  \Illuminate\Http\Request  $request     * @param  \Closure  $next     * @param  string|null  $redirectToRoute     * @return \Illuminate\Http\Response|\Illuminate\Http\RedirectResponse     */publicfunctionhandle($request,Closure$next,$redirectToRoute =null,$guard =null)    {if (!$request->user($guard) ||            ($request->user($guard)instanceof MustVerifyEmail &&            !$request->user($guard)->hasVerifiedEmail())) {return$request->expectsJson()                    ?abort(403,'Your email address is not verified.')                    : Redirect::route($redirectToRoute ?:'verification.notice');        }return$next($request);    }}

app/Http/Kernel.php

• in$routeMiddleware property comment existing verified middleware registration and keep it as reference, registerApp\Http\Middleware\EnsureEmailIsVerified middleware as verified

  protected$routeMiddleware = ['auth' => \App\Http\Middleware\Authenticate::class,'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,'can' => \Illuminate\Auth\Middleware\Authorize::class,'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,'password.confirm' => \Illuminate\Auth\Middleware\RequirePassword::class,'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,// 'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,'verified' => \App\Http\Middleware\EnsureEmailIsVerified::class,];

Laravel ships with several pre-built authentication controllers which handles registration, authentication, resetting passwords and email verification, these controllers use traits to include their necessary methods, we'll create admin auth controllers by copying existing ones and making needed adjustments

Group admin controllers in a directory / namespace, create app/Http/Controllers/Admin directory / namespace

Create admin auth controllers, copy app/Http/Controllers/Auth directory as app/Http/Controllers/Admin/Auth

app/Http/Controllers/Admin/Auth/RegisterController.php

• change namespace toApp\Http\Controllers\Admin\Auth

• importApp\Admin model instead ofApp\User

• set$redirectTo property toRouteServiceProvider::ADMIN_HOME

• in constructor specify 'admin-web' as the guard thatguest=App\Http\Middleware\RedirectIfAuthenticated middleware should use

  publicfunction__construct(){$this->middleware('guest:admin-web');}

• invalidator method set unique rule table parameter to 'admins'

  protectedfunctionvalidator(array$data){return Validator::make($data, ['name' => ['required','string','max:255'],'email' => ['required','string','email','max:255','unique:admins'],'password' => ['required','string','min:8','confirmed'],    ]);}

• increate method changeUser model toAdmin

  protectedfunctioncreate(array$data){return Admin::create(['name' =>$data['name'],'email' =>$data['email'],'password' => Hash::make($data['password']),'api_token' => Str::random(80),    ]);}

• RegisterController usesIlluminate\Foundation\Auth\RegistersUsers traitshowRegistrationForm method to show registration form, override this method using same code, changeview('auth.register') toview('admin.auth.register')

  publicfunctionshowRegistrationForm(){returnview('admin.auth.register');}

• RegisterController usesIlluminate\Foundation\Auth\RegistersUsers traitguard method to get the guard to be used during registration, override this method using same code, inAuth::guard method pass guard parameter as 'admin-web', importIlluminate\Support\Facades\Auth

  useIlluminate\Support\Facades\Auth;protectedfunctionguard(){return Auth::guard('admin-web');}

app/Http/Controllers/Admin/Auth/LoginController.php

• change namespace toApp\Http\Controllers\Admin\Auth

• set$redirectTo property toRouteServiceProvider::ADMIN_HOME

• in constructor specify 'admin-web' as the guard thatguest=App\Http\Middleware\RedirectIfAuthenticated middleware should use

  publicfunction__construct(){$this->middleware('guest:admin-web');}

• LoginController usesIlluminate\Foundation\Auth\AuthenticatesUsers traitshowLoginForm method to show login form, override this method using same code, changeview('auth.login') toview('admin.auth.login')

  publicfunctionshowLoginForm(){returnview('admin.auth.login');}

• LoginController usesIlluminate\Foundation\Auth\AuthenticatesUsers traitlogout method to log the user out, this trait offerloggedOut method which allow customization oflogout method response, override this method, uselogout methodresponse and changeredirect('/') toredirect('/admin'), importIlluminate\Http\Request,Illuminate\Http\Response

  useIlluminate\Http\Request;useIlluminate\Http\Response;protectedfunctionloggedOut(Request$request){return$request->wantsJson()        ?newResponse('',204)        :redirect('/admin');}

• LoginController usesIlluminate\Foundation\Auth\AuthenticatesUsers traitguard method to get the guard to be used during authentication, override this method, inAuth::guard method pass guard parameter as 'admin-web', importIlluminate\Support\Facades\Auth

  useIlluminate\Support\Facades\Auth;protectedfunctionguard(){return Auth::guard('admin-web');}

app/Http/Controllers/Admin/Auth/VerificationController.php

• change namespace toApp\Http\Controllers\Admin\Auth

• set$redirectTo property toRouteServiceProvider::ADMIN_HOME

• in constructor specify 'admin-web' as the guard thatauth=App\Http\Middleware\Authenticate middleware should use

  publicfunction__construct(){$this->middleware('auth:admin-web');$this->middleware('signed')->only('verify');$this->middleware('throttle:6,1')->only('verify','resend');}

• VerificationController usesIlluminate\Foundation\Auth\VerifiesEmails traitshow method to show email verification notice form, override this method using same code, in$request->user method pass guard parameter as 'admin-web', changeview('auth.verify') toview('admin.auth.verify'), importIlluminate\Http\Request

  useIlluminate\Http\Request;publicfunctionshow(Request$request){return$request->user('admin-web')->hasVerifiedEmail()                    ?redirect($this->redirectPath())                    :view('admin.auth.verify');}

app/Http/Controllers/Admin/Auth/ConfirmPasswordController.php

• change namespace toApp\Http\Controllers\Admin\Auth

• set$redirectTo property toRouteServiceProvider::ADMIN_HOME

• in constructor specify 'admin-web' as the guard thatauth=App\Http\Middleware\Authenticate middleware should use

  publicfunction__construct(){$this->middleware('auth:admin-web');}

• ConfirmPasswordController usesIlluminate\Foundation\Auth\ConfirmsPasswords traitshowConfirmForm method to show the password confirmation form, override this method using same code, changeview('auth.passwords.confirm') toview('admin.auth.passwords.confirm')

  publicfunctionshowConfirmForm(){returnview('admin.auth.passwords.confirm');}

app/Http/Controllers/Admin/Auth/ForgotPasswordController.php

• change namespace toApp\Http\Controllers\Admin\Auth

• ForgotPasswordController usesIlluminate\Foundation\Auth\SendsPasswordResetEmails traitshowLinkRequestForm method to show the form to request a password reset link, override this method using same code, changeview('auth.passwords.email') toview('admin.auth.passwords.email')

  publicfunctionshowLinkRequestForm(){returnview('admin.auth.passwords.email');}

• ForgotPasswordController usesIlluminate\Foundation\Auth\SendsPasswordResetEmails traitbroker method to get the broker to be used during password reset, override this method using same code, inPassword::broker method pass broker parameter as 'admins', importIlluminate\Support\Facades\Password

  publicfunctionbroker(){return Password::broker('admins');}

app/Http/Controllers/Admin/Auth/ResetPasswordController.php

• change namespace toApp\Http\Controllers\Admin\Auth

• set$redirectTo property toRouteServiceProvider::ADMIN_HOME

• ResetPasswordController usesIlluminate\Foundation\Auth\ResetsPasswords traitshowResetForm method to show the password reset form, override this method, changeview('auth.passwords.reset') toview('admin.auth.passwords.reset'), importIlluminate\Http\Request

  useIlluminate\Http\Request;publicfunctionshowResetForm(Request$request,$token =null){returnview('admin.auth.passwords.reset')->with(        ['token' =>$token,'email' =>$request->email]    );}

• ResetPasswordController usesIlluminate\Foundation\Auth\ResetsPasswords traitbroker method to get the broker to be used during password reset, override this method, inPassword::broker method pass broker parameter as 'admins', importIlluminate\Support\Facades\Password

  useIlluminate\Support\Facades\Password;publicfunctionbroker(){return Password::broker('admins');}

• ResetPasswordController usesIlluminate\Foundation\Auth\ResetsPasswords traitguard method to get the guard to be used during password reset, override this method, inAuth::guard method pass guard parameter as 'admin-web', importIlluminate\Support\Facades\Auth

  useIlluminate\Support\Facades\Auth;protectedfunctionguard(){return Auth::guard('admin-web');}

Create admin home controller, copy app/Http/Controllers/HomeController.php as app/Http/Controllers/Admin/HomeController.php

app/Http/Controllers/Admin/HomeController.php

• change namespace toApp\Http\Controllers\Admin\Auth

• importApp\Http\Controllers\Controller

• in constructor specify 'admin-web' as the guard thatauth=App\Http\Middleware\Authenticate middleware should use

  publicfunction__construct(){$this->middleware('auth:admin-web');}

• inindex method changeview('home') toview('admin.home')

  publicfunctionindex(){returnview('admin.home');}

routes/web.php

• register admin route group and set 'prefix' option to 'admin', 'namespace' option to 'Admin' and 'as' option to 'admin.'

  Route::group(['prefix' =>'/admin','namespace' =>'Admin','as' =>'admin.'],function () {// ...});

• copy user routes into admin group

• in '/' route changeview('welcome') toview('admin.welcome')

  Route::get('/',function () {returnview('admin.welcome');});

• in '/confirmed' route pass auth middleware guard parameter as 'admin-web' and password.confirm middleware$redirectToRoute parameter as 'admin.password.confirm'

  Route::get('/confirmed',function () {return'password confirmed';})->middleware(['auth:admin-web','password.confirm:admin.password.confirm']);

• in '/verified' route pass verified middleware$redirectToRoute parameter as 'admin.verification.notice' and guard parameter as 'admin-web'

  Route::get('/verified',function () {return'email verified';})->middleware('verified:admin.verification.notice,admin-web');

Laravel ships with a user demo api route, we'll add one for admin

routes/api.php

• copy '/user' route and register it as '/admin', set auth middleware and$request->user method guard parameter to 'admin-api'

  Route::middleware('auth:admin-api')->get('/admin',function (Request$request) {return$request->user('admin-api');});

Create a layout for admin, copy resources\views\layouts\app.blade.php as resources\views\layouts\admin.blade.php

resources/views/layouts/admin.blade.php

• changeurl('/') tourl('/admin')

• pass@guest directive guard parameter as 'admin-web'

• add 'admin.' route name prefix to auth routes

• inAuth::user specify the guard that auth facade should use, chainguard method and pass guard parameter as 'admin-web'

  {{ Auth::guard('admin-web')->user()->name }}

Group admin views in a directory, create resources/views/admin directory

Create admin welcome view, copy resources/views/welcome.blade.php as resources/views/admin/welcome.blade.php

resources/views/admin/welcome.blade.php

• add 'admin.' route name prefix to auth routes
• set@auth directive guard parameter to 'admin-web'
• changeurl('/home') tourl('/admin/home')

Create admin auth views, copy resources/views/auth as resources/views/admin/auth

resources/views/admin/auth/register.blade.php

• change@extends('layouts.app') to@extends('layouts.admin')
• add 'admin.' route name prefix to auth routes

resources/views/admin/auth/login.blade.php

• change@extends('layouts.app') to@extends('layouts.admin')
• add 'admin.' route name prefix to auth routes

resources/views/admin/auth/verify.blade.php

• change@extends('layouts.app') to@extends('layouts.admin')
• add 'admin.' route name prefix to auth routes

resources/views/admin/auth/passwords/confirm.blade.php

• change@extends('layouts.app') to@extends('layouts.admin')
• add 'admin.' route name prefix to auth routes

resources/views/admin/auth/passwords/email.blade.php

• change@extends('layouts.app') to@extends('layouts.admin')
• add 'admin.' route name prefix to auth routes

resources/views/admin/auth/passwords/reset.blade.php

• change@extends('layouts.app') to@extends('layouts.admin')
• add 'admin.' route name prefix to auth routes

Create admin home view, copy resources\views\home.blade.php as resources\views\admin\home.blade.php

resources\views\admin\home.blade.php

• change@extends('layouts.app') to@extends('layouts.admin')

Now that we've finished we should check that multi auth is working by trying available actions on user and admin. Finally i want to say that Laravel flexibility is what made this implementation that simple so the next time you look for something that's not available out of the box get the shovel and start digging