How to override login redirects in Jetstream or Fortify

Tutorials

April 20th, 2021

How to override login redirects in Jetstream or Fortify

Recently, I was working on a project using Laravel Jetstream and ran into a scenario where I needed to redirect users to different routes depending on the type of user they were upon login. Imagine you have regular users and admins, and admins have a special dashboard that only they can see. I usually prefer to redirect admins to their special dashboard when they login.

Using Laravel Jetstream or Fortify, it's not immediately apparent how to do this, especially when using two factor authentication.

How authentication works in Jetstream and Fortify

Jetstream uses Laravel Fortify under the hood, so the process is exactly the same for applications running Fortify by itself and projects running Jetstream.

Fortify uses action pipelines to route each request through a series of classes that take care of a single task such as attempting to authenticate the user or redirecting them if they have two factor authentication set up.

How to override the redirection step

Fortify allows you to completely customize these pipelines if you need to, but there's an easier way to override the redirection step.

The last step in the authentication pipeline grabs the Laravel\Fortify\Contracts\LoginResponse class out of the service container and returns it. That means we can override the LoginResponse class with a custom LoginResponse class of our own, and perform the custom redirects there.

The default LoginResponse class looks like this:

<?php
 
namespace Laravel\Fortify\Http\Responses;
 
use Laravel\Fortify\Contracts\LoginResponse as LoginResponseContract;
 
class LoginResponse implements LoginResponseContract
{
    /**
     * Create an HTTP response that represents the object.
     *
     * @param  \Illuminate\Http\Request  $request
     * @return \Symfony\Component\HttpFoundation\Response
     */
    public function toResponse($request)
    {
        return $request->wantsJson()
                    ? response()->json(['two_factor' => false])
                    : redirect()->intended(config('fortify.home'));
    }
}

Since Fortify uses actions that perform a single task, the LoginResponse step is really clean and simple.

To customize the redirects, first let's add our custom LoginResponse class in the app/Http/Responses directory. Then, we can customize the toResponse method to redirect the user to different routes depending on the type of user they are.

<?php
 
namespace App\Http\Responses;
 
use Laravel\Fortify\Contracts\LoginResponse as LoginResponseContract;
 
class LoginResponse implements LoginResponseContract
{
    /**
     * @param  $request
     * @return mixed
     */
    public function toResponse($request)
    {
        $home = auth()->user()->is_admin ? '/admin' : '/dashboard';
 
        return redirect()->intended($home);
    }
}

Then, in the FortifyServiceProvider, we need to bind our custom LoginResponse class in order to override the default that's provided with Fortify.

<?php
 
namespace App\Providers;
 
// ...
use App\Http\Responses\LoginResponse;
use Laravel\Fortify\Contracts\LoginResponse as LoginResponseContract;
 
class FortifyServiceProvider extends ServiceProvider
{
    /**
     * Bootstrap any application services.
     *
     * @return void
     */
    public function boot()
    {
        // ...
 
        $this->app->singleton(LoginResponseContract::class, LoginResponse::class);
    }
}

Two Factor Authentication

This worked almost perfectly for my needs. There is one missing piece though - two factor authentication. If a user has two factor authentication enabled and logs in, Fortify returns a different response class. Thankfully, the two factor authentication class is also bound to the service container. This time, we'll need to override the Laravel\Fortify\Http\Responses\TwoFactorLoginResponse class in the container. Adding a couple more lines to the FortifyServiceProvider should do the trick.

<?php
 
namespace App\Providers;
 
// ...
use App\Http\Responses\LoginResponse;
use Laravel\Fortify\Contracts\LoginResponse as LoginResponseContract;
use Laravel\Fortify\Contracts\TwoFactorLoginResponse as TwoFactorLoginResponseContract;
 
class FortifyServiceProvider extends ServiceProvider
{
    /**
     * Bootstrap any application services.
     *
     * @return void
     */
    public function boot()
    {
        // ...
 
        $this->app->singleton(LoginResponseContract::class, LoginResponse::class);
        $this->app->singleton(TwoFactorLoginResponseContract::class, LoginResponse::class);
    }
}

Note: I'm overriding the TwoFactorLoginResponse class with the same custom LoginResponse class since the functionality should be exactly the same.

Overriding other Jetstream and Fortify functionality

Other features in Jetstream and Fortify can be customized in a very similar way. If you source dive into the FortifyServiceProvider included in the package (not the one specific to your project) and scroll down to the registerResponseBindings method, you should see something similar to this:

<?php
 
namespace Laravel\Fortify;
 
// ...
 
class FortifyServiceProvider extends ServiceProvider
{
    // ...
 
    /**
     * Register the response bindings.
     *
     * @return void
     */
    protected function registerResponseBindings()
    {
        $this->app->singleton(FailedPasswordConfirmationResponseContract::class, FailedPasswordConfirmationResponse::class);
        $this->app->singleton(FailedPasswordResetLinkRequestResponseContract::class, FailedPasswordResetLinkRequestResponse::class);
        $this->app->singleton(FailedPasswordResetResponseContract::class, FailedPasswordResetResponse::class);
        $this->app->singleton(FailedTwoFactorLoginResponseContract::class, FailedTwoFactorLoginResponse::class);
        $this->app->singleton(LockoutResponseContract::class, LockoutResponse::class);
        $this->app->singleton(LoginResponseContract::class, LoginResponse::class);
        $this->app->singleton(TwoFactorLoginResponseContract::class, TwoFactorLoginResponse::class);
        $this->app->singleton(LogoutResponseContract::class, LogoutResponse::class);
        $this->app->singleton(PasswordConfirmedResponseContract::class, PasswordConfirmedResponse::class);
        $this->app->singleton(PasswordResetResponseContract::class, PasswordResetResponse::class);
        $this->app->singleton(RegisterResponseContract::class, RegisterResponse::class);
        $this->app->singleton(SuccessfulPasswordResetLinkRequestResponseContract::class, SuccessfulPasswordResetLinkRequestResponse::class);
    }
 
    // ...
}

That means every one of these response classes can be overridden in your project if needed!

Filed in:

Tutorials Jetstream Authentication
Jason Beggs

TALL stack (Tailwind CSS, Alpine.js, Laravel, and Livewire) consultant and owner of roasted.dev.

Laravel News Partners

Newsletter

Join 33,000+ others and never miss out on new tips, tutorials, and more.

Laravel Jobs

The official Laravel job board connecting the best jobs with top talent.

View All Jobs
Backend / Fullstack Developer - PHP & Laravel PHP/Laravel Engineer Senior Developer - Laravel/PHP - AI Startup for WordPress PHP/Laravel Developer Full Stack Laravel Developer Full-Stack Engineer: Laravel + Vue (Series A Startup) Senior Product Engineer Full-Stack Web Developer Backend Engineer Senior Backend Developer Lead Full Stack Software Engineer Senior Full Stack Engineer Full Stack Laravel Developer Full-stack developer Senior Programmer **Immediate Opening** (send resume to daniel@sbgcorp.com)

Most recent