Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I'm building a custom authentication using Laravel Fortify as a based in my app. I have 2 roles, Admin and User role that are generated by Spatie laravel-permission and they have different login, forgot password, reset password, etc pages.
I have successfully made 2 different password reset links. So for Admin, the password reset links is something like:
And for User it's gonna be like:
The problem is that, after the password has been successfully reset, Laravel Fortify will redirect me to 127.0.0.1:8000/login regardless if it's Admin or User.
What I want is to redirect to 127.0.0.1:8000/admin/login if it's reset from http://127.0.0.1:8000/admin/reset-password/{token} and redirect to 127.0.0.1:8000/login if it's reset from http://127.0.0.1:8000/reset-password/{token}
After reading the docs (the Handling The Password Reset Response section), I assume it's handled by PasswordResetResponse, so then I tried to create a custom PasswordResetResponse in app\Providers\FortifyServiceProvider like this:
$this->app->instance(PasswordResetResponse::class, new class implements PasswordResetResponse {
public function toResponse($request)
{
if (Route::current()->getPrefix() === '/admin') {
return redirect('/admin/login');
}
return redirect('/login');
}
});
But it doesn't work. Can someone please help me pointing out what I did wrong?
Just in case this is important, I will include my custom LoginResponse (I also already tried to modify this, but the change doesn't affect my problem):
$this->app->instance(LoginResponse::class, new class implements LoginResponse {
public function toResponse($request)
{
if (Route::current()->getPrefix() === '/admin') {
return redirect('/admin/dashboard');
}
return redirect('/');
}
});
Have you completely read the documentation on custom guard usage.
Also I suggest:
A user is a user, just use authentication, then authorization for what a user can do or cannot do.
In other words no matter the role, they are still a user.
So use authorization.
Just suggestions.
@jlrdw I'm sorry I worded it wrongly. What I meant by User role isn't just any "user", but more like a Client role, it's just I named it User role.
Why double the work for yourself?
@Snapey Basically this app will have 2 very different templates. 1 template is for Admin Panel. The other is for Client (User) Site. Like 127.0.0.1:8000 is what the Client will see, and prefix /admin is what only Admin will see. I don't really have much experience in dealing with this kind of situation, so my first though is just to use ignoreRoutes and create my own custom routes.
@wojakmcwage try putting your code in the boot of the provider. then make it a singleton instead of instance to try to override the fortify singleton.
$this->app->singleton(LoginResponse::class, new class implements LoginResponse {
public function toResponse($request)
{
if (Route::current()->getPrefix() === '/admin') {
return redirect('/admin/dashboard');
}
return redirect('/');
}
});
@dacfabre While your solution didn't work, I got an idea and finally able to solve it. I found and copied all the codes from Laravel\Fortify\Http\Responses\PasswordResetResponse. Then I dump it on my own custom Responses. Finally I use $this->app->singleton(PasswordResetResponse::class, CustomPasswordResetResponse::class) and it works. Thanks.
@wojakmcwage well i just copied your code and put it in singleton, but not sure why anonymous class wont work as its pretty much the same. but happy it worked
please mark it as answer/solved. thanks
@dacfabre Yeah, I'm not sure either. If I just copied the code from \Fortify\Http\Responses\PasswordResetResponse and put it inside singleton, it doesn't work and my VS Code showing error. But if I created a custom Response file, and then put it inside singleton while overriding the PasswordResetResponse, it works.
Please or to participate in this conversation.