Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

alexteie's avatar

is there already an good implentation of passkey's in laravel?

I want to implement passkey to laravel framework? is there an good howto/tutorial? or can laravel do this out off the box with Auth method?

0 likes
1 reply
LaryAI's avatar
LaryAI
AI
2 years ago
Level 58

As of my knowledge cutoff in early 2023, Laravel does not include an out-of-the-box implementation for "passkeys" as a specific feature. However, Laravel is a very flexible framework and you can implement a passkey system using its existing authentication and security features.

A "passkey" could mean different things depending on the context, but I'll assume you're referring to a one-time use authentication token that can be used to log in or perform a certain action within an application.

Here's a basic outline of how you could implement a passkey system in Laravel:

  1. Create a migration to add a passkey field to your users table or a separate table to store passkeys if you want to keep them distinct from users.
// Example migration for adding a passkey field to the users table
Schema::table('users', function (Blueprint $table) {
    $table->string('passkey')->nullable()->unique();
});
  1. Generate the passkey when you need to and associate it with a user. You might want to do this in a controller or a service class.
use Illuminate\Support\Str;
use App\Models\User;

// Generate a unique passkey
$passkey = Str::random(10); // or use a more complex generation method

// Find the user and set the passkey
$user = User::find($userId);
$user->passkey = $passkey;
$user->save();
  1. Create a route and controller method to handle the passkey authentication.
// routes/web.php
Route::get('/auth/passkey/{passkey}', 'Auth\PasskeyController@loginWithPasskey');

// app/Http/Controllers/Auth/PasskeyController.php
namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use App\Providers\RouteServiceProvider;
use Illuminate\Http\Request;
use App\Models\User;
use Auth;

class PasskeyController extends Controller
{
    public function loginWithPasskey($passkey)
    {
        $user = User::where('passkey', $passkey)->first();

        if ($user) {
            // Log the user in
            Auth::login($user);

            // Invalidate the passkey
            $user->passkey = null;
            $user->save();

            // Redirect to the intended page
            return redirect()->intended(RouteServiceProvider::HOME);
        }

        // Handle the error if the passkey is invalid
        return redirect('/login')->withErrors(['passkey' => 'Invalid passkey.']);
    }
}
  1. Ensure that you have proper security measures in place, such as expiring the passkey after a certain time or after it's been used.

Remember that this is a very basic example and you'll need to adjust it to fit the specific requirements of your application, including any security considerations. Always ensure that sensitive data like passkeys are handled securely, using appropriate hashing or encryption as necessary.

Please or to participate in this conversation.