Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

armingdev's avatar

Laravel API verified middleware

I have implemented email verification on my Laravel API project. Now, I want to protect the login route with verified middleware, so if the user did not verify the email, they can't log in to the application.

Email confirmation is working fine, but even though my user is verified and has a timestamp in the email_verified_at table, I still get an error that the email address is not verified when I try to log in. It feels like verified middleware has to be used with auth: api middleware, so the user must be logged in to check email verification? I'm I wrong or did I miss something in the documentation?

Or maybe I must leave login without verified middleware and protect the rest of the routes that require auth:api middleware...

Route::post('login', [AuthController::class, 'login'])->middleware('verified');

Thank you

0 likes
1 reply
armingdev's avatar

Ok, I got this. I put to check if the email is verified logic inside auth attempt, so no need for verified on login route. Maybe it helps someone.

Please or to participate in this conversation.