Laravel Authentication Admin and User Best Practices

@ralphjohn292 It depends how complicated you want your set-up to be.

If you just need a way of identifying admin users from non-admin users, then a is_admin boolean column in your users table would suffice. You can then use middleware to check if a user is an admin or not.

class VerifyUserIsAdministrator
{
    public function handle(Request $request, Closure $next)
    {
        if ($request->user()->is_admin) {
            return $next($closure);
        }

        abort(403, 'User is not administrator');
    }
}

Route::middleware(['auth', 'admin'])->group(function () {
    // Your admin-only routes here
});

If you envisage having roles other than admin in the future then you could create a roles table and then a role_user pivot table between your users and roles to designate what roles a user has. Again, you can use middleware to check the roles a user has:

class EnsureUserHasRole
{
    public function handle(Request $request, Closure $next, string $role)
    {
        if ($request->user()->roles->pluck('name')->contains($role)) {
            return $next($request);
        }

        abort(403, sprintf('User does not have %s role', $role));
    }
}

Route::middleware(['auth', 'role:admin'])->group(function () {
    // Your admin-only routes here
});

Route::middleware(['auth', 'role:editor'])->group(function () {
    // Your editor-only routes here
});

@ralphjohn292 really depends on what you need. But if you think that your user roles will expand in the future, consider using this https://github.com/spatie/laravel-permission