Posted on January 3, 2026

How to Use Middleware for Authentication in Laravel 11

Middleware in Laravel 11 authentication flow

Middleware in Laravel 11 acts as a filter for HTTP requests before they reach your application logic. It is commonly used for authentication, authorization, logging, and security checks. In Laravel 11, authentication middleware ensures that only logged-in users can access protected routes.

In this guide, we’ll cover:
✅ What middleware is in Laravel 11
✅ How to create custom authentication middleware
✅ How to register middleware in bootstrap/app.php (new in Laravel 11)
✅ How to apply middleware to routes
✅ Using built-in authentication middleware

What is Middleware in Laravel 11?

Middleware is a layer between a request and the application logic. It helps control access to different parts of your application. Laravel provides default middleware for:

  • auth – Restricts access to authenticated users.
  • guest – Restricts access to non-authenticated users.
  • throttle – Limits the number of requests per minute (rate limiting).
  • verified – Ensures the user has verified their email.

You can also create custom middleware for role-based access control (RBAC), API authentication, logging, and custom security checks.

Step 1: Create Authentication Middleware

To create a new custom authentication middleware in Laravel 11, run the following command:

php artisan make:middleware AuthMiddleware

This creates a new middleware file in app/Http/Middleware/AuthMiddleware.php.

Modify the Middleware Logic

Open app/Http/Middleware/AuthMiddleware.php and update the handle method:

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;

class AuthMiddleware
{
public function handle(Request $request, Closure $next): Response
{
if (!auth()->check()) {
return response()->json([‘message’ => ‘Unauthorized’], 401);
}

return $next($request);
}
}

Explanation:

✔️ If the user is authenticated (auth()->check()), the request proceeds.
✔️ If the user is not authenticated, it returns a 401 Unauthorized response.

Step 2: Register Middleware in Laravel 11

Unlike previous versions, Laravel 11 no longer uses Kernel.php to register middleware. Instead, you register middleware in bootstrap/app.php.

Register Middleware in bootstrap/app.php

Open bootstrap/app.php and add your middleware:

$app->middleware([
\App\Http\Middleware\AuthMiddleware::class,
]);

To register route-specific middleware, use:

$app->routeMiddleware([
'auth.custom' => \App\Http\Middleware\AuthMiddleware::class,
]);

Step 3: Apply Middleware to Routes

Now that we’ve registered our custom authentication middleware, we can apply it to routes.

Protect Routes Using Middleware

Modify routes/web.php or routes/api.php:

use App\Http\Controllers\DashboardController;

Route::middleware([‘auth.custom’])->group(function () {
Route::get(‘/dashboard’, [DashboardController::class, ‘index’]);
});

Now, only authenticated users can access /dashboard. Unauthenticated users will receive a 401 Unauthorized error.

Step 4: Using Laravel’s Built-in Authentication Middleware

Laravel 11 comes with pre-built authentication middleware that you can use.

1. Using auth Middleware

You can apply Laravel’s built-in auth middleware like this:

Route::middleware('auth')->get('/profile', function () {
return view('profile');
});

If a user is not logged in, Laravel will redirect them to the login page.

Step 5: Redirect Unauthorized Users to Login

Instead of returning a 401 Unauthorized error, you can redirect users to the login page.

Modify app/Http/Middleware/AuthMiddleware.php:

public function handle(Request $request, Closure $next): Response
{
if (!auth()->check()) {
return redirect('/login');
}return $next($request);
}

Now, unauthenticated users will be redirected to /login.

Step 6: Secure API Endpoints with Middleware (Using Laravel Sanctum)

For API authentication, use Laravel Sanctum.

1. Install Sanctum

Run this command:

composer require laravel/sanctum

2. Publish and Run Migrations

php artisan vendor:publish --provider="Laravel\Sanctum\SanctumServiceProvider"
php artisan migrate

3. Register Sanctum Middleware

Modify bootstrap/app.php:

$app->middleware([
\Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
]);

4. Protect API Routes with Middleware

Modify routes/api.php:

Route::middleware('auth:sanctum')->get('/user', function (Request $request) {
return $request->user();
});

Now, only authenticated users with a valid API token can access the /user route.

Conclusion

Laravel 11 has simplified middleware registration by moving it to bootstrap/app.php. You can:

✅ Use Laravel’s built-in authentication middleware (auth, auth:sanctum).
✅ Create custom authentication middleware to secure routes.
✅ Redirect unauthorized users to a login page.
✅ Secure API endpoints with Laravel Sanctum.

By implementing authentication middleware, you can protect routes, enforce security policies, and enhance your Laravel 11 application. 🚀

📌 For more details on Laravel middleware, visit:
👉 Laravel Middleware Documentation

To dive deeper, explore the Laravel 11 Guide for the latest updates and best practices.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

WordPress theme development

Nisa

July 18, 2024

WordPress Plugin Development

Nisa

July 18, 2024

What is Laravel? An Introduction to the Popular PHP Framework

Nisa

November 21, 2024

Categories: