Moses Esan
Aug 15, 2017 · 4 min read

Update Feb 23 2018: Upgraded from Laravel 5.4 to 5.5, Fixed Password Reset [See Routes Declaration for Web at Step 3]

In my last tutorial, we created an API that lets the user register and immediately logs the user in after registration. For this tutorial, we will be adding e-mail verification, unlike the previous tutorial, the user will have to confirm their email address before being able to log in.

A majority of the steps are similar with some minor adjustments, I will indicate this with an asterisks(*) after the title.

Please note that this tutorial assumes you have some PHP experience, this tutorial does not explain each line of the code instead it presents you with the code and gives you an overview of what the code does and points out the important parts of the code. I have made the code as simple as possible, if you have any questions, please do not hesitate to leave a comment.

View project on Github

Step 1: Create new project and install jwt-auth

Create Laravel project

laravel new JWTAuthentication

Install jwt-auth

Open composer.json and update the require object to include jwt-auth


Then run

composer update

Step 2: Add JWT Provider and Facades

Open up config/app.php, find the providers array and add the jwt-auth provider:


Find the aliases array and add the jwt-auth facades:

'JWTAuth' => Tymon\JWTAuth\Facades\JWTAuth::class, 
'JWTFactory' => Tymon\JWTAuth\Facades\JWTFactory::class

We also need to publish the assets for this package. From the command line:

After you run this command you will see a new file in the config folder called jwt.php. This file contains settings for jwt-auth, one of which we need to change right away. We need to generate a secret key, from the command line, run:

php artisan jwt:secret

Register the jwt.auth and jwt.refresh middleware in app/http/Kernel.php

Step 3: Set Up Routes (*)

Open up routes/api.php.


Open up routes/web.php and add the route for verifying.


Step 4: Set Up Database (*)

Since we are going to allow users to create their accounts within the application, we will need a table to store all of our users. Thankfully, Laravel already ships with a migration to create a basic users table, so we do not need to manually generate one. The default migration for the users table is located in the database/migrations directory.

We need to create a new table and add an extra column to the users table. Firstly, we need a boolean field ‘is_verified’ to keep track of whether a user has verified their email address, this will be set to false by default.

Create a new table “user_verifications” this table will store the user’s verification code. When the user registers, a verification code is generated and stored in the table and an email with a verification link is sent.

When a user follows this link, we take the passed in verification code and search for it within the user_verifications table. If a matching verified code is found we set the is_verified field for this user to true.

php artisan make:migration create_user_verifications_table

The new migration file is created in the database/migrations directory.


Update app/User.php


Update .env file

Next, we need to update our database and mail settings, update the .env file


If you are using MAMP be sure to add the unix_socket key with a value of the path that the mysql.sock resides in MAMP. Open config/database.php

And run migration

php artisan migrate

if you get the error below

[Illuminate\Database\QueryException] SQLSTATE[42000]: Syntax error or access violation: 1071 Specified key was too long; max key length is 767 bytes (SQL: alter table `users` add unique `users_email_unique`(`email`))SQLSTATE[42000]: Syntax error or access violation: 1071 Specified key was too long; max key length is 767 bytes

Open up Providers/AppServiceProvider.php and update the boot function


Step 5: Register and Verify Email Address (*)

Create a new controller

php artisan make:controller AuthController

This will create AuthController.php in the app/Http/Controllers directory, paste the code below.


Verify Email Address

In the resources/views directory, create a new directory called email. Then create the file verify.blade.php. Populate the file with the code below.


Add the verifyUser function to AuthController.php

Verify User

Step 6: Log User In and Out (*)

Login and Logout

Step 7: Recover Password

Step 8: Testing (*)

Use Chrome plugin Postman to test.

Try accessing test route without token [GET]


You should receive the following error message.

Register and Verify
Create a POST request to api/register with form-data under Body tab. Make sure to enter a valid email address so you can receive the verification email.


Verify the email address by clicking the link in the verification email.

Create a POST request to api/login with form-data under Body tab.


If you attempt to login without verifying your email address, you will receive the error below:

If you have verified your email address, you should receive a token back

Login Response

Try accessing test route with the token [GET]


You should receive

Test Response

Create a GET request to api/logout.


Recover Password
Create a POST request to api/recover with form-data under Body tab.


Unique Email
Attempt to register with the email address you used in the previous test.

Thats all folks!

Mesan Digital

Sharing tutorials on the development of React Native and PHP projects. | Support our work by buying us a Coffee:

Moses Esan

Written by

Full Stack Developer | To Buy me A Coffee:

Mesan Digital

Sharing tutorials on the development of React Native and PHP projects. | Support our work by buying us a Coffee:

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade