What Laravel and PHP versions does Fortify support?

Fortify supports Laravel 11–13 (latest stable) and requires PHP 8.2+. It dropped PHP 8.1 support in v1.37.0, so ensure your environment meets these requirements. Check the [release notes](https://github.com/laravel/fortify/releases) for version-specific changes.

Can I use Fortify with a React/Vue SPA or only traditional Laravel apps?

Fortify is frontend-agnostic and works with SPAs, mobile apps, or traditional Laravel apps. For SPAs, use Sanctum for API tokens (configured via `Fortify::createTokensUsing()`). The backend logic remains identical regardless of frontend.

How do I enable two-factor authentication (2FA) with Fortify?

Enable 2FA by publishing Fortify’s config (`php artisan vendor:publish --tag=fortify-config`) and setting `two_factor` to `true` in `config/fortify.php`. Migrate the database with `php artisan migrate`, then use the built-in 2FA scaffolding (TOTP or recovery codes).

Does Fortify support passkeys (WebAuthn) for passwordless login?

Yes, Fortify added passkey support in v1.37.0. Enable it via `Fortify::enablePasskeys()` in your `AuthServiceProvider`. It requires browser/device support for WebAuthn and falls back to traditional methods if unavailable.

How do I customize Fortify’s password reset or registration rules?

Override default rules by modifying `Fortify::passwordRules()` or `Fortify::registrationRules()` in your `AuthServiceProvider`. For example, enforce stricter passwords with `['min:12', 'confirmed']`. You can also extend the `CreateNewUser` or `ResetUserPassword` actions.

Will Fortify work with Laravel Sanctum for API authentication?

Absolutely. Fortify integrates seamlessly with Sanctum for API token generation. Configure Sanctum’s `HasApiTokens` trait on your user model and ensure `Fortify::createTokensUsing()` points to Sanctum’s token creation logic.

How do I test Fortify’s authentication flows in PHPUnit/Pest?

Use Laravel’s HTTP testing helpers to simulate auth flows. For example, test login with `post('/login', ['email' => 'user@example.com', 'password' => 'password'])` and assert responses. Fortify includes built-in tests for 2FA, password resets, and email verification.

What happens if I need to add custom logic to the login/registration process?

Extend Fortify’s controllers by overriding methods in `app/Providers/FortifyServiceProvider.php`. For example, modify `AttemptToAuthenticate` to add pre-login validation or inject custom logic into `CreateNewUser`. Events like `Attempting` or `Authenticated` can also trigger custom actions.

Does Fortify support multi-tenancy (e.g., Laravel Nova or custom scopes)?

Fortify works with global scopes but may require tenant-aware user providers for multi-tenancy. Override `Fortify::user()` in your service provider to resolve the current tenant’s user. Test thoroughly with `Fortify::fake()` to simulate tenant-specific auth flows.

Are there performance concerns with Fortify in production, especially with 2FA?

Fortify is optimized for performance with minimal overhead. For 2FA, cache recovery codes or use `php artisan fortify:rotate-recovery-codes` to batch-rotate codes. Monitor password hashing (Laravel’s bcrypt is efficient) and consider Octane for high-traffic apps.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Fortify Laravel Package

laravel/fortify

Frontend-agnostic authentication backend for Laravel. Provides endpoints and services for registration, login, password reset, email verification, and two-factor authentication. Used by Laravel Starter Kits; you bring the UI (Blade, Inertia, SPA, etc.).

View on GitHub

Deep Wiki

Context7

Backend controllers and scaffolding for Laravel authentication.

Frequently asked questions about Fortify

What Laravel and PHP versions does Fortify support?: Fortify supports Laravel 11–13 (latest stable) and requires PHP 8.2+. It dropped PHP 8.1 support in v1.37.0, so ensure your environment meets these requirements. Check the [release notes](https://github.com/laravel/fortify/releases) for version-specific changes.
Can I use Fortify with a React/Vue SPA or only traditional Laravel apps?: Fortify is frontend-agnostic and works with SPAs, mobile apps, or traditional Laravel apps. For SPAs, use Sanctum for API tokens (configured via `Fortify::createTokensUsing()`). The backend logic remains identical regardless of frontend.
How do I enable two-factor authentication (2FA) with Fortify?: Enable 2FA by publishing Fortify’s config (`php artisan vendor:publish --tag=fortify-config`) and setting `two_factor` to `true` in `config/fortify.php`. Migrate the database with `php artisan migrate`, then use the built-in 2FA scaffolding (TOTP or recovery codes).
Does Fortify support passkeys (WebAuthn) for passwordless login?: Yes, Fortify added passkey support in v1.37.0. Enable it via `Fortify::enablePasskeys()` in your `AuthServiceProvider`. It requires browser/device support for WebAuthn and falls back to traditional methods if unavailable.
How do I customize Fortify’s password reset or registration rules?: Override default rules by modifying `Fortify::passwordRules()` or `Fortify::registrationRules()` in your `AuthServiceProvider`. For example, enforce stricter passwords with `['min:12', 'confirmed']`. You can also extend the `CreateNewUser` or `ResetUserPassword` actions.
Will Fortify work with Laravel Sanctum for API authentication?: Absolutely. Fortify integrates seamlessly with Sanctum for API token generation. Configure Sanctum’s `HasApiTokens` trait on your user model and ensure `Fortify::createTokensUsing()` points to Sanctum’s token creation logic.
How do I test Fortify’s authentication flows in PHPUnit/Pest?: Use Laravel’s HTTP testing helpers to simulate auth flows. For example, test login with `post('/login', ['email' => 'user@example.com', 'password' => 'password'])` and assert responses. Fortify includes built-in tests for 2FA, password resets, and email verification.
What happens if I need to add custom logic to the login/registration process?: Extend Fortify’s controllers by overriding methods in `app/Providers/FortifyServiceProvider.php`. For example, modify `AttemptToAuthenticate` to add pre-login validation or inject custom logic into `CreateNewUser`. Events like `Attempting` or `Authenticated` can also trigger custom actions.
Does Fortify support multi-tenancy (e.g., Laravel Nova or custom scopes)?: Fortify works with global scopes but may require tenant-aware user providers for multi-tenancy. Override `Fortify::user()` in your service provider to resolve the current tenant’s user. Test thoroughly with `Fortify::fake()` to simulate tenant-specific auth flows.
Are there performance concerns with Fortify in production, especially with 2FA?: Fortify is optimized for performance with minimal overhead. For 2FA, cache recovery codes or use `php artisan fortify:rotate-recovery-codes` to batch-rotate codes. Monitor password hashing (Laravel’s bcrypt is efficient) and consider Octane for high-traffic apps.

Popularity trends

Recorded values over time (once-a-day snapshots). May 7, 2026 – Jun 5, 2026

GitHub · stars

GitHub · forks

GitHub · watchers

Packagist · monthly downloads

View on GitHub

Stars

1,744

Favorites

1,744

Forks

331

Score

50.3

Score breakdown

Sum of components, capped 0–100. Halved if archived.

Stars

input: 1744

+8.7
Forks

input: 331

+9.9
Open issues + PRs

input: 6

+0.6
Releases

input: 36

+10.8
Recency

input: 20

+18.9
Issue opportunity

input: 5

+0.8
Laravel News mentions

input: 0

+0.0
Dependents

input: 0

+0.0

Total 49.8

Opportunity

53.7

Opportunity score breakdown

Hidden gem signal × 0.65 + contribution need × 0.35, scaled by health factor.

Hidden gem

log(monthly_downloads / (stars + 1)) × 25

81.2
Contribution need

open_issues + open_prs: 6

5.1
Health factor

archived + recency + open issues

×0.99

Total 53.8

License

MIT

Last release

May 15, 2026

Watchers

Downloads

3M/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

hexters/coinpayment

rjcodes/rjcms

act-training/laravel-permissions-manager

alimarchal/laravel-chart-of-accounts

babenkoivan/elastic-scout-driver

mkwebdesign/filament-watchdog-v5

renatomarinho/laravel-page-speed

zedmagdy/filament-business-hours

renatovdemoura/blade-elements-ui

devgeek/beacon-admin

benjamin-rqt/data-watcher-bundle

atriumphp/atrium

sandermuller/package-boost-laravel

sandermuller/boost-skills

redaxo/core

yusufgenc/filament-api-forge

l3aro/rating-star-for-filament

leek/filament-subtenant-scope

anil/file-picker

broqit/fields-ai