Initializing Laravel and Admiral: Auth Setup Without Losing Your Will to Code

Here’s a story you’ve probably lived: you spin up another Laravel admin panel, and what do you end up doing for the tenth time this month? That’s right, handcrafting authentication, fiddling with routing, wiring up yet another set of environment files like it’s 2015. Congrats, you’ve once again mastered the dark art of copying boilerplate.

And worst of all? It’s the frontend-backend integration hell that gets you — gluing things together, debugging invisible CORS errors, manually setting up your auth flow... again. Your business logic? Sitting in the corner. Crying.

That’s why we built Admiral – an open-source admin framework that says, “Hey, maybe you shouldn’t have to rebuild the same scaffolding for the hundredth time.” It standardizes what needs to be standardized, plugs straight into Laravel, and gives you the gift of skipping the boring parts.

Here’s the repo if you want to poke around:
👉 https://github.com/dev-family/admiral

In this article, we’ll walk you through bootstrapping Laravel + Admiral from scratch with proper authentication using Laravel Sanctum. With no fluff or marketing, just real dev-to-dev setup until you’re past the yak shaving and into shipping features.

Installing Laravel

Let’s start with the basics. Create a new directory for our playground:

mkdir admiral-laravel-init && cd admiral-laravel-init

Install Laravel globally like a civilized person:

composer global require laravel/installer

Then create the backend project:

laravel new backend

We’re going to roll with SQLite here for simplicity. It’s one file, it works, and it won’t make you cry during local dev.

Now go into your backend directory and fire up the server:

cd backend && composer run dev

Laravel should be screaming its URL at you — usually something like:

APP_URL: http://localhost:8000

Open it in your browser. If you see the Laravel welcome page, you're alive and on the right track.

Installing Admiral

Time to bring Admiral on deck:

npx create-admiral-app@latest

When it asks, choose the option to install without backend setup. We already have Laravel running our backend show.

Name your frontend directory admin when prompted.

Then jump in and install dependencies like so:

cd admin && npm i

Hook Admiral up with the backend by editing your .env file:

VITE_API_URL=http://localhost:8000/admin

Now build and run the frontend:

npm run build && npm run dev

Your terminal should now say something like:

Local: http://localhost:3000/

Visit that in your browser and — surprise — you're staring at the login page. It does nothing yet, but it looks official, which is half the battle.

Authentication: AKA The Real Work

Now that Laravel and Admiral are up and pretending to like each other, let’s actually wire up the login flow.

We're using Laravel Sanctum, because it plays nice with SPAs and doesn't make you jump through OAuth hoops.

First, install Sanctum’s API features:

php artisan install:api

Now, open up config/auth.php and register a shiny new guard for the admin side of things:

'guards' => [
    'web' => [
        'driver' => 'session',
        'provider' => 'users',
    ],
    'admin' => [
        'driver' => 'sanctum',
        'provider' => 'users',
    ],
],

Oh, and don’t forget to toss HasApiTokens into your User model. It’s Sanctum’s secret sauce.

use HasFactory, Notifiable, HasApiTokens;

The Controller

Now, let’s get a real controller going. Here’s AuthController.php — our bouncer at the admin club:

// [code unchanged]

The Request

We’ll also need a request class that doesn’t let people submit empty forms and still hope for a login:

// [code unchanged]

The Resource

The AuthUserResource.php class makes sure we only send what’s needed to the frontend. No sensitive fields, no surprises.

// [code unchanged]

The Service Layer

Now the actual login logic. We like to keep our services tidy — services/admin/auth is a solid convention. Not required, just smart.

First up:

AuthService.php

// [code unchanged]

Then the trait for login attempt limiting. Because if someone’s slamming your login route, they probably shouldn’t be.

LimitLoginAttempts.php

// [code unchanged]

Routing All This

Create a new route file: routes/admin.php.

Here’s how we expose our login and protect our identity endpoints:

// [code unchanged]

Now wire it into bootstrap/app.php. Laravel 12 makes routing modular, and this is where you plug into that pipeline:

// [code unchanged]

Seeding a Test User

No auth setup is complete without a dummy user to break it with. In database/seeders/DatabaseSeeder.php, add:

User::factory()->create([
    'name' => 'Test User',
    'email' => 'test@example.com',
    'password' => '12345678',
]);

Then seed it:

php artisan db:seed

And restart the server:

composer run dev

Now hit your login form with those credentials and see what happens.

Red error block at the bottom? That’s good. That’s progress. That’s the frontend yelling about a failed login. Means the wiring’s working.

CORS throwing a tantrum? Laravel's got an old-school fix for that:

php artisan config:publish cors

Then open up config/cors.php and make sure your paths include:

'paths' => ['api/*', 'sanctum/csrf-cookie', 'admin/*'],

Now try again. If all is well, you’re in the admin panel. No more excuses. Time to build.

Where We’re At

You’ve just wired up Laravel + Admiral with full authentication using Sanctum. You’ve got proper guards, login throttling, token-based auth, and a clean frontend that talks to your backend like it means it.

Next stop? CRUD. But we’ll save that beast for another day.

If you hit a weird edge case during setup, drop us a line. We’ve probably hit it too — and we’re just as allergic to config hell as you are.