If you only want to authenticate users that are also "activated", for example, it's as simple as passing an extra argument to Auth::attempt().
No need for complex middleware or global scopes.
Auth::attempt( [ ...$request->only('email', 'password'), fn ($query) => $query->whereNotNull('activated_at') ], $this->boolean('remember'));
Tip given by @LukeDowning19
Enjoyed This Tip?
Get access to all premium tutorials, video and text courses, and exclusive Laravel resources. Join our community of 10,000+ developers.
Recent Courses on Laravel Daily
Practical Laravel Security: Packages, Secrets, Supply-Chain Attacks
7 lessons
43 min read
Next.js Basics for Laravel Developers
11 lessons
58 min
Queues in Laravel 13
18 lessons
1 h 12 min read