Magic Login Links on Laravel My Way
work February 28, 2020
Magic Login Links for Laravel - An Origin Story
At my day job, we run soccer camps where a few hundred athletes and their parents get together with a bunch of college coaches for a few days of fun and training. All the information that the coaches, parents, athletes, chaperones, and our staff need to make it a successful event comes to them through a Laravel app. We were really excited the first time we used it. Until we realized that of the 600 or so people that wanted to use it, only about 30 remembered what they’d used as a password when they registered. Lots of them didn’t even remember what email address they’d used, forcing one of our people on the ground to spend most of the morning helping people reset their passwords. I heard about it on Monday and I like quiet Mondays. So I had to solve it quickly.
By the next event a few days later I’d slapped together a password-free login system the way we always have. Create a token with an expiration time, store it in the database, and send the user a URL that contains that token. If the token is fresh and valid the user is logged in. I set it up to text a login link to every attendee about an hour before camp so everyone had what they needed when they arrived. It worked perfectly.
My boss liked it so much that he started asking for the same sort of thing for every new project we took on, whether internally or for a client. Because it’s relatively simple I never bothered to extract it into a package. I just built it every time I needed it. So now there are about 30 version of the same thing floating around and it’s starting to drive me nuts. I want to get a single standard solution I could plug into my existing and new projects.
What I love about using Laravel’s temporary signed routes for magic login links is that they don’t require me to create a database table or store any records. Everything I need to create the signed URL and validate it is built right into the system. All I had to do was wrap that validation around Auth::login().
I’m pretty happy with the way this package turned out and I invite you to give it a try in your own application. grosv/laravel-passwordless-login: A simple, safe magic login link generator for Laravel