Authenticate users using a magic link

Fast and secure passwordless authentication for the masses.

Buy me a coffee ☕️

Requirements

• PHP >= 7.1.3
• Laravel >= 5.6, 6.0 or 7.0

Installation

First, install the package via the Composer package manager:

$ composer require soved/laravel-magic-auth

After installing the package, you should publish the configuration file:

$ php artisan vendor:publish --tag=magic-auth-config

Add the Soved\Laravel\Magic\Auth\Contracts\CanMagicallyLogin interface to the App\User model:

<?php

namespace App;

use Illuminate\Notifications\Notifiable;
use Soved\Laravel\Magic\Auth\Traits\CanMagicallyLogin;
use Illuminate\Foundation\Auth\User as Authenticatable;
use Soved\Laravel\Magic\Auth\Contracts\CanMagicallyLogin as CanMagicallyLoginContract;

class User extends Authenticatable implements CanMagicallyLoginContract
{
    use Notifiable, CanMagicallyLogin;
}

Finally, add the Soved\Laravel\Magic\Auth\Traits\CanMagicallyLogin trait to the App\User model to implement the interface.

Usage

This package exposes two endpoints, one to request a magic link (magic/email) and one to authenticate using the magic link (magic/login). Your application should make a POST call, containing the user's email address, to request a magic link. The magic link will be send via email using a notification. Feel free to customize the notification by overriding the CanMagicallyLogin@sendMagicLinkNotification method.

Middleware

You may want to register the Soved\Laravel\Magic\Auth\Http\Middleware\AuthenticateWithMagicLink middleware to ensure users are authenticated via a magic link.

Security Vulnerabilities

If you discover a security vulnerability within this project, please send an e-mail to Sander de Vos via sander@tutanota.de. All security vulnerabilities will be promptly addressed.

License

This package is open-source software licensed under the MIT license.