Laravel Passwordless Sign-in/Sign-up

Why would you remember password for yet another website? Isn't enough that you have to remember so many passwords for gmail, hotmail, facebook... Many of them ask you to verify your email account.

For others password is just a shortcut for singing in. When you forget your password there is a "forgot password" link which sends you a reset link. Meaning that your password is not important as long as you have access to your email.

This is usually called passwordless login but it has other names - for example Slack calls it Magic Link.

Slack Magic Link

So why not leveraging email as a way of authentication?

This is not only making sign up and sign in more easier, it removes need for app to handle forgotten passwords and changing passwords. However, it has some downsides. You must have access to your email inbox to sign in.

This was originally tutorial how to build passwordless auth yourself, but since then I created a package that is so far used on couple of projects.

Sign in form

Implementation

Easies way to implement this in Laravel is with a dam1r89/passwordless-auth package. So typical installation for any package:

  1. composer require dam1r89/passwordless-auth

  2. Put dam1r89\PasswordlessAuth\PasswordlessAuthServiceProvider::class, in config/app.php

  3. php artisan vendor:publish --tag=passwordless to publish config

  4. php artisan vendor:publish --tag=passwordless-views to publish views

  5. Run migration php artisan migrate

  6. Implement UsersProvider interface on User model

    use dam1r89\PasswordlessAuth\UsersRepository; use dam1r89\PasswordlessAuth\Contracts\UsersProvider;

    class User extends SparkUser implements UsersProvider { use UsersRepository;

  7. Make sure that email library is configured

  8. Visit /passwordless/login

  9. To configure redirect after successful redirect, change redirect_to in config/passwordless.php

  10. If unauthenticated user tries to access protected route, to automatically redirect them to passwordless login form change /app/Exceptions/Handler.php file. Change return redirect()->guest(route('login')); to return redirect()->guest(route('passwordless.login'));

  11. Customize /resources/views/vendor/passwordless/login.blade.php login view and email template /resources/views/vendor/passwordless/email/link.blade.php

And that is all

Author

I plan to write more articles about common laravel components. If you are interested let’s stay in touch.
comments powered by Disqus