grazulex/laravel-oneclicklogin

Passwordless authentication via magic links for Laravel applications - secure, single-use, time-limited URLs for seamless user login.

Maintainers

Details

github.com/Grazulex/laravel-oneclicklogin

Homepage

Source

Issues

Forum

Wiki

Documentation

Fund package maintenance!
Grazulex
paypal.me/strauven

Installs: 3

Dependents: 0

Suggesters: 0

Security: 0

Stars: 3

Watchers: 1

Forks: 1

Open Issues: 0

v1.0.0 2025-08-25 20:25 UTC

Requires

Requires (Dev)

MIT df3395796bf0af7fdc337954c425d95186e1e8fe

  • Jean-Marc Strauven <jms.woop@grazulex.be>

AuthenticationlaravelsecuretokenPasswordlessphp8magic-linkoneclicklogin

This package is auto-updated.

Last update: 2025-08-28 13:58:04 UTC

README

Laravel OneClickLogin

Passwordless authentication via magic links for Laravel applications - secure, single-use, time-limited URLs for seamless user login.

A powerful Laravel package for creating passwordless authentication with comprehensive security features and audit trails.

Latest Version Total Downloads License PHP Version Laravel Version Tests Code Style

๐Ÿš€ Overview

Laravel OneClickLogin is a comprehensive package for implementing passwordless authentication in your Laravel applications. Perfect for creating secure, time-limited magic links that provide seamless user login without passwords, with complete audit trails and advanced security features.

โœจ Key Features

  • ๐Ÿ” Passwordless Authentication - Replace or complement password-based login
  • โฐ Time-Limited Access - Set expiration dates and usage limits
  • ๐Ÿ”’ Security-by-Default - Signed, hashed tokens with short expirations
  • ๐Ÿšซ Rate Limiting - Per-email and per-IP rate limiting to prevent abuse
  • ๐ŸŒ IP & Device Binding - Optional IP address and device fingerprint binding
  • ๐Ÿ” Signed URLs - Laravel signed route integration for additional security
  • ๐Ÿ”ฅ Single-Use Links - Magic links that expire after first successful use
  • ๐Ÿ“Š Comprehensive Auditing - Track access patterns, IPs, and timestamps
  • ๐Ÿ›ก๏ธ Advanced Security - OTP step-up authentication for suspicious devices
  • ๐ŸŽญ MultiPersona Integration - Include persona/tenant/role context in links
  • ๐Ÿ“ง Flexible Delivery - Support for email, SMS, and custom notification channels
  • ๐Ÿ“‹ Management API - Revoke and extend links programmatically
  • ๐ŸŽจ CLI Commands - Full Artisan command support
  • ๏ฟฝ Observability - Built-in logging and metrics integration
  • ๐Ÿ”— ShareLink Integration - Optional delivery layer with analytics and audit trails
  • ๐Ÿงช Test-Friendly - Comprehensive test coverage with easy mocking

๐Ÿ“ฆ Installation

Install the package via Composer:

composer require grazulex/laravel-oneclicklogin

Publish and run the migrations:

php artisan vendor:publish --tag="oneclicklogin-migrations"
php artisan migrate

Optionally, publish the configuration file:

php artisan vendor:publish --tag="oneclicklogin-config"

๐Ÿ’ก Auto-Discovery: The service provider will be automatically registered thanks to Laravel's package auto-discovery.

โšก Quick Start

๐Ÿ“– Need more examples? Check out our Examples Gallery for e-commerce, SPA, and multi-tenant scenarios.

๐Ÿš€ Basic Usage

use Grazulex\OneClickLogin\Facades\OneClickLogin;

// Send a magic link with expiration
$link = OneClickLogin::to($user)
    ->via('mail')
    ->expireIn(15) // 15 minutes
    ->withContext(['redirect' => '/dashboard'])
    ->send();

echo $link->getSignedUrl(); // https://yourapp.com/login/magic?token=abc123xyz

๐Ÿ“ง Email Magic Links

// Send via email with custom context
OneClickLogin::to($user)
    ->via('mail')
    ->expireIn(30) // 30 minutes
    ->maxUses(1)
    ->withContext([
        'redirect' => '/profile',
        'remember' => true
    ])
    ->send();

๐Ÿ“ฑ SMS Magic Links

// Send via SMS
OneClickLogin::to($user)
    ->via('sms')
    ->expireIn(10) // 10 minutes
    ->withContext(['redirect' => '/mobile-dashboard'])
    ->send();

๐ŸŽญ MultiPersona Integration

// Magic link with persona context
OneClickLogin::to($user)
    ->via('mail')
    ->expireIn(30)
    ->withContext([
        'persona' => 'client',
        'tenant'  => 123,
        'role'    => 'admin',
        'redirect'=> '/admin/dashboard',
        'remember'=> true
    ])
    ->bindIp() // Optional IP binding
    ->bindDevice($request) // Optional device binding
    ->send();

๐Ÿ”ฅ Advanced Security Features

// Secure magic link with IP restrictions and OTP step-up
OneClickLogin::to($user)
    ->via('mail')
    ->expireIn(15)
    ->bindIp() // Bind to current IP
    ->bindDevice($request) // Bind to device fingerprint
    ->withContext([
        'redirect' => '/secure-area',
        'otp_required' => true // Require OTP for suspicious access
    ])
    ->send();

// Create without sending for custom delivery
$link = OneClickLogin::create($user, [
    'ttl' => 30,
    'context' => ['redirect' => '/billing'],
]);

๐Ÿ”ง Requirements

โ€ข PHP 8.3+ โ€ข Laravel 11.0+ | 12.0+

๐Ÿ“‹ Compatibility Matrix: See our Installation Guide for detailed Laravel/PHP compatibility.

๐Ÿ“š Complete Documentation

For comprehensive documentation, examples, and advanced usage guides, visit our Wiki:

๐Ÿ“– ๐Ÿ‘‰ Laravel OneClickLogin Wiki

The wiki includes:

๐ŸŽจ Artisan Commands

Laravel OneClickLogin includes powerful CLI commands for managing your magic links:

# Send a magic link
php artisan oneclicklogin:send user@example.com --via=mail --ttl=15

# List all magic links
php artisan oneclicklogin:list --active --expired

# Revoke a specific link
php artisan oneclicklogin:revoke abc123xyz

# Clean up expired links
php artisan oneclicklogin:prune --days=7

# Test magic link generation
php artisan oneclicklogin:test user@example.com

๐Ÿ”ง Configuration

The package comes with sensible defaults, but you can customize everything:

// config/oneclicklogin.php
return [
    'ttl_minutes' => 15,
    'max_uses' => 1,
    'guard' => 'web',
    
    'security' => [
        'ip_binding' => false,
        'device_binding' => false,
        'enable_otp_step_up' => false,
        'hash_algorithm' => 'sha256',
        'signed_urls' => true,
    ],
    
    'rate_limit' => [
        'issue_per_email_per_hour' => 5,
        'consume_per_ip_per_min' => 20,
    ],
    
    'multi_persona' => [
        'enabled' => true,
        'keys' => ['persona', 'tenant', 'role'],
    ],
];

๐Ÿ”ง Troubleshooting

Common Issue: API vs CLI Discrepancy

If OneClickLogin::for()->generate() fails but CLI commands work, this is typically an environment setup issue, not a package bug:

# Quick fix - ensure clean environment
php artisan migrate:fresh
php artisan cache:clear
php artisan config:clear

# Then test
php artisan tinker
>>> OneClickLogin::for('test@example.com')->generate();

For testing, always use RefreshDatabase:

use Illuminate\Foundation\Testing\RefreshDatabase;

class YourTest extends TestCase {
    use RefreshDatabase; // โ† Prevents environment issues
}

๐Ÿ‘‰ Full troubleshooting guide: Wiki Troubleshooting

๐Ÿงช Testing

composer test

๐Ÿค Contributing

Please see the Contributing Guide for details.

๐Ÿ”’ Security

If you discover any security-related issues, please email jms@grazulex.be instead of using the issue tracker.

๐Ÿ“ Changelog

Please see the Changelog for more information on what has changed recently.

๐Ÿ“„ License

The MIT License (MIT). Please see License File for more information.

๐Ÿ‘ฅ Credits

โ€ข Jean-Marc Strauven โ€ข All Contributors

๐Ÿ’ฌ Support

โ€ข ๐Ÿ› Report Issues โ€ข ๐Ÿ’ฌ Discussions โ€ข ๐Ÿ“– Documentation

Laravel OneClickLogin - Passwordless authentication for Laravel applications with comprehensive security features and audit trails.