Passwordless authentication is a method whereby users access an app without entering passwords. It is the most effective way to reduce risky password management practices and prevent credential theft attacks.
Above is an architecture diagram of a Passwordless authentication flow.
we will be using this laravel packagelaravel-passwordless-authentication to implement a passwordless authentication by sending a magic link to the user's email address to authenticate them.
Install
Setup new Laravel application
composer create-project laravel/laravel passwordless-appInstallLaravel Breeze to scaffold quick UI
composer require laravel/breeze--devphp artisan breeze:installphp artisan migratenpminstallnpm run devInstall passwordless package and follow instruction to setup package.
composer require norbybaru/passwordless-authphp artisan vendor:publish--provider="NorbyBaru\Passwordless\PasswordlessServiceProvider"--tag="passwordless-config"php artisan vendor:publish--provider="NorbyBaru\Passwordless\PasswordlessServiceProvider"--tag="passwordless-migrations"php artisan migrate1. Mail driver Setup
Setup mail driver withmailtrap.io. Copy below values into your .env and replaceMAIL_USERNAME andMAIL_PASSWORD with your correct credentials frommailtrap.io.
MAIL_MAILER=smtpMAIL_HOST=smtp.mailtrap.ioMAIL_PORT=2525MAIL_USERNAME=MAIL_PASSWORD=MAIL_ENCRYPTION=tlsMAIL_FROM_ADDRESS=support@example.testMAIL_FROM_NAME="${APP_NAME}"2. User Model Setup
Setup User model to work withlaravel-passwordless-authentication package by extendingCanUsePasswordlessAuthenticatable::class and implementingPasswordlessAuthenticatable::class on the model.
<?phpnamespaceApp\Models;useIlluminate\Database\Eloquent\Factories\HasFactory;useIlluminate\Foundation\Auth\UserasAuthenticatable;useIlluminate\Notifications\Notifiable;useLaravel\Sanctum\HasApiTokens;useNorbyBaru\Passwordless\CanUsePasswordlessAuthenticatable;useNorbyBaru\Passwordless\Traits\PasswordlessAuthenticatable;classUserextendsAuthenticatableimplementsCanUsePasswordlessAuthenticatable{useHasApiTokens,HasFactory,Notifiable,PasswordlessAuthenticatable;...}3. Login Form
Update login form to capture only email address of user as an identifier to send magic link to login.
4. Login Route
Update login route inroutes/auth.php to require an email address and uselaravel-passwordless-authentication package to send magic link token.
Route::post('login',function(Request$request){$validated=$request->validate(['email'=>'required|email|exists:users|max:255',]);$status=Passwordless::magicLink()->sendLink($validated);returnredirect()->back()->with(['status'=>trans($status)]);});5. Update Translation
Add filepasswordless.php under translation directorylang/en/passwordless.php with the following values to show correct message back to user depending on response status from sending magic link to user.
<?phpreturn['sent'=>'Login link sent to inbox.','throttled'=>'Login link was already sent. Please check your inbox or try again later.','invalid_token'=>'Invalid link supplied. Please request new one.','invalid_user'=>'Invalid user info supplied.','verified'=>'Login successful.',];Final Steps
Start your application and make sure to create or seed some dummy user to test login flow with them.
Top comments(0)
For further actions, you may consider blocking this person and/orreporting abuse
