New in Symfony 5.2: Login links

Warning: This post is about an unsupported Symfony version. Some of this information may be out of date. Read the most recent Symfony Docs.

Contributed by
Ryan Weaver
in #38177.

Login links, also called “magic links”, are a passwordless authentication mechanism. When a user wants to login in your application, a new link is generated and sent to them (e.g. using an email). The user only has to click on the link to fully authenticate in the application.

This authentication method is becoming increasingly popular because it helps companies eliminate most of the customer support related to authentication (e.g. I forgot my password, how can I change or reset my password, etc.) That’s why Symfony 5.2 adds support for login links.

Follow these steps to start using login links:

  • Add the login_link option to your firewall and configure the behavior of this feature (the expiration time of links, how many times a link can be used, the properties used to generate the hash of the URL, etc.)
  • Add a new page in your application where users can input their email address to request a new login link.
  • Generate the login link with the service provided by Symfony (LoginLinkHandlerInterface) and send it to the user (e.g via email using the Notifier component).

That’s all! We spent a lot of time designing this feature to balance the highest possible out-of-the-box security and the nicest user experience. Read the login link documentation to learn all about this feature.

Help the Symfony project!

As with any Open-Source project, contributing code or documentation is the most common way to help, but we also have a wide range of sponsoring opportunities.


Great addition! Is the Url Hashing Mechanism available as a separate package?
@Daniel Sentker, you can use
I ask because I've already created a similar bundle. It creates URLs with a signature and fits perfectly into the Symfony infrastructure:

Comments are closed.

To ensure that comments stay relevant, they are closed for old posts.