Login links, also called "magic links", are a passwordless authentication mechanism. When a user wants to login in your application, a new link is generated and sent to them (e.g. using an email). The user only has to click on the link to fully authenticate in the application.
This authentication method is becoming increasingly popular because it helps companies eliminate most of the customer support related to authentication (e.g. I forgot my password, how can I change or reset my password, etc.) That's why Symfony 5.2 adds support for login links.
Follow these steps to start using login links:
- Add the
login_link
option to your firewall and configure the behavior of this feature (the expiration time of links, how many times a link can be used, the properties used to generate the hash of the URL, etc.) - Add a new page in your application where users can input their email address to request a new login link.
- Generate the login link with the service provided by Symfony (
LoginLinkHandlerInterface
) and send it to the user (e.g via email using the Notifier component).
That's all! We spent a lot of time designing this feature to balance the highest possible out-of-the-box security and the nicest user experience. Read the login link documentation to learn all about this feature.
Great addition! Is the Url Hashing Mechanism available as a separate package?
@Daniel Sentker, you can use https://github.com/nayzo/NzoUrlEncryptorBundle
I ask because I've already created a similar bundle. It creates URLs with a signature and fits perfectly into the Symfony infrastructure: https://github.com/dsentker/url-signature-bundle