Animesh's Blog

Password-less authentication in Laravel

Photo by Volodymyr Kondriianenko on Unsplash

Password-less authentication in Laravel

Animesh Shrestha's photo
Animesh Shrestha
·

2 min read

Table of contents

Remove Password Field

The first step is to remove the password field from the migration, model, and model factory. This can be achieved by removing the password field from the migration file, model, and model factory. You can do this by editing the migration file and removing the password field from the schema. Here is an example:

Schema::create('users', function (Blueprint $table) {
    $table->id();
    $table->string('name');
    $table->string('email')->unique();
    // Remove password field
    $table->timestamps();
});

Next, you need to remove the password field from the User model. Here is an example:

class User extends Authenticatable
{
    use HasFactory, Notifiable;

    protected $fillable = [
        'name',
        'email',
    ];

    // Remove password field
}

Finally, you need to remove the password field from the UserFactory. Here is an example:

class UserFactory extends Factory
{
    protected $model = User::class;

    public function definition()
    {
        return [
            'name' => $this->faker->name,
            'email' => $this->faker->unique()->safeEmail,
            // Remove password field
        ];
    }
}

Routing

Create a login route as a simple view route. You can use Livewire for this example. The login route should be registered as follows:

Route::get('/login', function () {
    return view('auth.login');
})->name('login');

Create a Signed URL

The main focus of this workflow is to create a signed URL that will allow us to send a specific URL, and only that person should be able to access this URL. You can use the Laravel URL generator to create a signed URL. Here is an example:

use Illuminate\Support\Facades\URL;

$url = URL::temporarySignedRoute(
    'dashboard', now()->addMinutes(30), ['user' => 1]
);

In this example, we are creating a signed URL that will expire in 30 minutes. The URL will point to the 'dashboard' route and will include a user parameter with a value of 1.

Create a magic link to send to the user's email address. The user can click on the link to gain access to the application. You can use the Laravel Mail class to send the magic link to the user's email address. Here is an example:

use Illuminate\Support\Facades\Mail;

Mail::to($user->email)->send(new MagicLink($url));

In this example, we are using the Laravel Mail class to send an email to the user's email address. The email will contain a magic link that the user can click on to gain access to the application.

Conclusion

Password-less authentication is a secure way to reduce risky password management practices and prevent credential theft. Laravel provides a simple way to implement password-less authentication. By following the above steps, you can implement password-less authentication in Laravel.

authenticationLaravel