Authenticate via email link

We are in the process of migrating a website to Kirby that incorporates a members area. Members are supposed to login via the frontend or in the panel directly (that depends on their role). So far nothing special.

Thing is:

  • The members tend to forget their passwords. All. The. Time.
  • And they are struggeling to reset their passwords. All. The. Time.

So I was asking myself, if it was possible to ditch passwords all along and have some kind of login via email system: the users enter their email address and get a one-time login link via email on submit.

First question: does this make sense at all?
Second question: would it be possible with Kirby?

Yes to both. You can create your own login logic.

Do we have any plugin around yet that show full frontend and backend code for this?

None that I know of.


Maybe the Userskit can help you as a reference.

Take a look at registrationbyemail which should be straightforward to adapt to your needs. (It has a page and email template as well as the necessary controller logic).

So basically:

  1. a user enters his/her e-mail address and submits your custom login form
  2. catch the POST in a controller (or route):
    1. validate the form (e.g. valid e-mail and a honeypot)
    2. generate a token (and maybe a timestamp)
    3. store it in the user’s profile
    4. and send it via email
  3. the user clicks on the link in the e-mail
  4. catch the GET in a controller (or route):
    1. find the user with that token
    2. (maybe check the timestamp to limit the validity)
    3. and login the user on success