Authenticate via email link

The CMS Questions
1

We are in the process of migrating a website to Kirby that incorporates a members area. Members are supposed to login via the frontend or in the panel directly (that depends on their role). So far nothing special.

Thing is:

  • The members tend to forget their passwords. All. The. Time.
  • And they are struggeling to reset their passwords. All. The. Time.

So I was asking myself, if it was possible to ditch passwords all along and have some kind of login via email system: the users enter their email address and get a one-time login link via email on submit.

First question: does this make sense at all?
Second question: would it be possible with Kirby?

2

Yes to both. You can create your own login logic. https://getkirby.com/docs/reference/plugins/extensions/panel-login

3

Do we have any plugin around yet that show full frontend and backend code for this?

4

None that I know of.

5

Thanks!

6

Maybe the Userskit can help you as a reference.

Take a look at registrationbyemail which should be straightforward to adapt to your needs. (It has a page and email template as well as the necessary controller logic).

So basically:

  1. a user enters his/her e-mail address and submits your custom login form
  2. catch the POST in a controller (or route):
    1. validate the form (e.g. valid e-mail and a honeypot)
    2. generate a token (and maybe a timestamp)
    3. store it in the user’s profile
    4. and send it via email
  3. the user clicks on the link in the e-mail
  4. catch the GET in a controller (or route):
    1. find the user with that token
    2. (maybe check the timestamp to limit the validity)
    3. and login the user on success