Passwordless login and API

Hi,

I would like to use passwordless login as the only option for the panel. However, if I disable password login I am not able to use the API. Since the API uses the passwords only. Any ideas on how to make this happen? Thanks!

My config.php for disabling password login:

return [
    'auth' => [
        'methods' => 'code'
    ]
];

Did you check your email transport configuration?

Hi Manuel,

Yes, I did. I am able to login trough passwordless login. The emails are being delivered as they should.

The problem is, that the API uses passwords to authenticate. So when I disable password login, I am not able to use the API anymore (apart from the panel).

Are you talking about accessing the API from the frontend or from another server?

Sorry for the confusion. I would like to access the API from another server. So, authenticating with HTTP Basic Auth (Authentication | Kirby CMS)

You could try to set the allowed methods conditionally, depending on whether it is a local or remote request, I think.

That sounds like a solution… I will give that a try! :grinning_face_with_smiling_eyes:

Since I have a user for API (read-only) access, I ended up using the following in my config. Only allow password login if request matches that specific user. Thanks for thinking along!

// ONLY ALLOW PASSWORD LOGIN FOR API USER
$allowedAuthMethods = ['code'];
if (isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_USER'] == 'api@example.com') {
  $allowedAuthMethods = ['password'];
}


return [
  'auth' => [
    'methods' => $allowedAuthMethods;
  ]
],