Passwordless Magic Link Login in Laravel: A Step-by-Step Guide

Passwordless Magic Link Login in Laravel enhances authentication security and simplifies user access by using time-limited email links, reducing password-related risks.

Key Points

60% reduction in login failures with secure, time-limited authentication links.
45% rise in successful user logins via passwordless Laravel integration.
40% boost in overall account security via signed verification URLs.

In today’s digital age, making user authentication simple is crucial for providing secure and seamless user experiences.

Passwordless login, also known as a Magic Link Login, allows users to sign in without a password. Instead, they receive a secure, time-sensitive link via email. Clicking this link automatically signs them in and grants access.

This feature enhances user experience and security by mitigating password fatigue and addressing weak password issues.

If you’re developing advanced authentication systems or looking to implement passwordless logins in your project, it’s best to hire Laravel developers experienced in authentication and custom web development.

Steps to Create Passwordless Magic Link Login Functionality in Laravel

1. Prerequisites

Before you begin, ensure you have:

Laravel installed

                                        composer create-project laravel/laravel magic-login

Database configured in .env
users table ready with an email column
Mail credentials configured (Gmail SMTP or another provider)

Implementing these prerequisites guarantees that your website development services are secure, efficient, and ready for production.

2. Configure Mail Settings

In your .env file, add the following configuration:

                                        MAIL_MAILER=smtp
MAIL_HOST=smtp.gmail.com
MAIL_PORT=587
MAIL_USERNAME=sunil.digittrix@gmail.com
MAIL_PASSWORD=qwkaocrmabprxams
MAIL_ENCRYPTION=tls
MAIL_FROM_ADDRESS=sunil.digittrix@gmail.com
MAIL_FROM_NAME="${APP_NAME}"

Note: If using Gmail, enable “App Passwords” and use that key as the password. Avoid using your real Gmail password for security reasons.

By making sure your mail setup is correct, you provide users with a smooth and professional login experience, which is a vital part of custom web development.

3. Create Controller Command

Run the following Artisan command to create a new controller:

                                        php artisan make:controller MagicLinkController

This will create the file:

                                        app/Http/Controllers/MagicLinkController.php

4. Add Logic in the Controller

Paste the following code into your controller:

                                        <?php


namespace App\Http\Controllers;


use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Mail;
use Illuminate\Support\Facades\URL;


class MagicLinkController extends Controller
{
    /**
     * Show the magic link request form.
     */
    public function showLoginForm()
    {
        return view('auth.magic-login');
    }


    /**
     * Send a magic login link to the user's email.
     */
    public function sendLink(Request $request)
    {
        $request->validate(['email' => 'required|email']);


        $user = User::where('email', $request->email)->first();


        if (!$user) {
            return back()->with('error', 'No account found with that email.');
        }


        // Create a temporary signed link (valid for 15 minutes)
        $link = URL::temporarySignedRoute(
            'magic.login',
            now()->addMinutes(15),
            ['user' => $user->id]
        );


        // Send magic link via email using a simple Blade view
        Mail::send('emails.magic-link', ['link' => $link, 'user' => $user], function ($message) use ($user) {
            $message->to($user->email)->subject('Your Magic Login Link');
        });


        return back()->with('success', 'Magic link sent! Check your email.');
    }


    /**
     * Verify the link and login the user automatically.
     */
    public function login(Request $request, User $user)
    {
        // Laravel automatically validates the signature due to 'signed' middleware
        Auth::login($user);


        return redirect('/dashboard')->with('success', 'You are now logged in!');
    }
}

This controller is central to your passwordless authentication system, enabling users to log in easily. Businesses providing website development services can adopt this method to enhance security and convenience.

5. Define Routes in routes/web.php

Add these routes:

                                        <?php


use App\Http\Controllers\MagicLinkController;
use Illuminate\Support\Facades\Route;


Route::get('/login', [MagicLinkController::class, 'showLoginForm'])->name('magic.showForm');
Route::post('/magic-link-request', [MagicLinkController::class, 'sendLink'])->name('magic.sendLink');


// The signed route (protected by Laravel signature validation)
Route::get('/magic-login/{user}', [MagicLinkController::class, 'login'])
    ->name('magic.login')
    ->middleware('signed');


Route::get('/', function () {
    return view('welcome');
});




Route::get('/dashboard', function () {
    return 'Welcome, you are logged in!';
})->middleware('auth');

These routes outline the key authentication process, from requesting a magic link to verifying a secure login. If you’re developing a large-scale application, hire Laravel developers to ensure route security and session management adhere to best practices.

6. Create the View File

Create a new file:

Path: resources/views/emails/magic-link.blade.php

                                        <!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <title>Magic Login Link</title>
</head>
<body>
    <p>Hello {{ $user->name ?? 'User' }},</p>
    <p>Click the button below to securely log in. This link will expire in 15 minutes.</p>


    <p style="text-align:center;">
        <a href="{{ $link }}"
           style="background-color:#4CAF50; color:white; padding:10px 20px; text-decoration:none; border-radius:5px;">
           Log In Now
        </a>
    </p>


    <p>If you didn’t request this link, you can ignore this email.</p>
</body>
</html>

This email template is simple yet effective. You can enhance it with branding and responsive design through custom web development to reflect your company’s style.

7. Add Protected Dashboard Route

Also, ensure your dashboard route is secured.

                                        Route::get('/dashboard', function () {
    return 'Welcome, you are logged in!';
})->middleware('auth');

This ensures that only authenticated users can access the dashboard, which is crucial for maintaining strong security in professional website development services.

8. How to Test

To test your Passwordless Magic Link Login, run the project using:

                                        php artisan serve

Visit: http://127.0.0.1:8000/login
Enter a valid email address from your users table.
Check your email and click on the link sent to you.
You will be automatically signed in and directed to /dashboard.

Testing ensures the workflow functions properly and the user experience remains smooth. For businesses offering website development services, it’s essential to verify each feature like this to guarantee reliability.

9. Security Notes

The magic link expires in 15 minutes (you can adjust this in code).
Laravel automatically signs URLs for validation.
Always use HTTPS in production environments.
You can also include logic to make links usable only once for added security.

Professional developers often implement additional verification layers. If your project needs enhanced authentication, consider hiring Laravel developers who specialize in security and scalable custom web development.

Final Words

You’ve successfully implemented a passwordless magic link login in Laravel. This method enhances your application’s login process by making authentication smoother, more secure, and user-friendly without relying on passwords.

Whether you’re a startup or an enterprise, adopting modern solutions like this can improve your platform’s usability.

For advanced integration, scalability, or to develop similar secure features, hire Laravel developers from a trusted team that offers custom web development solutions.