Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
i want to know is this a valid approach for login without password?
https://gist.github.com/redhat127/b4ca5e77f75060f918e4bec19fdefef2
@redhat127 The magic link approach in the provided Gist is a valid passwordless authentication method, but it requires proper security measures like link expiration and single-use tokens to prevent unauthorized access.
Compared to other passwordless methods like WebAuthn (more secure but complex) or OTPs (simpler but reliant on delivery speed), magic links provide a balanced approach between security and user convenience which is not present in your given link, unfortunately.
@tisuchi well it does have link expiration which is 30 minutes ( i guess i could make it less ), but what do you mean by single use token? generally , what should i do to make it better?
...what do you mean by single use token? generally , what should i do to make it better?
Single-use tokens mean that each magic link should only be valid for one login attempt. This prevents replay attacks, where an attacker could reuse an old link to log in again.
@tisuchi thank you
Please or to participate in this conversation.