Introduction

Passwordless authentication for Laravel. No passwords, no hassle. Users enter their email and receive a one-time login link.

Installation

Migrate an existing app

If you are replacing an existing Laravel auth flow, use the included PROMPT.md with your AI coding agent. It gives the agent package-specific instructions for installing this package, updating your auth UI, removing old password routes, preserving redirects and middleware, and verifying the magic-link flow.

Copy the contents of PROMPT.md into your AI coding agent.

Install Package

composer require harrisonclewis/laravel-passwordless

Run migrations:

php artisan migrate

Optional — publish the configurations

php artisan vendor:publish --tag=passwordless-config
php artisan vendor:publish --tag=passwordless-views

Usage

Sending authentication link

<form method="POST" action="{{ route('passwordless.store') }}">
    @csrf
    <input type="email" name="email" placeholder="you@example.com" />
    <button type="submit">Login</button>
</form>

@if (session(config('passwordless.flash')))
    <p>Check your email for a login link.</p>
@endif

For Inertia apps, you can use the flash prop page.flash.passwordless, or from the configured flash key if you changed passwordless.flash.

Routes

The package registers two routes automatically:

Point your login form at route('passwordless.store') and the rest is handled for you.

Registration

By default, users who don't have an account are created automatically when they submit their email. Disable this if you want to restrict login to existing users only:

// config/passwordless.php
'register' => false,

Configuration

// config/passwordless.php
return [
    'redirect'      => '/',           // Where to send the user after login
    'register'      => true,          // Auto-create users for unknown emails
    'token_lifetime' => 900,          // Link expiry in seconds (default: 15 min)
    
    ... others
];

Requirements

• PHP ^8.1
• Laravel ^10.0|^11.0|^12.0|^13.0

License

MIT