README

A modern, headless, and framework-agnostic passwordless authentication system for Laravel.
Easily send magic links and OTP codes without managing passwords.

🚀 Features

• 🔑 Passwordless login with OTP or magic link
• ⚙️ Configurable OTP length and type (numeric, alpha, alphanumeric)
• 🕒 Expiration control for tokens and magic links
• 📬 Notification-based delivery (email-ready, customizable channel)
• 🧩 Event-driven: PasswordlessTokenCreated, PasswordlessTokenConsumed, PasswordlessLoginSucceeded
• 🌍 Localization-ready (translations publishable)
• 🧪 100% test coverage with Pest + Orchestra Testbench
• 🧱 Fully decoupled — no frontend required

⚙️ Installation

composer require dgtlinf/passwordless

Then publish the configuration and migration with the easy install command:

php artisan passwordless:install

or you can just publish things separately:

php artisan vendor:publish --tag="passwordless-config"
php artisan vendor:publish --tag="passwordless-migrations"
php artisan migrate

🧩 Configuration

File: config/passwordless.php

Key sections:

models

Define which models to use.
You can override both the User model and the Token model.

'models' => [
    'user'  => App\Models\User::class,
    'token' => Dgtlinf\Passwordless\Models\PasswordlessToken::class,
],

notification

Define which notification class is used to deliver OTPs or links, and which route name generates the magic link.

'notification' => [
    'class' => Dgtlinf\Passwordless\Notifications\PasswordlessLoginNotification::class,
    'route' => 'passwordless.magic', // used by URL::temporarySignedRoute()
],

otp

Configure OTP behavior.

'otp' => [
    'length' => 6,
    'type'   => 'numeric', // 'alpha' | 'alphanumeric' | 'numeric'
],

link

Configure token expiration for the magic link.

'link' => [
    'expire_minutes' => 30,
    'token_length'   => 64,
],

prune

Automatic cleanup for old tokens (via Laravel’s model pruning).

'prune' => [
    'enabled' => true,
    'after_days' => 7,
],

🧠 Usage

1️⃣ Add the trait to your User model

use Dgtlinf\Passwordless\Traits\HasPasswordlessLogin;

class User extends Authenticatable
{
    use Notifiable, HasPasswordlessLogin;
}

2️⃣ Trigger passwordless login

use Dgtlinf\Passwordless\Facades\Passwordless;

Passwordless::send($user); // Sends OTP + magic link

3️⃣ Verify OTP or token

Passwordless::verifyOtp($user, $otp);     // via code
Passwordless::verifyToken($user, $token); // via magic link

🧩 Events

The following events are dispatched automatically and can be listened to in your app:

Example listener registration (EventServiceProvider):

protected $listen = [
    Dgtlinf\Passwordless\Events\PasswordlessLoginSucceeded::class => [
        App\Listeners\LogPasswordlessLogin::class,
    ],
];

🌍 Translations

Translations are stored in resources/lang/vendor/passwordless/en/passwordless.php and can be published via:

php artisan vendor:publish --tag="passwordless-translations"

🧪 Testing

Run test suite:

vendor/bin/pest

All tests run using in-memory SQLite and are automatically configured via Orchestra Testbench.

🧾 License

Released under the MIT License.
Copyright © Digital Infinity DOO Novi Sad.

Website: digitalinfinity.rs