PHPackages                             berny/one-time-access-bundle - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. berny/one-time-access-bundle

Abandoned → [xphere/one-time-access-bundle](/?search=xphere%2Fone-time-access-bundle)ArchivedSymfony-bundle[Authentication &amp; Authorization](/categories/authentication)

berny/one-time-access-bundle
============================

Authenticate your users in a Symfony2 application through a one-time access url

1.2(9y ago)611.7k4[3 issues](https://github.com/xphere/one-time-access-bundle/issues)MITPHP

Since Nov 27Pushed 9y ago1 watchersCompare

[ Source](https://github.com/xphere/one-time-access-bundle)[ Packagist](https://packagist.org/packages/berny/one-time-access-bundle)[ Docs](https://github.com/xphere/OneTimeAccessBundle)[ RSS](/packages/berny-one-time-access-bundle/feed)WikiDiscussions master Synced 2mo ago

READMEChangelogDependencies (1)Versions (6)Used By (0)

xphere/one-time-access-bundle
=============================

[](#xphereone-time-access-bundle)

Do you ever wanted to authenticate your users in a Symfony2 application through a *one-time access url*?

Seek no more! This is your bundle! :D

[![SensioLabsInsight](https://camo.githubusercontent.com/8a9ba225b9603a21d23fb7a6aace2575c71b32902c7eed5d0f6b36a59e726722/68747470733a2f2f696e73696768742e73656e73696f6c6162732e636f6d2f70726f6a656374732f65306131376334612d666363382d346531302d393065642d3263363031633430363932342f736d616c6c2e706e67)](https://insight.sensiolabs.com/projects/e0a17c4a-fcc8-4e10-90ed-2c601c406924)

⚠ Note ⚠
--------

[](#-note-)

Mind the package rename

- Before `1.0.0`: `berny/one-time-access-bundle`
- After `1.0.0`: `xphere/one-time-access-bundle`

Why I would want that?
----------------------

[](#why-i-would-want-that)

You can use one-time access urls for:

- Access to "Forgot your password?" forms
- [Password-less systems](http://notes.xoxco.com/post/27999787765/is-it-time-for-password-less-login)

Features
--------

[](#features)

- Customizable urls
- User defined token generation and retrieval
- Multiple firewalls

Compatibility
-------------

[](#compatibility)

Tested under Symfony2 2.1.1 and greater

Installation
------------

[](#installation)

### From [composer/packagist](https://getcomposer.org)

[](#from-composerpackagist)

- Add `"xphere/one-time-access-bundle": "^1.1"` to your `composer.json` file
- Add the bundle to your kernel with `new xPheRe\OneTimeAccessBundle\xPheReOneTimeAccessBundle()`

Usage
-----

[](#usage)

Add a `one_time_access` key in any firewall with, at least, a `route`.

```
security:
    firewalls:
        root:
            one_time_access:
                route: acme_myapp_ota
```

The current user provider must implement `OneTimeAccessBundle\Security\Provider\ProviderInterface`.

```
security:
    provider:
        users:
            entity:
                # AcmeMyAppBundle:UserRepository implements ProviderInterface
                class: AcmeMyAppBundle:User

    firewalls:
        root:
            provider: users
            one_time_access:
                route: acme_myapp_ota
```

You can set the `ota_provider` key to define a different service implementing the interface.

```
services:
    acme.myapp.ota.repository:
        class: Acme\\MyAppSecurity\\UserProvider

security:
    firewalls:
        root:
            one_time_access:
                route: acme_myapp_ota
                ota_provider: acme.myapp.ota.repository
```

By default, `route` must have a `_token` parameter to extract the one-time access token.

```
    acme_myapp_ota:
        pattern: ^/autologin/{_token}
        defaults: { _controller: AcmeMyAppBundle:Login:oneTimeAccess }
```

This can be customized with the `parameter` key.

```
security:
    firewalls:
        root:
            one_time_access:
                route: acme_myapp_ota
                parameter: otatoken
```

Of course, you can define your routes as always, using YAML, XML, annotations... you name it.

Token generation
----------------

[](#token-generation)

This bundle doesn't cover token generation. It's up to you to create unique tokens and link them to the user.

This could be part of a Doctrine implementation:

```
class OTARepository extends EntityRepository implements ProviderInterface
{
    public function generateOTA($user)
    {
        $token = md5($user->getUsername() . time());
        $ota = new YourOneTimeAccessEntity($user, $token);
        $this->getEntityManager()->persist($ota);
        $this->getEntityManager()->flush($ota);
        return $ota;
    }

    public function loadUserByOTA($token)
    {
        $ota = $this->findOneByToken($token);
        if ($ota) {
            // Remember, user must be defined as EAGER in OTAEntity
            return $ota->getUser();
        }
    }

    public function invalidateByOTA($token)
    {
        $ota = $this->findOneByToken($token);
        $this->getEntityManager()->remove($ota);
        $this->getEntityManager()->flush();
    }
}
```

Route generation
----------------

[](#route-generation)

Route generation is up to you too. Yes! Are we being lazy, you say? Nope! This means FULLY CUSTOMIZABLE routes for your one-time access links.

For example:

```
$ota = $oneTimeAccessRepository->generateOnetimeAccess($user);
$url = $this->generateUrl('acme_myapp_ota', array(
    '_token' => $ota->getToken(),
));
```

###  Health Score

32

—

LowBetter than 72% of packages

Maintenance10

Infrequent updates — may be unmaintained

Popularity26

Limited adoption so far

Community9

Small or concentrated contributor base

Maturity67

Established project with proven stability

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~44 days

Total

5

Last Release

3640d ago

Major Versions

0.9 → 1.02015-11-27

### Community

Maintainers

![](https://www.gravatar.com/avatar/608fb6577803c78b31cf7ade299388f44ffe2e13f4cc773c331944773cca6b97?d=identicon)[xphere](/maintainers/xphere)

---

Top Contributors

[![xphere](https://avatars.githubusercontent.com/u/170968?v=4)](https://github.com/xphere "xphere (11 commits)")

---

Tags

bundlesecurityAuthenticationaccessone-timeotapassword less

### Embed Badge

![Health badge](/badges/berny-one-time-access-bundle/health.svg)

```
[![Health](https://phpackages.com/badges/berny-one-time-access-bundle/health.svg)](https://phpackages.com/packages/berny-one-time-access-bundle)
```

###  Alternatives

[lusitanian/oauth

PHP 7.2 oAuth 1/2 Library

1.1k23.2M121](/packages/lusitanian-oauth)[gfreeau/get-jwt-bundle

This Symfony bundle provides a security listener to return a JWT

86591.6k3](/packages/gfreeau-get-jwt-bundle)[fp/openid-bundle

Symfony2 OpenID security extension

5243.1k2](/packages/fp-openid-bundle)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)