PHPackages                             muffin/hyperlinkauth - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. muffin/hyperlinkauth

ActiveCakephp-plugin[Authentication &amp; Authorization](/categories/authentication)

muffin/hyperlinkauth
====================

Password-less authentication for CakePHP 3

9231[1 issues](https://github.com/UseMuffin/HyperlinkAuth/issues)PHP

Since Mar 25Pushed 10y ago4 watchersCompare

[ Source](https://github.com/UseMuffin/HyperlinkAuth)[ Packagist](https://packagist.org/packages/muffin/hyperlinkauth)[ RSS](/packages/muffin-hyperlinkauth/feed)WikiDiscussions master Synced today

READMEChangelogDependenciesVersions (1)Used By (0)

HyperlinkAuth
=============

[](#hyperlinkauth)

[![Build Status](https://camo.githubusercontent.com/a7480db99182866c39ae36e5a6a424078558d120b013ca2c7a0c602fbb562292/68747470733a2f2f696d672e736869656c64732e696f2f7472617669732f5573654d756666696e2f48797065726c696e6b417574682f6d61737465722e7376673f7374796c653d666c61742d737175617265)](https://travis-ci.org/UseMuffin/HyperlinkAuth)[![Coverage](https://camo.githubusercontent.com/f30e8ed9fc9f7cb66256eff36b22d779ac203935dd5d8b9f189ee07b5e41a2ac/68747470733a2f2f696d672e736869656c64732e696f2f636f6465636f762f632f6769746875622f5573654d756666696e2f48797065726c696e6b417574682e7376673f7374796c653d666c61742d737175617265)](https://codecov.io/github/UseMuffin/HyperlinkAuth)[![Total Downloads](https://camo.githubusercontent.com/9a773729c51daeb6498bb38b742feb974c79e33f67a738ec172fb80b2a9a5619/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f6d756666696e2f68797065726c696e6b617574682e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/muffin/hyperlinkauth)[![License](https://camo.githubusercontent.com/942e017bf0672002dd32a857c95d66f28c5900ab541838c6c664442516309c8a/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d626c75652e7376673f7374796c653d666c61742d737175617265)](LICENSE)

Password-less authentication for CakePHP 3.

Send a login hyperlink upon user's email submission on login page.

1. User submits email
2. System sends link after validating email
3. User clicks link
4. System authenticates user after validating token

Install
-------

[](#install)

Using [Composer](http://getcomposer.org):

```
composer require muffin/hyperlinkauth:1.0.x-dev

```

You then need to load the plugin. You can use the shell command:

```
bin/cake plugin load Muffin/HyperlinkAuth

```

or by manually adding statement shown below to your app's `config/bootstrap.php`:

```
Plugin::load('Muffin/HyperlinkAuth');
```

Usage
-----

[](#usage)

```
// src/Controller/AppController.php
public function initialize()
{
    $this->loadComponent('Auth', ['authenticate' => ['Muffin/HyperlinkAuth.Hyperlink']]);
}
```

And then create your login action:

```
// src/Controller/UsersController.php
public function login()
{
    if (!$this->request->is('post') && !$this->request->is('token')) {
        return;
    }

    $user = $this->Auth->identify();

    if ($user === true) {
        $this->Flash->success(__('A one-time login URL has been emailed to you'));
        return;
    }

    if ($user) {
        $this->Auth->setUser($user);
        return $this->redirect($this->Auth->redirectUrl());
    }

    $this->Flash->error(__('Email is incorrect'), [
        'key' => 'auth'
    ]);
}
```

If you noticed, this is very similar to the [default way of doing things](http://book.cakephp.org/3.0/en/controllers/components/authentication.html#identifying-users-and-logging-them-in), with the difference that it checks for a `token` type of request and handling `$user === true` (returned when email is sent).

For sending the email, there are different approaches you can take. The simplest one (demonstrated here), uses the `UsersController` as the object listening to the `Auth.afterIdentify` event. A mailer would be another way of handling that.

The code:

```
// src/Controller/UsersController.php
public function implementedEvents()
{
    return parent::implementedEvents() + [
        'Auth.afterIdentify' => 'afterIdentify',
    ];
}

public function afterIdentify(Event $event, $result, HyperlinkAuthenticate $auth)
{
    if (!$this->request->is('post')) {
        return;
    }

    $token = $auth->token($result);

    $url = Router::url($this->Auth->config('loginAction') + ['?' => compact('token')], true);
    Email::deliver($result['email'], 'Login link', $url, ['from' => 'no-reply@' . env('HTTP_HOST')]);

    return true;
}
```

Patches &amp; Features
----------------------

[](#patches--features)

- Fork
- Mod, fix
- Test - this is important, so it's not unintentionally broken
- Commit - do not mess with license, todo, version, etc. (if you do change any, bump them into commits of their own that I can ignore when I pull)
- Pull request - bonus point for topic branches

To ensure your PRs are considered for upstream, you MUST follow the [CakePHP coding standards](http://book.cakephp.org/3.0/en/contributing/cakephp-coding-conventions.html).

Bugs &amp; Feedback
-------------------

[](#bugs--feedback)

License
-------

[](#license)

Copyright (c) 2016, [Use Muffin](http://usemuffin.com) and licensed under [The MIT License](http://www.opensource.org/licenses/mit-license.php).

###  Health Score

22

—

LowBetter than 21% of packages

Maintenance18

Infrequent updates — may be unmaintained

Popularity13

Limited adoption so far

Community11

Small or concentrated contributor base

Maturity41

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 100% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

### Community

Maintainers

![](https://www.gravatar.com/avatar/ccb57ae849b67ade8d9c1e266bc2868183bbcf07fb6c66c2d45254a452272d54?d=identicon)[jadb](/maintainers/jadb)

![](https://www.gravatar.com/avatar/e31753bdd616948c7c8978ea9b5805378f75bfa62564e69c0aa2fd67aaf418c5?d=identicon)[ADmad](/maintainers/ADmad)

---

Top Contributors

[![jadb](https://avatars.githubusercontent.com/u/33527?v=4)](https://github.com/jadb "jadb (3 commits)")

### Embed Badge

![Health badge](/badges/muffin-hyperlinkauth/health.svg)

```
[![Health](https://phpackages.com/badges/muffin-hyperlinkauth/health.svg)](https://phpackages.com/packages/muffin-hyperlinkauth)
```

###  Alternatives

[kartik-v/yii2-password

Useful password strength validation utilities for Yii Framework 2.0

761.2M17](/packages/kartik-v-yii2-password)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)