Drupal is a registered trademark of Dries Buytaert
Protected Pages 3.0.0 Major update available for module protected_pages (3.0.0). Commerce Core 3.3.8 Minor update available for module commerce (3.3.8). Search API HTML Element Filter 1.0.7 Minor update available for module search_api_html_element_filter (1.0.7). Layout Builder Reorder 2.0.1 Minor update available for module layout_builder_reorder (2.0.1). Ban 1.1.0 Minor update available for module ban (1.1.0). Field Formatter Range 2.0.0 Major update available for module field_formatter_range (2.0.0). Field Formatter Range 8.x-1.8 Minor update available for module field_formatter_range (8.x-1.8). UI Patterns (SDC in Drupal UI) 2.0.18 Minor update available for module ui_patterns (2.0.18). Search API Solr 4.3.11 Module search_api_solr updated after 14 months of inactivity (4.3.11). Provus Mega Menu Module provus_mega_menu crossed 1,000 active installs.

Magic Login Link

39 sites Security covered
View on drupal.org

This module enables passwordless login for Drupal sites by sending users a one-time link via email. Users can request a magic link from the login page, and clicking the link authenticates them without a password. It offers configurable expiry times, customizable email templates, and maintains Drupal's security standards.

Adds HTMX-powered passwordless authentication to Drupals core login form. Users can request a one-time login link via email. Suitable for sites that want frictionless sign-in without passwords while preserving Drupal security practices.

Requirements

  • Drupal 11.2 (or later)
  • HTMX module (drupal/htmx ^1.5)

Features

  • HTMX-powered passwordless authentication
  • Configurable magic link expiry times
  • Customizable email templates with token support
  • CSRF protection and security features

Configuration

  • Go to Configuration > People > Magic Link (/admin/config/people/magic-link).
  • Set link expiry (e.g., 15m, 1h, 24h).
  • Customize email templates and token settings.
  • Optionally set a default destination after login.

Email templates support tokens; ensure outbound email is configured.

Usage

On the core login page, users click "Send me a magic link", enter their email, and receive a one-time login URL.

The module validates the token, logs the user in, and redirects to the configured destination.

Drush Command

Generate persistent magic links for development:

# Generate link for user 1 (1 hour expiry)
drush mli

# Generate link for user 123 (24 hour expiry)
drush mli --expire=24h --uid=123

# Generate link with custom destination
drush mli --expire=3d --destination=/admin 

Permissions

  • Ensure the "Request magic link" route is accessible to anonymous users (default).
  • Normal Drupal mail permissions/rate-limits apply if customized at site level.

Security considerations

  • Links are single-use and time-limited.
  • CSRF protections are in place around the request lifecycle.
  • Treat magic links like passwords: do not share or log them in plaintext.

Activity

Total releases
8
First release
Oct 2025
Latest release
9 months ago
Releases (12 mo)
8 ▲ from 0
Maintenance
Slowing

Release Timeline

Releases

Version Type Release date
1.0.6 Stable Oct 16, 2025
1.0.0 Stable Oct 16, 2025
1.0.5 Stable Oct 12, 2025
1.0.4 Stable Oct 8, 2025
1.0.3 Stable Oct 8, 2025
1.0.2 Stable Oct 8, 2025
1.0.1 Stable Oct 6, 2025
1.x-dev Dev Oct 6, 2025