onetimelogin
34 sites
Security covered
The One-Time Login Link module provides secure, single-use login URLs for Drupal users. It now includes a full REST API, OpenAPI/Swagger documentation, Drush commands, usage statistics, and link revocation, making it suitable for both UI and programmatic workflows.
Key Features
- Generate secure one-time login links via UI, REST API, or Drush.
- Configurable expiration and single-use enforcement.
- Short URL hashes with cryptographic randomness.
- Rate limiting per user/IP to prevent abuse.
- Manual revocation (UI, API, Drush) with audit trail.
- Usage statistics dashboard and API endpoint.
- Optional email delivery of generated links.
- OpenAPI/Swagger UI for interactive API exploration.
REST API & Documentation
- Interactive API Docs:
/api/docs/onetimelogin - OpenAPI Spec:
/api/v1/onetimelogin/openapi.json - Endpoints: generate, check, revoke, list, statistics
Drush Commands
drush otl:generate <uid> drush otl:check <hash> drush otl:revoke <hash> drush otl:statistics
Post-Installation
- Enable the module and grant permissions.
- Use the contextual link on user profiles to generate URLs.
- Optionally configure rate limits, expiration, and email notifications.
Additional Requirements
No external dependencies. Compatible with Drupal 10 and 11.
Recommended Modules/Libraries
- Admin Toolbar – Better administrative UX.
- REST UI – Easier REST permission setup.
Similar Projects
- Password Reset Link – Similar concept with extra steps.
- Login As User – Direct admin impersonation without one-time links.
This module focuses on secure, single-use links with full API support and auditing.
Supporting this Module
Contributions are welcome via issues, patches, and documentation improvements on Drupal.org.
Community Documentation
- Drupal Documentation
- DrupalPod – Try Drupal online.