Funnily, I’ve had the most success with ‘secret links’ that grant admin rights for something (could be a special route or just a GET param)
Not secure, not best UX, but it’s so easy to do. 😊
![](https://avatars.slack-edge.com/2022-10-23/4260000903925_b66896ec1e36ec067d14_72.jpg)
writen by Kirill Rogovoy
I’m doing that with http://Grundsteuereinspruch.online|Grundsteuereinspruch.online as well. It’s a randomly (true random) generated hash basically that is part of the URL. So you have to know the hash to access
![](https://secure.gravatar.com/avatar/aec99942da9c84888960ccd6933a4ee7.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0026-72.png)
writen by Benedikt
Yeah same with me.
In one app, it just a ‘special admin link’ that I send in the email. Once you open it, given that it’s valid, you get the admin cookie for 7 days. It’s just https://normal/url/?a=SECRET
![](https://avatars.slack-edge.com/2022-10-23/4260000903925_b66896ec1e36ec067d14_72.jpg)
writen by Kirill Rogovoy
You only need to make sure there’s not browser history entry with the secret string. I always call history.replaceState as soon as I kick off the auth process
![](https://avatars.slack-edge.com/2022-10-23/4260000903925_b66896ec1e36ec067d14_72.jpg)
writen by Kirill Rogovoy
I am still confused. So the user want to access their dashboard: 1- They click on login 2- Add their email 3- They get an email with a token: https://dashboard/token 4- They access to that dashboard
is that it?
![](https://avatars.slack-edge.com/2021-07-28/2322213143667_f9ad35c2dec28da258a5_72.jpg)
writen by Tiago Ferreira
Frameworks like Laravel do all the login scaffolding for you if you are looking to do a traditional login.
![](https://avatars.slack-edge.com/2021-11-12/2704595455095_0b60e87416c8fbdd4fd4_72.png)
writen by Philip