Funnily, I’ve had the most success with ‘secret links’ that grant admin rights for something (could be a special route or just a GET param)
Not secure, not best UX, but it’s so easy to do. 😊

writen by Kirill Rogovoy
I’m doing that with http://Grundsteuereinspruch.online|Grundsteuereinspruch.online as well. It’s a randomly (true random) generated hash basically that is part of the URL. So you have to know the hash to access

writen by Benedikt
Yeah same with me.
In one app, it just a ‘special admin link’ that I send in the email. Once you open it, given that it’s valid, you get the admin cookie for 7 days. It’s just https://normal/url/?a=SECRET

writen by Kirill Rogovoy
You only need to make sure there’s not browser history entry with the secret string. I always call history.replaceState as soon as I kick off the auth process

writen by Kirill Rogovoy
I am still confused. So the user want to access their dashboard: 1- They click on login 2- Add their email 3- They get an email with a token: https://dashboard/token 4- They access to that dashboard
is that it?

writen by Tiago Ferreira
Frameworks like Laravel do all the login scaffolding for you if you are looking to do a traditional login.

writen by Philip