I'm proud to announce that our team has launched a new package called spatie/laravel-login-link.

In this blog post, I'd like to tell you all about it.

What is a login link, and why should you use it?

When developing an app with an admin section (or any non-public section), you'll likely seed test users to log in. In large teams that work on many different apps, it can be cumbersome to keep track of the right credentials. Is the user account "yourname@company.com", or "test@company.com", or even "admin@company.com"? Is that password "password", "secret", or something else? How do I log in with a user that has a different role?

This package solves that problem by offering a component to render a login link. When clicked, you will be logged in.

Beware, however, that you should never display login links in publicly reachable environments, as it will allow anyone to log in.

Rendering a login link

You can add the x-login-link component to show the login link in your login view. The @env('local') will ensure that the links are only rendered in the local environment.

@env('local')
    <div class="space-y-2">
        <x-login-link email="admin@spatie.be" label="Login as admin"/>
        <x-login-link email="user@spatie.be" label="Login as regular user"/>
    </div>
@endenv

Here's how that might look like in the browser:

The package will log in the first user in your users table by default, but that can be customised. You can add an email attribute, and the user with that mail address will be logged in.

<x-login-link email="admin@example.com"  />

Alternatively, you can specify the key of the user (in most cases, this will be the id)

<x-login-link id="123"  />

You can also specify the attributes of the user that needs to be logged in.

<x-login-link :user-attributes="['role' => 'admin']"  />

If the user that needs to be logged in does not exist, the package will use the factory of your user model to create the user and log that new user in. If you don't want this behaviour, set automatically_create_missing_users in the local-link config file to false.

A login link will redirect you to /. That can be customised by passing a redirect-url attribute.

<x-login-link redirect-url={{ route('dashboard') }}  />

A note on security

Make sure that you only render the links in a local environment by wrapping it in an env check.

@env('local')
	<x-login-link>
@endev

In the controller that performs the login, there's also an additional check to make sure it is only used in the local environment.

In closing

My colleague Rias was the first in our team to add a login link to a project. He got the idea from a blog post (but doesn't remember which one 😅). Because we see ourselves using a login link in every future project, we decided to package it up. We hope that this package will also be handy for your projects.

This isn't the first package that our team has built. On our company website, check out all our open source packages in this long list. If you want to support us, consider picking up any of our paid products.