This module provides a authentication provider and a service that allows you to
generate a key to authenticate a user for exactly one request.

The authentication provider is global, like "Cookie" authentication that comes with core's user module, so once enabled it will apply to all of Drupal.

Generated keys are valid for 15 minutes only. This is currently not configurable, but we may make it configurable in future releases.

WARNING

Generating keys for user 1 (the super user account) will let people with that key do anything the super user account can do.
While this is the whole point of this module, you should use it carefully.

How to use this module

Step 1:
Ask the service for a key:

$uid = 'The uid of your favourite user';
$key = \Drupal->service('one_time_key_auth')->generateKeyFor($uid);

Step 2:

Within 15 minutes of generating the key, make a request to Drupal with the GET or POST value of "otka=$key".

Drupal will treat the request as if the requester were logged in as the user the key was generated for.

Once the key is use, it will no longer be valid.

Supporting organizations: 
Coldfront Labs Inc.

Project information

Releases

2.0.2 Stable release covered by the Drupal Security Team released 17 June 2022
Works with Drupal: ^8 || ^9 || ^10
✓ Recommended by the project’s maintainer.
Install:

Development version: 2.0.x-dev updated 17 Jun 2022 at 01:02 UTC

Using Composer to manage Drupal site dependencies