Skip to content
Switch branches/tags
Go to file

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

One Time Login Plugin

The One Time Login Plugin is for Grav CMS. It generates a one-time login URL to automatically authenticate as an existing user.


Installing the One Time Login plugin can be done in one of two ways. The GPM (Grav Package Manager) installation method enables you to quickly and easily install the plugin with a simple terminal command, while the manual method enables you to do so via a zip file.

GPM Installation (Preferred)

The simplest way to install this plugin is via the Grav Package Manager (GPM) through your system's terminal (also called the command line). From the root of your Grav install type:

bin/gpm install one-time-login

This will install the One Time Login plugin into your /user/plugins directory within Grav. Its files can be found under /your/site/grav/user/plugins/one-time-login.

Manual Installation

To install this plugin, just download the zip version of this repository and unzip it under /your/site/grav/user/plugins. Then, rename the folder to one-time-login. You can find these files on GitHub or via

You should now have all the plugin files under


NOTE: This plugin is a modular component for Grav which requires the following:


Before configuring this plugin, you should copy the user/plugins/one-time-login/one-time-login.yaml to user/config/plugins/one-time-login.yaml and only edit that copy.

Here is the default configuration and an explanation of available options:

enabled: true

Defaults plugin to enabled after installation

otl_route: /otl

Defines initial page where otl authentication will occur

base_otl_utl: http://default

Defines base for the OTL link generation. Customize based on your environment.


From the commandline, you can generate one-time login URL's.

$ bin/plugin one-time-login user-login [username]


$ bin/plugin one-time-login uli [username]

Paste the URL into a browser to authenticate as that user.


  1. If you wish to use the OTL with the admin plugin, you'll need to change the split cookie from true to false inside the user/config/system.yaml file. Otherwise, this otl url will only authenticate to the front-facing site and not admin.
  2. Using an OTL url will bypass 2FA.

To do

  • Add a notice about OTL time expirations.


Generates OTL Urls from the command line.




No packages published