[Plugin] OJS Magic Login – Passwordless Login for OJS

Hello PKP Community,

I’d like to share a new plugin I’ve been developing for OJS and I’m looking for volunteers willing to test it in real-world journal environments.

OJS Magic Login

OJS Magic Login allows users to sign in without a password by receiving a secure, time-limited login link via email (commonly known as a “magic link” or passwordless authentication). Passwordless login is becoming increasingly common across web applications because it reduces login friction and eliminates many password-related support requests.

Repository

GitHub Repository (OJS Magic Login)

Current Features

  • Passwordless login using email-based magic links
  • Secure, time-limited authentication tokens
  • Works alongside existing OJS authentication
  • No passwords required during login
  • Simple user experience for authors, reviewers, editors, and readers

Why I Built It

Many journal users:

  • Forget their passwords
  • Struggle to remember usernames
  • Abandon submissions because of login issues
  • Generate unnecessary password reset requests

The goal is to make authentication as simple as entering an email address and clicking a link received in the inbox.

Looking for Testers

I’m particularly interested in feedback from administrators running:

  • OJS 3.4.x
  • OJS 3.5.x
  • Single-journal installations
  • Multi-journal installations
  • Journals with large author/reviewer communities

Feedback Requested

I’d appreciate reports on:

  • Installation experience
  • Compatibility issues
  • User experience
  • Security concerns
  • Performance observations
  • Feature requests

If you test the plugin, please include:

  • OJS version
  • PHP version
  • Mail configuration (SMTP, Sendmail, etc.)
  • Any error messages or screenshots

Known Limitations

This is still under active development and should be considered experimental until it has been tested across a wider range of OJS installations.

Future Ideas

Potential enhancements include:

  • One-click login from editorial notifications
  • Configurable token expiration
  • Login activity logging
  • Optional disabling of password authentication
  • Additional security controls

I would be grateful for any testing, bug reports, suggestions, or code contributions.

Thank you to the PKP community for helping improve OJS through shared development and feedback.