The one-click login experience is powered by the Browser Token module. It enables administrators, support staff, or browser extensions to authenticate users without sharing passwords.
BrowserTokenLogin::setup() registers settings, enqueues admin assets, and exposes REST routes when the browser_extension module toggle is active.【F:app/Logins/BrowserTokenLogin/BrowserTokenLogin.php†L13-L33】lmn_save_popup() to assist in generating tokens directly from the dashboard.【F:app/Logins/BrowserTokenLogin/BrowserTokenLogin.php†L25-L29】/browser-token/generate endpoint authenticates WordPress credentials, signs a JWT with a site-specific secret, and persists token metadata in user meta for later revocation.【F:app/Logins/BrowserTokenLogin/Route.php†L16-L20】【F:app/Logins/BrowserTokenLogin/JWTAuth.php†L31-L144】login_me_now_secret_key option. Algorithms default to HS256 but can be overridden via the login_me_now_algorithm filter.【F:app/Logins/BrowserTokenLogin/JWTAuth.php†L248-L309】/browser-token/validate decodes the token, checks issuer consistency, ensures the token ID is marked active, and returns sanitized user data for client consumption.【F:app/Logins/BrowserTokenLogin/JWTAuth.php†L158-L221】/browser-token/generate-onetime-number. Keys are stored as transients with customizable lifetimes through the login_me_now_onetime_number_expire filter.【F:app/Logins/BrowserTokenLogin/Route.php†L16-L33】【F:app/Logins/BrowserTokenLogin/OnetimeNumber.php†L18-L60】All token activity is logged through the Simple History integration when enabled, providing traceability for token generation, validation, and login events.【F:app/Logins/BrowserTokenLogin/JWTAuth.php†L118-L142】【F:app/Integrations/SimpleHistory/SimpleHistory.php†L11-L36】
Continue with Magic Link to explore email-based authentication.