The command: opencli user-login <USERNAME> allows you to generate an auto-login link for OpenPanel users.
Example:
# opencli user-login demo
https://demo.openpanel.org:2083/login_autologin?admin_token=yCWO4LiR8jvBK57cfXxTonX1iD5KMg&username=demo
This is handy when you want to share temporary access to an account without sharing the password. For example, you can send it to a WordPress developer troubleshooting a website.
You can still monitor their activity thanks to the 100+ built-in panel actions recorded in the user activity log: OpenPanel > Account > Activity Log and you can also terminate their session anytime: OpenPanel > Account > Active Sessions
Important Notes
- One-time use: Once the login link is used, it becomes immediately invalid and cannot be reused.
- Single link per user: If the link hasn’t been used and you try to create another one, the
opencli user-login command will still show the existing link, as only one auto-login link is allowed per user at a time.
Deleting an Auto-Login Link
If you want to invalidate an auto-login link (e.g., sent to the wrong email), use the --delete flag:
opencli user-login <USERNAME> --delete
Example:
# opencli user-login demo --delete
Auto-login token 'yCWO4LiR8jvBK57cfXxTonX1iD5KMg' for user demo is now invalidated.
Maximum Link Duration
To prevent forgotten or unused links, you can automatically remove all links older than 15 minutes with a cron job:
*/10 * * * * find /etc/openpanel/openpanel/core/users/ -type f -name "logintoken.txt" -mmin +15 -exec rm -f {} \;
This ensures that links expire quickly if not used.
Opening the Link Automatically
If you’re running OpenPanel on a Linux server with a GUI, you can use the --open flag to open the browser automatically instead of copying the link:
opencli user-login <USERNAME> --open