Replies: 2 comments 3 replies
-
|
I'm wondering the same thing! We're actually running into a pretty big blocker for using the magic link in its current form. That is, if your email app on your mobile device uses an in-app browser it opens there first and invalidates the link. This can also happen if your email client auto-crawls the link to grab a preview. I was thinking this might be able to be solved in a couple ways:
I've seen #2 before in the wild and that's pretty slick. My other alternative to this is likely just going to be SMS auth, since the bast majority of our user base is phone/sms based anyway. |
Beta Was this translation helpful? Give feedback.
-
|
@VaZark oh FWIW I just found #1465, which looks like it proposes what you're looking for. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks ! I'll follow that discussion as well |
Beta Was this translation helpful? Give feedback.
-
|
NP, and quick followup: I'm probably going to end up going with #1 and building out something a little more custom like what's proposed in #709. I'm also planning to add SMS as well anyway so I'm hoping I can piggyback off of some of that (i.e. SMS vs. Email is really just the delivery mechanism). Will try to report back when I end up figuring out a more concrete solution! |
Beta Was this translation helpful? Give feedback.
-
|
Ramiel’s guide at the end of the discussion seems like a good place to start. It just needs to be abstracted and integrated with the library. Steps required are probably
I’ll be down to help an hour or so for a week, if you want to try upstreaming it |
Beta Was this translation helpful? Give feedback.
-
Emailprovider already uses a magic link to redirect users and enable the session.
Since, sending a secret (like sms) is also a standard practice for login. It’d great if we reuse that with email with a parameter like
type=secretIn the config or have a separate adapter.Beta Was this translation helpful? Give feedback.
All reactions