magic link support about gotrue HOT 9 CLOSED

Another question - if someone has logged in with email and password, should we also allow them to trigger a "Magic link" email, then login without their password?

I'd say yes, we can assume a user's email to be a secure channel, seeing that reset password uses the same channel.

from gotrue.

will depend on changes to the recovery flow #18

from gotrue.

from gotrue.

from gotrue.

finishing the spec for this

assumptions:

• we add some method to gotrue-js sendMagicLink(email)

outstanding questions:

• what should happen if the user does not yet exist?

  • error message
  • create the user and then send them a magic link afterwards
  • add this as an option sendMagicLink(email, { createUserIfNotExists : true })

• do we need a new email template for magic links, or should we have people use the recovery email template? (My thinking here is that we can implement this without changing gotrue API too much)

  • one thing that Thor pointed out is that some people may want to have both magic link and password recovery email templates (although the way they work is pretty much the same)

preference @kiwicopple @thorwebdev ?

from gotrue.

what should happen if the user does not yet exist?

As a developer you'd expect the user to be created, if they don't exists already. Throwing an error doesn't make sense, and neither does a createUserIfNotExists, since I can't think of a situation where you don't want to create a user? (Magic links are a form of sign up)

one thing that Thor pointed out is that some people may want to have both magic link and password recovery email templates (although the way they work is pretty much the same)

I agree here, it would be more similar to a sign up email. Can we use the signup email template, and only trigger it if a new user is created?

from gotrue.

Can we use the signup email template, and only trigger it if a new user is created?

But what email do we then send when the user already exists and just wants to log in? I do think this needs to be a separate route and a separate template, and ideally would be merged back into netlify's gotrue as I think it's a useful feature. Wdyt?

from gotrue.

what email do we then send when the user already exists and just wants to log in?

True. So the route would have to :

• check if the user exists
  • if not exists
    • create user
    • send an email with login link
  • if exists
    • send an email with login link

The login link email and the password recovery email will be quite different so I think you're right about requiring a GoTrue modification.

Another question - if someone has logged in with email and password, should we also allow them to trigger a "Magic link" email, then login without their password?

from gotrue.

🎉 This issue has been resolved in version 1.3.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

from gotrue.