Magic Links

Magic links are secure, time-sensitive URLs that enable passwordless authentication. When users request access, they receive a link via email that logs them in upon clicking. This eliminates the need for passwords, enhancing security and simplifying the user experience.

You can see the implementation below

https://github.com/madewithnovel/novel/blob/main/app/auth/passwordless.ts

https://github.com/madewithnovel/novel/blob/main/app/api/internal/v1/auth-passwordless/index.ts

You can create a different Magic Links flow by following this guide

Confugration

You will need to set up the after_login setting if you have changed the default page structure in Novel Web.

If you changed /web/app/(app)/dashboard to /web/app/(app)/apps for example, you will need to change the configuration in /config/auth.js .

config/auth.js
/**
 * Override the redirects here with the custom pages that you have so you can reference
 * them easily in your server code.
 */
routes: {
	login: '/login',
	mfa: '/login/mfa',
	forget: '/login/forget',
	link: '/login/link',
	verify: '/mail/verify',
	signup: '/signup',
	
	logout: '/logout',
},

API

You can use /auth/passwordless to perform a Magic Link flow.

Auth by Strategy

post

Authenticate by strategy available to the application.

Path parameters
strategystringRequired
Body
emailstring · emailOptional
passwordstringOptional
Responses
200
Authentication successful. Redirecting to next step...
application/json
post
POST /auth/{strategy} HTTP/1.1
Host: 
Content-Type: application/json
Accept: */*
Content-Length: 44

{
  "email": "[email protected]",
  "password": "text"
}
{
  "redirect_to": "text"
}

Auth Passwordless

get

Authenticate by passwordless strategy available to the application.

Responses
301
Authentication successful. Redirecting to next step...
application/json
Responseany

Authentication successful. Redirecting to next step...

get
GET /auth/passwordless/verify HTTP/1.1
Host: 
Accept: */*
301

Authentication successful. Redirecting to next step...

No content

Changelog

  • 2024-12-20 - Initial Documentation

Last updated

Was this helpful?