Django app for managing tokenised 'magic link' logins.
Project description
Django Magic Link
Opinionated Django app for managing "magic link" logins.
This app is not intended for general purpose URL tokenisation; rather it is designed to support a single use case - so-called "magic link" logins.
There are lots of alternative apps that can support this use case, including the project from which
this has been extracted - django-request-tokens
. The reason for yet another one is to handle the
real-world challenge of URL caching / pre-fetch, where intermediaries use URLs with unintended
consequences.
This packages supports a very specific model:
- User is sent a URL to log them in.
- User clicks on the link, and which does a GET request to the URL.
- User is presented with a confirmation page, but is not logged in.
- User clicks on a button and performs a POST to the same page.
- The POST request authenticates the user, and deactivates the token.
The advantage of this is the email clients do not support POST links, and any prefetch that attempts a POST will fail the CSRF checks.
The purpose is to ensure that someone actively, purposefully, clicked on a link to authenticate themselves. This enables instant deactivation of the token, so that it can no longer be used.
In practice, without this check, many tokenised authentication links are "used up" before the intended recipient has clicked on the link.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for django-magic-link-0.1.dev1.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5bb17df54b024aa91c64d236438f1800b28d47362772085044eaff6a62cf6937 |
|
MD5 | 4ccdf000eaabbf3d4388ca7fc825b070 |
|
BLAKE2b-256 | 1d4747f9a1baff677dedd0709933f5458fe8feb7f4d0d7b28bb3632be40c87e4 |
Hashes for django_magic_link-0.1.dev1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | ca0f1a870c7076db4f8b27242ce82c1f26aa109528b05479ba99e76bee5d21c5 |
|
MD5 | fe62bf839107a2692b4bc376d305c8cc |
|
BLAKE2b-256 | 9cbbbafa4d6d664d4588ff43806c7d19b5087398961148d8fa545ab6a0530078 |