Login with magic links sent via email
Project description
reflex-magic-link-auth
Generate and verify "magic link" one time passwords for user authentication without complex registration flows.
Installation
pip install reflex-magic-link-auth
Usage
See
magic_link_auth_demo/magic_link_auth_demo.py
for a complete example.
1. Collect the User email
You can use a simple form with a single input field and button, like the example, or present a form prompting for more information, such as a name, address, zip code, etc. Any additional data should be associated with the provided email as the main key for the account.
2. Substate from MagicLinkAuthState
The substate which handles the authentication form submission should be
a substate of reflex_magic_link_auth.MagicLinkAuthState
(alternatively, it
may get an instance of this state via .get_state
API).
3. Generate the OTP
When the user submits the form, generate a one time password by calling
._generate_otp
and providing the email address.
This function returns a 2-tuple:
- The latest record associated with the email address
- The one time password in plaintext
If the record is None, then the email address was invalid, or some other problem occured (ensure database migration has been applied).
If the record is returned, but the OTP is None, then the user has exceeded the configured rate limit and cannot receive a new token for a while.
4. Send the Magic Link
Either on page on_load
or some component on_mount
should trigger
reflex_magic_link_auth.MagicLinkAuthState.get_base_url
to ensure the state
knows the correct frontend URL when formatting the magic links.
Pass the record
and otp
to
reflex_magic_link_auth.MagicLinkAuthState._get_magic_link
to get a URL that,
when accessed will log the user in to the app.
While this component contains an example mailgun provider, generally it is up to you to actually email the link to the user.
5. User Accesses the Magic Link
The user clicks the link in their email, and the page mounted at
reflex_magic_link_auth.constants.AUTH_ROUTE
will validate the token and
redirect to the URL specified in the query param redir
.
6. Verifying Access
Any event handlers which depend on user session validity should check the computed var
reflex_magic_link_auth.MagicLinkAuthState.session_is_valid
to determine if the user is
logged in and the session has not expired.
A persistent external identifier hashed over the email address is provided at
reflex_magic_link_auth.MagicLinkAuthState.auth_session.persistent_id
. When interoperating
with other user information systems, this ID can be used to uniquely identifer a user
originating from reflex-magic-link-auth.
7. Logout
To log the user out, trigger the event handler
reflex_magic_link_auth.MagicLinkAuthState.logout
.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for reflex-magic-link-auth-0.0.3.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 7d4a5f029174198b2b00d983a2defddde84b9f98dab228f334847697420560c4 |
|
MD5 | f5cac1e189b7d5f474bb9ffd0279a56b |
|
BLAKE2b-256 | a86a86ef5b8609c1527b851a5180c2b418b8a79a9052d5d7b10b7cb9273e0913 |
Hashes for reflex_magic_link_auth-0.0.3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | f7dbea61333d15a832382abb0ee168adac998908c0cccea5d1d93753de6effac |
|
MD5 | 7803861ac662e3b653d5e38daf3358cd |
|
BLAKE2b-256 | 59caf1b36cfc896a626429a514323885910bf7f7add1f550f954fe0d7eee5d01 |