This is a contributors guide and NOT a user guide. Please visit these docs if you are using or evaluating SuperTokens.
This is just a proposal so far, it hasn't been accepted and needs further discussion.
Using magic links in OAuth2 has some problems with our current pwless implementation:
- Opening the link on a separate device will not log the original tab in, stopping the user from logging in.
- Opening the link in a new tab will cause the original tab to display a screen telling the user to close it and the new tab redirects the user back to the client.
- Provide better support by modifying the pwless recipe
- Document the issues and provide better support in future iterations
- Disable using passwordless in OAuth2
Chosen option: Document the issues and provide better support in future iterations
- No need to modify other recipes for now - we want to provide OAuth2 support ASAP
- We want to provide proper support for this in the future
- The user can still choose to disable this for themselves (i.e.: not use this recipe)