Magic link logins are a passwordless authentication method that sends a link to the user's email for authentication. Users no longer have to remember passwords as long as they have access to their email.
The user lands on an authentication screen and inputs their email
The application sends a unique one-time use URL link to the user's email
Once the link is clicked, an access token is sent to the application to authenticate the user.
Want to build it yourself?
Things to keep in mind
Magic Links come with a few edge cases. Here are things that could go wrong.
Auto-consumption from email clients
Email clients may click on the link as part of their anti-malware scanning. This would consume the link and render it invalid for the user.
Magic link emails may land in the user's spam or junk folder, leaving the user frustrated if they can't find the email.
The browser used to request for a magic link maybe different than the one used to consume the link. Attackers can exploit this to gain access to accounts by spamming magic links to unsuspecting users. We ensure that only the user with access to the email account is able to authenticate to your service
SuperTokens is built with all these considerations!
Why use SuperTokens?
We worry about small details
Authentication is all we do. We build magic links URLs based off an identifier which associates the URL with the user's email ID. We ensure that the URL expires within a certain period of time. And we solve all the edge cases with magic links.
Change everything from the content of the email, use your own SMTP server or external service, implement custom email logic, and even how the authentication screens look.
Open Source and self-hosted
Self-hosting with SuperTokens is free. Our core project has over 8,500 stars on Github and we're trusted by startups and large enterprises like Serif Health, Skoot, and Poppy.
Try supertokens to implement passwordless magic links. - we make it easy!