AuthEasy — Show Me the Magic (Links)
With AuthEasy, teams can set up password-less login/sign-up. A magic link sent via email is one way to set up password-less authentication for users. This blog will look at what magic links are and how to use them for your app with AuthEasy.
What are Magic Links?
If an app uses magic links for authentication, the user is asked to enter their email; a link is sent to their email. Upon clicking the link, the user is successfully logged in and redirected to the app — magic! This process eliminates the need for a password.
Magic links make the
- User onboarding process seamless
- Increase user adoption
- Reduce attacks associated with weak/compromised passwords
Magic Links with AuthEasy
Here is a guide to setup Magic links using AuthEasy (Note this guide is developer-friendly, we will do another blog for no-coders):
Step 1: Create a new app on AuthEasy
Step 2: Enable the Email Auth method.
Step 3: Set the redirect URL. This is the URL that the user gets redirected to the app after successful authentication. AuthEasy sends a SessionId in a query parameter when sending the user back to the redirect URL.
Step 4: Set the session expiration time. Magic links expire after the expiration time, and the users will no longer be able to use the link.
Step 5: Enable/Disable IP Address match. When turned on, AuthEasy checks if the auth request origin and auth verification are from the same IP address or not.
Step 6: Choose between building your own login/sign-up page or using AuthEasy’s login/sign-up page. If you use AuthEasy’s login/sign-up pages, customize the theme, logo, and text.
Step 7: Login/Sign Up Pages
a . If you use AuthEasy’s login/sign-up pages, add the login/sign-up links to your website. You can find the links in the recipes tab.
b. If you are building your own login/sign-up pages: create a page with a form collecting the user’s email. Call the APIs illustrated below to send the magic link to the user’s email.
Step 8: The user is redirected back to the app after successfully authenticating to the URL specified Step 3. The session ID is passed as a query parameter (?sessionId=XXXX) to this URL. Use the Session ID, APP Key, APP Secret and make an API call to get more information about the user. Store the Session ID in local storage for future API calls.
That’s it! AuthEasy takes care of the authentication and verification of the user data. Teams can monitor sessions by logging into AuthEasy.
Here is a link to all our API documentation (https://autheasy.readme.io) if you need more information about the APIs. Feel free to reach out to developer@autheasy.app if you have any questions.
Follow us on Twitter @autheasy to receive updates about our product.
