Hi,
As passwords become more and more redundant, the industry is moving to find alternatives. Such alternative exists today in Auth0 but it is very limited and not in line with other solutions out there (e.g. https://swoopnow.com)
As my business relies on passwordless as its main authentication method, I would like to be able to get a magic link so I can use it when communicating with my customers. Thus, allowing for a more modern login approach
Alternatively, you can also expand the current implementation so we can send magic link also in SMS and whatsapp/telegram/otherIM as this can help move you from the Gartner challengers into the Leaders quadrant IMO
We absolutely need this for our magic link use case. We are a document platform and want to share “magic links” to a given document (e.g., using the redirect_uri of the magic link to redirect to a given document). It just seems like a no brainer to let devs request a magic link server side and then do what they want with the link, in our case email it ourselves to the recipient using a custom email with appropriate branding vs. Auth0 sending out a canned email).
We’ve been using email magic links for our registration process, and recently started looking into sending them via text message.
The workflow of texting someone a one-time-use code that they can paste into a login page works okay.
But what we’d really want to have is a way to text someone a magic link that logs them in without any other steps.
Seems like if there was a way for our software to get the generated link (instead of it automatically getting emailed out) then this process would be a lot easier.
Adding onto this. We are using magic links to support an account linking flow while utilizing authentication parameters from within auth0 actions.
We would like control over what our account linking email looks like including branding images and the connection they are linking with. The current email template for passwordless email does not support the granularity that we would be able to achieve with our own backend or include access to the auth parameters without parsing the url.
This feature would give us much more control in personalizing our passwordless emails based on authentication parameters for any additional flows we would like to support. i.e. Account Linking vs Normal Passwordless Flow
Is there any reply on this? Is it at all possible to customize the email sent out with the magic link, or fetch the magic link itself and use our own email provider to send out the link? Thanks @konrad.delorentz.
Adding to this as well. We need to send different emails for users to take different actions in our platform.
We would like to get a magic link for a user on the back-end with a custom redirect_uri and inject it into a custom call-to-action button in various types of emails. Then the user could click a call-to-action in the email and be directly logged in and redirected to the applicable action page.
Similar concept to how it works now, we just want to have control over the actual email sending process.
Thanks Dan, but the email customization is very limited. For instance, there’s no way for us to pass custom properties that are retrievable in the email, correct? I think the answer is yes, in which case the email has no way of knowing “this link is for sharing document 1234” vs. “here is a general link to sign in”.
There isn’t that much security going on for the links (as far as I can tell Auth0 is relying on email authentication as the single factor). In my view, Auth0 should trust the developers with the link and let them email the link themselves to the correct email vs. trying to control that process too much. It would give more flexibility, not sacrifice any security, and enable use cases like many users need here.
Assuming that won’t be done anytime soon, is there any way for us to implement our own “magic link”? We would gladly store short-lived codes in our DB, validate the code, fetch an access_token for a user, and authenticate them if that’s possible.
@dan.woda any suggestions here on how to sufficiently customize the email (e.g., it’d be great to just provide some text as the body of the message)? Or is there any way for us to do own own magic link but still use Auth0 as the backbone?
As you’ve stated, the platform lacks this functionality right now. I don’t have any strategies to share on that front and will update this thread as I know more.
We regularly sent customer notifications, emails, sms, at present we have to have them hit a page wait for another email/sms which we can’t customise to the speicifc scenario.
The current customisation tools are lacking for an enterprise product. No ability to handle different contexts in which login is being requested, the email templates themselves have no version control.
Being able to generate a time-limited, single use token that can be used to authenticate someone, similar to how an updated access token is obtained via a refresh token would be a massive improvement to the UX of our product. We could do away with the limited built in auth0 approach and provide a seemless experience for our customers.