Feature: Personalise Magic Link Email for Passwordless Authentication for improved trust

Feedback
,
1

Feature: Personalise Magic Link Email for Passwordless Authentication for improved trust that the email is legitimate.

Description:

Users are becoming more aware of phishing attacks and one of the ways to identify a phish is generic emails.

Use-case:
We are building the ability for an user with an Administrator role (roles are not stored in Auth0) to invite another user to our application.

We want to use the passwordless authentication method and send the invited user an email with the magic link, so they can be directed to our application and create an account.

The current email can be customised to look like it comes from our company, but there is no way to personalise it. So we can make the email look how we want to, but we can’t use information my business should about the invitee and the inviter (invitee name, inviter name, inviter, business details etc).

When using passwordless authentication it is highly likely the first time the person is receiving an email from our business, and currently it can only be a generic email. We want to reduce the risk of the email being identified as a phishing attempt instead of a legitimate email by personalising it with information we know about the user and who invited them.

I would like to be able to optionally send additional metadata to the management API that starts a passwordless authentication, so that this data can be used in the email template, so we can personalise the email and increase the trust that the email is legitimate.

e.g

curl -X POST https://<domain>.auth0.com/passwordless/start 
-H "Content-Type: application/json" 
-d '{
"client_id": "<clientId>",
"client_secret": "<clientSecret>",
"connection": "email",
"email": "xxxxxx@xxxx.com",
"send": "link",
"authParams": {
  "scope": "openid profile",
  "redirect_uri": "<redirectUrl>"
},
"metadata": {
  "name": "Joe Blogs",
  "invitedByName": "Anne Green",
  "businessName": "Acme Co",
  "randomData": "xyz"
}
}'

and then use it to render the email via handlebars e.g

<p style="font-size: 1.2em;line-height: 1.3;-webkit-text-size-adjust: 100%;-ms-text-size-adjust: 100%;">Hi {{ metadata.name}}, {{metadata.invitedByName}} has invited you to {{ application.name }}. Click and confirm that you want to sign in to {{ application.name }}. This link will expire in three minutes.</p>