How to create a passwordless magic link in advance? (Auth by link)

Hey all!

So I’ve been wondering how and if I could implement a particular authentication flow with auth0.

Let’s say we have a system where the only way to really authenticate and match a user to our database is when we send a (physical, paper) invoice.
Would it be possible to generate a link/QR code that can be used to log in a user?

With passwordless the user gets a mail/sms with an OTP. But in this case it’s like the OTP already has been pregenerated.

Or would it be wiser to generate a special registration URL which then starts a passwordless flow in which the identity is already confirmed somehow?

I couldn’t really find a way for something like this in the docs so if anybody has an idea I’d be happy to hear it!

1 Like

So I’ve come up with a somewhat(?) viable solution.

What do you think, could that work?

  • Generate a password reset link via the management API
  • Encode that in a QR code
  • User scans code, sets password
  • return URL includes auth0 user ID → user may update auth0 account with e-Mail
  • log in user

Would all be easier if we had emails for those users but we don’t always.