Magic Link Confusion - Disable Signups?

Hi. Relatively simple request. I want to enable Magic Link for Universal Login.

The documentation here is clear:

Users are created using the Management API.

However, the expectation here is that only users that have been created are able to request magic link. I assumed that meant I ensure that ‘Disable Signups’ is enabled in the Magic Link configuration.

However, when I then select to Try in the magic link configuration with existing users I get no magic link delivered. Logs show that it failed with:
"description": "Public signup is disabled"

These are existing users.

If I then disable that function, to allow public signups ( something I do not want ) it appears to trigger a registration ( post registration Action fires that I have in place ) for a user that already exists. Because there’s no logging allowed from that Action as it’s async I have no context for why it was being fired.

I’m going to go ahead and skip past the Try option to deploy Magic Link and test it out in the tenant to see if I can work this out.

If anyone has any insight on the expected workings of that Disable Signups I’d appreciate it. It seems clear enough, but it’s not behaving as I’d expect.

1 Like

Implemented now. I don’t understand what this is doing.

Had to drop out of New Universal Login as the instructions say you have to customize the login page to support.

Request Login. Presented with default Auth0 login page. Enter email of existing user and It triggers a registration event ( as I have an Action in there which is handling the user registration )

But the email I’m sent doesn’t contain a Magic Link at all. It contains a OTP. If I enter that it authenticates fine.

The documentation is clear.

How it works

When a user opens a Magic Link, Auth0 logs them in directly. It is similar in function to them receiving an email with a one-time password (OTP), returning to your application, and entering the OTP, but without having to actually perform those steps.

The documentation for Magic Link states you cannot use New Universal Login but I’ve just found this document which states that you can.

I see why I have the registration flow triggered now. I have a new account created under an email connector because they used the OTP to login. What do I do with that new account ? Do I have to manually merge that ?

Magic Link also doesn’t appear to be optional. If it’s enabled it applies to everyone.

OK. Some conclusions here. Passwordless via SMS or Email is achievable with New Universal Login. That is not Magic Link. It’s OTP via those channels.

Magic Link is not compatible with new universal login.

Passwordless with New Universal Login requires the settinng of an Authentication Profile set to Identifier First, which is unavailable to me because of modified Password Reset page to implement the customer new user invitation/set password on first login.

Even with classic universal login, I only recieve an OTP not a Magic Link.

Passwordless does introduce a new Passwordless Connection, so an existing username/pwd DB user would see a new account created under the new connnection as seen above. These accounts would need merged.

Passwordless is then mandatory for all users if enabled.

1 Like

I still don’t have an answer to the Disable Signup question. It appears to perform the opposite of what I would expect. An existing user is blocked from passwordless unless Disable Signup is disabled.

That would also block the usage of passwordless.

2 Likes

I agree the docs are hell and counter intuitive for this.

When disabling sign ups, I discovered you’ll need to create the user manually first in the “email” connection:

    await managementClient.createUser({
        email,
        connection: 'email',
    });

Hope that helps.