Hi,
I’d like to understand if my company’s current implementation of OTP authentication is ok and not poor practice. Current we have OTP set up to send a code via email. We have updated out email template to include a link to our app with the OTP in the query params. We then take that OTP from the query params and validate it using our API. We are essentially hacking our way to a “magic link” without using the magic link feature which is limited to universal login.