weljoda
Guidance on extending Magic Link registration with GDPR consent and marketing opt-in
Hi,
I am currently working on customizing the user registration workflow when using the Magic Link strategy in Ash Authentication. Specifically, I need to:
- Inform users about GDPR regulations.
- Add a checkbox for opting in to receive marketing emails.
I’ve already gone through this blog post and several forum discussions. I understand how this works with password-based registration, but the Magic Link flow makes it trickier because:
-
The user record is only created after the link has been clicked and the “Sign in” button is pressed (which I actually like as a flow).
-
As far as I can tell, the email address is not stored in the token resource, but rather inside the JWT token that gets sent in the email.
-
I also noticed that there is an
extra_dataattribute, so I’m considering two possible approaches:- Storing the registration page data in the JWT itself.
- Storing it in the
extra_dataattribute.
In the blog example, password registration uses:
Ash.Changeset.for_create(:register_with_password, %{email: "abc@gmail.com", password: "password", username: "username123"})
But for Magic Link registration there seems to be nothing similar on the token resource. Instead, the sign_in_with_magic_link create action on the user uses the JWT to determine the email address.
I also reviewed the implementation here in the source code. The token is created with Jwt.token_for_user and includes only the identity_field (email in this case):
%{
"act" => strategy.sign_in_action_name,
"identity" => Map.get(user, strategy.identity_field)
}
This seems to leave no obvious way of adding additional values.
My question: Is there any recommended approach for passing additional information (e.g. GDPR consent, marketing opt-in) through the Magic Link registration flow?
Thanks a lot for your guidance!
First Post!
zachdaniel
I believe as of the branch on main, the source_context is passed into the sender via opts. So on requesting a magic link you can set information like that on the url itself, and then I believe you can add arguments to the sign_in_with_magic_link action that match the names of the other query parameters. then you can update attributes on the created user that way.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance









