Hi,
I am currently working on customizing the user registration workflow when using the Magic Link strategy in Ash Authentication. Specifically, I need to:
- Inform users about GDPR regulations.
- Add a checkbox for opting in to receive marketing emails.
I’ve already gone through this blog post and several forum discussions. I understand how this works with password-based registration, but the Magic Link flow makes it trickier because:
-
The user record is only created after the link has been clicked and the “Sign in” button is pressed (which I actually like as a flow).
-
As far as I can tell, the email address is not stored in the token resource, but rather inside the JWT token that gets sent in the email.
-
I also noticed that there is an
extra_dataattribute, so I’m considering two possible approaches:- Storing the registration page data in the JWT itself.
- Storing it in the
extra_dataattribute.
In the blog example, password registration uses:
Ash.Changeset.for_create(:register_with_password, %{email: "abc@gmail.com", password: "password", username: "username123"})
But for Magic Link registration there seems to be nothing similar on the token resource. Instead, the sign_in_with_magic_link create action on the user uses the JWT to determine the email address.
I also reviewed the implementation here in the source code. The token is created with Jwt.token_for_user and includes only the identity_field (email in this case):
%{
"act" => strategy.sign_in_action_name,
"identity" => Map.get(user, strategy.identity_field)
}
This seems to leave no obvious way of adding additional values.
My question: Is there any recommended approach for passing additional information (e.g. GDPR consent, marketing opt-in) through the Magic Link registration flow?
Thanks a lot for your guidance!
