Using magic links for registration

I’m having trouble figuring out if Ash Authentication Phoenix supports registration via magic link by default.

Context

• I’ve setup password authentication, resets and magic links following through Magic Links Quick Start Guide — ash_authentication v3.12.4.
• Sign in page shows magic link option that works (sends email)
• Registration page shows the magic link option but it doesn’t send an email

CleanShot 2024-01-22 at 09.25.24@2x1182×1478 38.7 KB

I’ve setup the default sign_in_routes like this:

sign_in_route(
  register_path: "/register",
  reset_path: "/reset",
  overrides: [KlipitPlatformWeb.AuthOverrides, AshAuthentication.Phoenix.Overrides.Default],
  layout: {KlipitPlatformWeb.Layouts, :public},
  on_mount: [{KlipitPlatformWeb.UserLiveAuth, :public}]
)

Is this by design or am I missing something?

Interesting. I haven’t actually set up the magic link strategy myself, so @jimsynz will probably need to chime in on this front.

I had to go back through the code - it looks like registration isn’t supported by magic link, although I imagine it would be pretty easy to add it. Feel free to open a feature request issue on the repo, or better yet a PR.

I think magic links is a great concept, but will this handle ‘2nd device’ auth?

eg.

1. You click the link on a computer.
2. You open/click the email on your phone.

Now the session will happen on your phone, not on the computer?

Cheers for checking that!

I’ve had a look at the Ash Authentication repo and compared the password strategy with the magic links. I can see how it should work so I might give it a go if I get some time.

I definitely see this as a risk but it could be handled by messaging in the email or on the registration view like “Your magic link will log you in on the device you open it with, don’t share this with anyone”.

I haven’t seen any more sophisticated solutions to this in the wild but I’d be interested if you have