An open source magic link authentication platform. Sign up, log in, password resets, email verification, and more.
Home Page: https://docs.magiclinks.dev
License: Apache License 2.0
Currently, JWTs are only signed with whatever the default key is in the database. Using the default configuration, this is the EdDSA key.
Add an option to all client requests to specify a signing key type for the JWT on a per-request basis. This supports the use case when a client application does not support the default key type.
Some email security products, such as "Safe Links" in Microsoft Defender for Office 365, will scan emails before they get to user inboxes, then follow all links programmatically. This program may or may not execute client side JavaScript or perform other user-like actions to ensure the linked web page meets an unspecified list of requirements. The diversity and evolution of security products makes this a difficult problem for email magic link authentication.
This is an old issue with email magic links. See this relevant issue for more resources:
FusionAuth/fusionauth-issues#629
All current releases of this project are subject to email magic link consumption by security products. The most current release when writing this issue is v0.1.1. As a consequence, users with affected email clients will find their email magic links consumed upon opening the email, resulting in a 404.
After spending some time researching this issue, I'd like to first try out a CAPTCHA implementation. CAPTCHAs can evolve alongside security products and it seems to be the most surefire way to prevent magic links from being consumed. However, I would strongly prefer a backend only solution.
I think Google's reCAPTCHA v3 would be the best candidate for this as it is "invisible", has a generous free tier, has low user friction, and is likely under active development. This choice comes with drawbacks. It will take longer for users to follow magic links, adds complexity, and Google would be processing magic link authentication data. This would also require the reCAPTCHA branding be visible in the user flow, which means in the email template.
If anyone would like to weigh in before the feature is added, please feel free to join the discussion.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
