Configurable endpoint for the magic link ?

[niladam]

I think it would be great to have the means to change the way the links work. I.E: Having a link under a random (obviously user configurable) location and things like that would strengthen the plugin's security.

[aaemnnosttv]

Interesting idea. The endpoint is already random from the time the first magic link is created.

You can also change the endpoint to a new, random one by running

wp login invalidate

It sounds like perhaps you are referring to a unique endpoint for each magic login link though?

[niladam]

I was referring that instead of http://www.example.com/6c7de716/382c80-ce6a4188-e9c88e8855 (which is made up of SITE_URL/random/random/) we could have SITE_URL/variable-that-i-can-change/random/ :)

[aaemnnosttv]

Would variable-that-i-can-change be for all magic links or something you want to be able to set on a per-link basis?

[tzkmx]

I think something like the env var passed before running the command, as you commented on #9 would be most useful.

For example, in order to further secure the login, the webserver administrator could configure the prefixed URLs to require specific user agent strings, or a valid SSL client certificate, or restrict to office hours (or out of them).

This way, in order to avoid having to quote with backticks the login links as commented in #1, the webserver would not pass the request to WP if it doesn't appear to be comming from a real user, and instead is coming from the app trying to preload the link.