Magic Link Flow Questions

[shiftlabs1]

@lakhansamani ,I am trying to make sense of the magic link flow. When a user clicks on the link in their email , what happens next ? what authorizer function do we call on our application to verify the incoming link ? Does it have a token attached? are we supposed to call verifyEmail and pass a token parameters from the URl like we do in the SIgn up Flow ? There is no where in the documentation (or any of the youtube videos) explaining this bit

[lakhansamani]

@shiftlabs1 when magic link login flow is used. An email is shoot to user with following link

https://YOUR_AUTHORIZER_INSTANCE_URL/verify_email?token=verification_token&redirect_uri=REDIRECT_URI

You can set the redirect URL by either passing it to the magic_link login param or by setting the APP_URL param. If none of the above is present, it will redirect to authorizer universal login page (/app route of authorizer).

[shiftlabs1]

thanks @lakhansamani . None of this in the docs .Would need adding .

[lakhansamani]

True, I will add it soon 👍

[shiftlabs1]

@lakhansamani I am back at this . The redirect URl i get only has querystring parameter "roles" and nothing more. How do i get the user's auth data as expected to redirect them as logged in users

[shiftlabs1]

I got this for e.g

 https://autherizer.app/verify_email?token=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiIzYWMzYjhiYy0wOTdkLTRhODctOGRhYi0xYzg2NzE2MGI3MDAiLCJleHAiOjE3MDE4NjYwNjQsImlhdCI6MTcwMTg2NDI2NCwiaXNzIjoiaHR0cHM6Ly9hdXRob3JpemVyLXByb2R1Y3Rpb24tZjUwYS51cC5yYWlsd2F5LmFwcCIsIm5vbmNlIjoiK0xkZXZjWkZxUld1QzBHQ0kzRFk3c1pId3pnTWRkc2VTTDhCRTB3ZDNyYVhqZkJRIiwicmVkaXJlY3RfdXJpIjoiaHR0cDovL2xvY2FsaG9zdDozMDAwL2F1dGgvbWFnaWMtbGluay8_cm9sZXM9dXNlcixlbXBsb3llZSxlbXBsb3llci1hZG1pbixlbXBsb3llci11c2VyXHUwMDI2c3RhdGU9Iiwic3ViIjoiam9zaHVhQHN0b2t2ZXN0LmNvbSIsInRva2VuX3R5cGUiOiJtYWdpY19saW5rX2xvZ2luIn0.t9hMxKMYSwk-d4lhTcBZEXFkpg4XyJaY_WPD9XSXkWPBgZiTrhc-8HrdVw1CgRYFjS8HaXlnNdau4McJus9jtNNWzxeO_B9h3MWcybEVAqN3pKP5aopkJowLpsMoa0tfEFCY2wATXyh6P4JtNfizFhYxdxLdFbVqEdWMDPcMDPrdb6PAB7hMK5bM_-YM4EpQLlbJOps2DOAxUjiLidFfSi0VAAufVUjl1_YKlR-D1-WDeGasY6P2oDIz-hATolXXqVKfi3QF1ofWDIhLYHicz2AZcUVs4r2h5glxeIb-HIBXMHM5Ju2SwDCz-C2adLVGhUG3rWLELWkgLEG22faAnA&redirect_uri=http://localhost:3000/auth/magic-link/?roles=user,employee,employer-admin,employer-user&state=

[shiftlabs1]

Looking at the code

// GetEmailVerificationURL to get url for invite email verification
func GetEmailVerificationURL(token, hostname, redirectURI string) string {
    return hostname + "/verify_email?token=" + token + "&redirect_uri=" + redirectURI
}

redirect Url should also get the token passed as query string to enable a call to getprofile (i am assuming the token is access token) for e.g to pull the current user's credential and also mark them as logged in

[shiftlabs1]

@lakhansamani please take a look at this and let me know how to proceed.

[lakhansamani]

@shiftlabs1 I am quite not getting the flow here,

Can you write down the flow once and reproducible steps

Thanks

[shiftlabs1]

The current flow is

1. user inputs email
2. The method await authClient.magicLinkLogin({ email: formData.email, redirect_uri: MAGIC_LINK_CALLBACK_URL }) gets called
3. User receives email with login link
4. User clicks the link which routes to the autorizer backend for verification
5. user is redirected via redirect URL to the calling application
6. Redirect URL does not contain any infomation of the validated User (only Roles) .
7. No way to tell which user is validated to log in

Ideal should be from 4 above

5. User is redirected via the redirect URL to the calling application with the id and access tokens appended to the query string
6. Using the ID token , calling application can call authClient.GetProfile() to get the logged in User's detail and routes them to the app

right now the redirectUrl being behind an auth wall just send the user back to the login screen .

[shiftlabs1]

@lakhansamani , I should be able to do this from the redirect URL

[lakhansamani]

Thank you for sharing the reproducible steps, I will look into this