LoginLink functionality

[dereuromark]

See https://symfony.com/doc/current/security/login_link.html

probably similar to the Token authenticate, but more stateful, and probably with a similar hashing algo. The database approach would be something that could be custom user land plugin.

[markstory]

It looks like there are few components to a login flow like this:

• A way for a user to request a new link. We can't easily provide the controller logic but we could provide interfaces/methods for generating signed tokens.
• A way to deliver tokens to users. I think this would need to be an application concern.
• Views for requesting links. I don't think we can provide this either.
• An Authenticator that fetches tokens out of the request and can login the user.

Do we need storage for tokens? It seems like a signed token could contain the identifier, expiration time. If we wanted to support a limited number of token uses, we could store that data in a cache backend instead of requiring formal schema.

[dereuromark]

For the old auth component I built a token based system, that stores the token in DB It has the advantage of invalidation control - and shorter URLs :)

But for this kind of plugin here it seems the Symfony style with a hash and all params contained seems sufficient. This way no storage is needed, they are basically just valid then until expiration.

[markstory]

I'm biased to stateless tokens as they are simpler to get going and can offer the same level of security as stateful ones can (with some caching).

[github-actions[bot]]

This issue is stale because it has been open for 120 days with no activity. Remove the stale label or comment or this will be closed in 15 days