Thanks for your great library! And sorry if this is a beginners questions and I am missing something...
But I was comparing this solution to Firebase's implementation of "email link authentication". By their documentation they require the frontend to store the entered email in localStorage so they can verify it against the authenticated user token for security purposes. If the user opens the email on another device they force the user to input their original email address. This is "To prevent a sign-in link from being used to sign in as an unintended user or on an unintended device" according to their documentation.
Is this a security concern that should be addressed when using your library (or is it already included perhaps and I'm missing something)?
Hi!
Thanks for your great library! And sorry if this is a beginners questions and I am missing something...
But I was comparing this solution to Firebase's implementation of "email link authentication". By their documentation they require the frontend to store the entered email in localStorage so they can verify it against the authenticated user token for security purposes. If the user opens the email on another device they force the user to input their original email address. This is "To prevent a sign-in link from being used to sign in as an unintended user or on an unintended device" according to their documentation.
Is this a security concern that should be addressed when using your library (or is it already included perhaps and I'm missing something)?
Thanks again for a great passport library 🏆