Open Darth-Knoppix opened 5 months ago
I did some thinking about this. The way it currently works is that if you request a magic link it checks that the user exists, and then emails them a link. In order to continue working this way we'd have to change it to an upsert, which means we'd be creating user records for every address ever typed into the form.
I think the better solution is to generate a token without a subject and store the email address in the token resource until the token expires. That way we could upsert the user when the token is validated. This would be a bit of a change to the current behaviour, so I am keen for feedback before I try and dive in.
The suggestion above sounds like the way to go! Do you have a timeline on this one @jimsynz?
I'd love to be able to start using just magic links instead of requiring a password on registration as well 🙏 😅
Context
This originally came from https://elixirforum.com/t/using-magic-links-for-registration/61166. It may also require changes to Ash Authentication Phoenix.
Problem
The magic link strategy doesn't support registration. It can only be used to sign in existing users/resources.
Why?
It's not possible to use the magic link strategy as a primary form of auth, you still need another strategy for registration.
Possible Solution
Look at other strategies for inspiration and add a registration action (and anything needed to support it).