A Passwordless Strategy for Ueberauth using Magic Links
A full documentation can be found in the Strategy itself.
- Add
:ueberauth_passwordless
to dependencies inmix.exs
def deps do
[
{:ueberauth_passwordless, "~> 0.2"},
]
end
- Create a Mailer Module, which sends the emails with the magic links:
defmodule MyApp.MyMailer do
@behaviour Ueberauth.Strategy.Passwordless.Mailer
def send_email(magic_link, email_address) do
# Send an Email containing the `magic_link` to the given `email_address`
end
end
- Add Ueberauth Passwordless to your Ueberauth configuration:
config :ueberauth, Ueberauth,
providers: [
passwordless: {Ueberauth.Strategy.Passwordless, []}
]
- Set a
token_secret
andmailer
on your Passwordless configuration:
config :ueberauth, Ueberauth.Strategy.Passwordless,
token_secret: System.get_env("PASSWORDLESS_TOKEN_SECRET"),
mailer: MyApp.MyMailer
(optional) ttl: # Specify in Seconds how long a Magic Link should be valid
(optional) redirect_url: # Specify a default url or path to which the conn is redirected after the Email is sent
- If you haven't already, create a Controller that handles the callbacks:
defmodule MyApp.AuthController do
use MyApp.Web, :controller
plug Ueberauth
def callback(%{assigns: %{ueberauth_failure: errors}} = conn, _params) do
# do things with the failure
end
def callback(%{assigns: %{ueberauth_auth: auth}} = conn, _params) do
# do things with the auth
end
end
- If you haven't already, set up the routes for authentication
scrope "/auth" do
pipe_through :browser
get "/:provider", AuthController, :request
get "/:provider/callback", AuthController, :callback
end
Depending on your routes, you can call the passwordless strategy with e.g.:
/auth/[email protected]
Or, from a Phoenix Form:
<%= form_for @conn, Routes.auth_path(@conn, :request, "passwordless"), [method: get], fn f -> %>
<%= text_input f, :email %>
<%= submit "Submit" %>
<% end %>
You can optionally pass a redirect_url
to which the conn will be redirected after the email was sent:
/auth/[email protected]&redirect_url=/my-redirect-path
Or, from a Phoenix Form:
<%= form_for @conn, Routes.auth_path(@conn, :request, "passwordless"), [method: get], fn f -> %>
<%= hidden_input f, :redirect_url, value: "/my-redirect-path"%>
<%= text_input f, :email %>
<%= submit "Submit" %>
<% end %>
- Ensure that a magic link can only be used once (e.g. using an
:ets
table) - Make
ttl
an option inhandle_request!
and persist the option for when the magic link is validated