New package – magic autologin links

Include a token in your email or sms links that automatically logs in the user, like:

Josh Owens just commented on your blog post: 
https://my-blog-app.com/post/abc?comment=3?token=A10F51nigkFsShxmvkLnlQ76Kzjh7h9pMuNxpVpO81a

Also, you can put your users in a restricted state using: https://github.com/lorensr/roles-restricted

Let me know if you find this useful, or whether there’s anything in the README that should be clarified, thanks!

6 Likes

This is pretty cool. I likey.

1 Like

Hmm that sounds pretty neat! Sounds a little scary at first but people’s e-mail accounts are generally considered secure by most password reset systems after all.

I’m confused at where to put the “final destination” URL. Do I need to configure my FlowRouter routes to be cognizant of the token at the end of the URL?

If my normal route to get to the “post that Josh Owns commented on” is:

https://myapp.com/anyroute?foo=bar

will FlowRouter act accordingly when somebody clicks on the link in their email that appears as:

https://myapp.com/anyroute?foo=bar&token=8888855555iAmRandoToken88887777

Or am I passing the actual URL around somewhere else and doing a FlowRouter redirect or Flowrouter.Go after they login? The documentation is nice I’m just having some trouble connecting the dots.

EDIT: explained on GitHub… see link in the below post