Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

magic links, how do they work

Tags:

Some mobile apps, notably Slack, are using magic urls for authentication. I'm having some trouble finding resources on implementation, and most importantly, whether android has a similar method for this.

My understanding is that the server would issue an e-mail with this magic link (something along the lines of app://gf234h23f4j234342342), the link will then be passed on to a registered app, which could then use this information to contact the server to get information on the user. Is this correct? If so, gmail seems to have issues recognizing this as a url, how is this resolved?

like image 368
Cenoc Avatar asked Jul 11 '16 21:07

Cenoc

People also ask

Are Magic Links better than passwords?

Magic links are designed to make the login process easier and more secure. However, each of the reasons why magic links are attractive for passwordless authentication comes with significant security risks. The magic link email might be intercepted by an attacker if the user's email service is compromised.

How long should Magic Links last?

As a passwordless authentication method used for security, the Magic Link token sent to a user's email address should only allow access for a short time period, usually an hour. Organizations set the time period. Similar to a one-time-password, the Magic Link's access should be deactivated when the period expires.

How do MagicLinks make money?

Affiliate Linking Best Practices Enter affiliate linking – AKA, MagicLinks. Every time one of your fans clicks your MagicLink and makes a purchase, you get a commission based on the final value of the entire purchase. In the long run, this can yield a steady passive income.

1 Answers

One way of approaching this is to encode trusted data as a JSON web token (JWT) that's digitally signed. This is then passed to the server by the application, and the server verifies its authenticity.

As you've mentioned, Gmail and some other software doesn't recognise custom URL schemes like app://. To work around this, provide an HTTPS link to your server of a similar form (e.g. https://example.com/redirect/gf234h23f4j234342342), which then performs an HTTP redirect to the custom URL scheme using the information provided in the HTTPS URL. As an optimisation, you can also set up a universal URL on iOS 9+ in order to direct the HTTPS URL directly to your application without having to bounce through Safari.

This answer describes the Android approach in details.

like image 189
Jim Avatar answered Sep 28 '22 03:09

Jim
Sign in to Comment

Related questions

How to create an API endpoint without a model in Loopback?
Why is non-linear real arithmetic decidable while non-linear integer arithmetic is not?
ZingChart single series bar chart group labels
React-Native: How to scale font size to support many different resolutions and screens in both Android and iOS?
passing string data from Android MainActivity to PCL TabbedPage xamarin.form
How to create an executable C file for Windows
Robolectric app testing with Firebase
GGplot custom scale transformation with custom ticks
invalid 'this' to a Java object in Nativescript Plugin
Can an IPython/Jupyter notebook cell be imported as if it were a module?
Perl XS: Memory management
How to map a JSON dictionary in ObjectMapper?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!