Some mobile apps, notably Slack, are using magic urls for authentication. I'm having some trouble finding resources on implementation, and most importantly, whether android has a similar method for this.
My understanding is that the server would issue an e-mail with this magic link (something along the lines of app://gf234h23f4j234342342
), the link will then be passed on to a registered app
, which could then use this information to contact the server to get information on the user. Is this correct? If so, gmail seems to have issues recognizing this as a url, how is this resolved?
Magic links are designed to make the login process easier and more secure. However, each of the reasons why magic links are attractive for passwordless authentication comes with significant security risks. The magic link email might be intercepted by an attacker if the user's email service is compromised.
As a passwordless authentication method used for security, the Magic Link token sent to a user's email address should only allow access for a short time period, usually an hour. Organizations set the time period. Similar to a one-time-password, the Magic Link's access should be deactivated when the period expires.
Affiliate Linking Best Practices Enter affiliate linking – AKA, MagicLinks. Every time one of your fans clicks your MagicLink and makes a purchase, you get a commission based on the final value of the entire purchase. In the long run, this can yield a steady passive income.
One way of approaching this is to encode trusted data as a JSON web token (JWT) that's digitally signed. This is then passed to the server by the application, and the server verifies its authenticity.
As you've mentioned, Gmail and some other software doesn't recognise custom URL schemes like app://
. To work around this, provide an HTTPS link to your server of a similar form (e.g. https://example.com/redirect/gf234h23f4j234342342
), which then performs an HTTP redirect to the custom URL scheme using the information provided in the HTTPS URL. As an optimisation, you can also set up a universal URL on iOS 9+ in order to direct the HTTPS URL directly to your application without having to bounce through Safari.
This answer describes the Android approach in details.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With