Magic Link
This is a technical introduction on how you can implement the Magic Link by simply following the below steps.
Magic Link is an authentication method, where an email link is sent to the user and after clicking the link, the application which has triggered the authentication is immediately logging in the user.
Step 1: In your application, you need to allow email authentication. To do this, you can change your existing application, navigate to Authentication > Add Email as Authentication Method
Step 2: Before initiating the Magic Link, you will perform an Authorization (Authz) call and use the requestId in the upcoming calls. The first call will be to get the configured verification methods for a user. Link to API. You can also visualize this, for example by showing the different icons that are possible to use for authentication:
This API requires you to provide the user identifier and the requestId
curl --location '{{base_url}}/verification-srv/public/graph/user/setup' \
--header 'content-type: application/json' \
--data-raw '{
"request_id": "{{requestId}}",
"identifier": "{{identifier}}"
}'
It returns a
medium_idwhich is required as input for the Step 3
Step 3: When the user selects Email or SMS, you need to initiate the Authentication using Code as paramete: Link to API
curl --location '{{base_url}}/verification-srv/authentication/email/initiation' \
--header 'content-type: application/json' \
--data-raw '{
"usage_type": "PASSWORDLESS_AUTHENTICATION",
"request_id": "df08cabb-4b8c-4181-9f6f-f6948802ebf7",
"medium_id": "ca46cs99-2fc1-4aaa-9e35-e097c3c2ceff",
"processingType": "LINK",
"email": "[email protected]"
}'
It returns a
status_idwhich is required as input for the Step 4. Furthermore, the template VERIFY_USER for LINK is used and might be required to create it usingverify_linkas input variable.
Step 4: Using the status_id, you can now start polling. As long as the user has not clicked the link, the body returned will be unverified. As soon as the user has authenticated you will receive a data.status:AUTHENTICATED to continue with Step 5. Link to API
curl --location '{{base_url}}/verification-srv/verificationstatus/{status_id}' \
--header 'content-type: application/json'
This response will contain, as long as it is not verified:"data.status": "INITIATED"
It returns a
data.status=AUTHENTICATED. The input is required from Step 3 providing thestatus_idandsubto continue the login process.
Step 5: Continue the login process by performing the login call. This API will redirect when the authentication is successful to your provided redirect_uri including a code or an access_token depending on the OAuth2 Flow used. Link to API
curl --location '{base_url}/login-srv/verification/login' \
--header 'content-type: application/x-www-form-urlencoded' \
--data-urlencode 'requestId=7266cfb3-3972-4a4d-9c70-a57f38f9d8c9' \
--data-urlencode 'verificationType=email' \
--data-urlencode 'sub=7323e891-6991-46e7-ba7e-14c8e89eaeb8' \
--data-urlencode 'status_id=22c7659e-ce8b-4f4d-9b74-934ada366f0f' \
--data-urlencode 'rememberMe=true'
Overview of the APIs Used
| API | Description | Link |
|---|---|---|
| Get the configured authentication methods | Displays the configured authentication methods on the user login page, e.g., after configuring a pattern; The user gets the pattern mfa on the login page. | Link to API |
| Initiate the authentication | This API is used to initiate the configured authentications, e.g., when a user clicks on the touch id authentication, it initiates the touch id authentication. | Link to API |
| Check Authentication Status | This API is used to verify the authentication status | Link to API |
| Continue Login After Passwordless Authentication | After successfully authenticating, you can proceed with the login process | Link to API |
Need Support?
Please contact us directly on our support page.