You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Allow devs to trigger the verification (that is currently available at /api/auth/callback/email?email=xxx&token=yyy ) from a function in their own API route/server action without needing to directly hit the callback API
This would allow devs to use their own UI to handle token verification (e.g. allowing users to manually input tokens aka Magic Code/OTP rather than Magic Links) in the same way the signIn function allows devs to programmatically trigger the sign in process
Non-Goals
It's not trying to change the verification process (e.g. token/link generation), just the way the final verification step is called
Background
I'm trying to implement a Magic Passcode system (as described in #709 and in Ramiel's blog) and I have the whole flow working from email sign in, to custom generateVerificationToken , to custom email template to display the token (rather than a magic link), and redirect from my Sign In page to a Verify Token page to enter the new token.
But now I have an issue with the user actually entering the token via a form. The only way I can do it is by taking the form inputs (email & token) and redirecting the user to the callback page. But that's terrible UX - if they type the token in wrong, they don't get a chance to retype it, they just get redirected to a full screen error page.
If I could trigger the token verification in the same way I can trigger Sign In, then I could intercept errors and give the user a chance to re-enter the token. Because the verification token is only valid for a very short time frame (e.g. 10min), there is little risk in allowing the user to attempt it multiple times (and I'll probably apply rate-limiting to prevent further abuse)
Proposal
This could either be done by exporting the logic from line 200 in the core/routes/callback.ts file as a (server) function e.g. verifyToken("email", { email, token }) or the current signIn function could be extended with e.g. signIn("verifyEmail", { email, token })
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Goals
/api/auth/callback/email?email=xxx&token=yyy) from a function in their own API route/server action without needing to directly hit the callback APIsignInfunction allows devs to programmatically trigger the sign in processNon-Goals
Background
I'm trying to implement a Magic Passcode system (as described in #709 and in Ramiel's blog) and I have the whole flow working from email sign in, to custom
generateVerificationToken, to custom email template to display the token (rather than a magic link), and redirect from my Sign In page to a Verify Token page to enter the new token.But now I have an issue with the user actually entering the token via a form. The only way I can do it is by taking the form inputs (email & token) and redirecting the user to the callback page. But that's terrible UX - if they type the token in wrong, they don't get a chance to retype it, they just get redirected to a full screen error page.
If I could trigger the token verification in the same way I can trigger Sign In, then I could intercept errors and give the user a chance to re-enter the token. Because the verification token is only valid for a very short time frame (e.g. 10min), there is little risk in allowing the user to attempt it multiple times (and I'll probably apply rate-limiting to prevent further abuse)
Proposal
This could either be done by exporting the logic from line 200 in the
core/routes/callback.tsfile as a (server) function e.g.verifyToken("email", { email, token })or the currentsignInfunction could be extended with e.g.signIn("verifyEmail", { email, token })Beta Was this translation helpful? Give feedback.
All reactions