Passwordless authentication via magic link is an interesting alternative to email-password authentication solutions like Devise.
A passwordless authentication flow looks like this:
- Enter your email address
- Receive login link in an email
- Click link = You are logged in!
Iβve implemented passwordless authentication in insta2blog.com, and for now I am super happy with the solution π. Feel free to try it out!
In a way this is a more secure authenication strategy, because there is no compromised password point of failure. It is as secure as your email account.
However to even start using this solution in production, you will need to set up sending emails in production.
It is not hard to create this kind of authentication solution on your own, however I prefer not to reinvent the wheel. Gem passwordless neatly solves the problem.
Episode source code: https://github.com/corsego/97-passwordless-auth/commit/34517fddf74572308780c1593ef23c0c85872301
Text version: https://blog.corsego.com/gem-passwordless-magic-link-auth
0:00 Demo how magic link login works
1:29 install gem Passwordless
7:05 sign in flow, find or create user
9:13 missing host to link to
11:30 click on link to sign in, link to sign in and sign out
13:50 fix Turbo errors
16:11 customize magic link Email
17:11 gem letter_opener to preview emails
18:27 authorization - only logged in users can edit posts
19:47 Summary