Version 0.62.0 of django-allauth has been released, most notably featuring support for logging in using a special code, also known as “Magic Code Login”.
https://allauth.org/news/2024/04/django-allauth-0.62.0-released/
Version 0.62.0 of django-allauth has been released, most notably featuring support for logging in using a special code, also known as “Magic Code Login”.
https://allauth.org/news/2024/04/django-allauth-0.62.0-released/
This is great! Are there any docs for the “magic code login”?
There really is not much to it, it is disabled by default, but you can set:
ACCOUNT_LOGIN_BY_CODE_ENABLED = True
Then, a “Mail me a sign-in code” button should automatically appear.
Thanks - just had a chance to try it out and it’s working well.
Not sure if this is the right place to post this, but have you considered adding functionality so that it logs you in just by clicking the link (as opposed to having to paste in the code)? Or alternatively, better supporting a two-stage username + code-or-password workflow?
Thanks again for all the great work on the library.
Logging in by link comes with additional security caveats. Even Slack which was once using “Magic links” to login abandoned those. Issues:
So logging in by code instead of link is actually more secure.
Hmm, I suppose this makes sense, but also it seems like you could make the link only work for the session that created it. I imagine I could glue something like this together with allauth and javascript if I really wanted, and it sounds like native support in the library isn’t on your radar.
I thought the same but in the end decided that a code is much much better. Why? User behavior.
The user might have their email client on the phone, or they might be using multiple laptops (work, home…), where they need to login to their email every time and it becomes a hassle. If they can receive it on their phone and just write it manually is a plus.
If they are using the same laptop, you can just create a link so the code auto-fills. I.e.: mydomain.com/login?code=abc123
without needing to create a custom magic link