Version 0.62.0 of django-allauth has been released, most notably featuring support for logging in using a special code, also known as “Magic Code Login”.
https://allauth.org/news/2024/04/django-allauth-0.62.0-released/
Version 0.62.0 of django-allauth has been released, most notably featuring support for logging in using a special code, also known as “Magic Code Login”.
https://allauth.org/news/2024/04/django-allauth-0.62.0-released/
This is great! Are there any docs for the “magic code login”?
There really is not much to it, it is disabled by default, but you can set:
ACCOUNT_LOGIN_BY_CODE_ENABLED = True
Then, a “Mail me a sign-in code” button should automatically appear.
Thanks - just had a chance to try it out and it’s working well.
Not sure if this is the right place to post this, but have you considered adding functionality so that it logs you in just by clicking the link (as opposed to having to paste in the code)? Or alternatively, better supporting a two-stage username + code-or-password workflow?
Thanks again for all the great work on the library.
Logging in by link comes with additional security caveats. Even Slack which was once using “Magic links” to login abandoned those. Issues:
So logging in by code instead of link is actually more secure.
Hmm, I suppose this makes sense, but also it seems like you could make the link only work for the session that created it. I imagine I could glue something like this together with allauth and javascript if I really wanted, and it sounds like native support in the library isn’t on your radar.