Is there a Django equivalent of magic.link? It’s a service that allows for passwordless authentication via email/text. I know there are some opensource library’s but I need a service.
This is late, but I hope this can help people in the future:
Yes, it is possible - Vitor Freitas has a great example on his blog here
An important note - this will not automatically work for outlook/hotmail users without a simple change. Outlook has a security feature where - when the user clicks a link contained in the email - Outlook accesses the link first using a HEAD request, before sending the user’s GET request. This initial HEAD request causes the “account_activation_token.check_token(user, token)” to be run, which in turn expires the token before the user’s GET request accesses it, causing the user to be authenticated, but told the activation link was invalid. My company has Django running behind nginx as a reverse proxy, which recognizes HEAD requests as separate to GET requests. That allowed for a simple solution: at the very top of the view, just add a check “if request.method == ‘HEAD’” - if it is HEAD, redirect to the home page or something. This allows outlook to verify that your site is indeed safe, without expiring the token.