How It Works
Below I've listed the Authentication flows for the user, as well the developer/backend process.
Passcode Flow
-
Enter email and request login code
Your Site -
Receive email with code
Email -
Enter received code
Your Site -
Code is checked by the server
My Backend -
User receives credentials
Your Site
Magic Link Flow
-
Enter email and request magic link
Your Site -
Receive email with magic link
Email -
Click link
Email -
Link is validated by the server
My Backend -
User is redirected to your site with credentials
Your Site
Behind the Scenes
-
Receive request for login code or link
API -
Generate secret code or link
Backend -
Hash secret and save it to the cache
Redis -
Receive request from user with code or link
API -
Validate code or link and generate token
My Backend -
Generate refresh token and save hash to database (if enabled)
Database -
Send credential back to user
API -
Expire secret after it is used or is five minutes old
Redis