Ueberauth Passwordless

A Passwordless Strategy for Ueberauth using Magic Links

A full documentation can be found in the Strategy itself.

Installation

1. Add :ueberauth_passwordless to dependencies in mix.exs

   def deps do
    [
      {:ueberauth_passwordless, "~> 0.2"},
    ]
   end

2. Create a Mailer Module, which sends the emails with the magic links:

   defmodule MyApp.MyMailer do
   @behaviour Ueberauth.Strategy.Passwordless.Mailer
   
   def send_email(magic_link, email_address) do
    # Send an Email containing the `magic_link` to the given `email_address`
   end
   end

3. Add Ueberauth Passwordless to your Ueberauth configuration:

   config :ueberauth, Ueberauth,
   providers: [
    passwordless: {Ueberauth.Strategy.Passwordless, []}
   ]

4. Set a token_secret and mailer on your Passwordless configuration:

   config :ueberauth, Ueberauth.Strategy.Passwordless,
   token_secret: System.get_env("PASSWORDLESS_TOKEN_SECRET"),
   mailer: MyApp.MyMailer
   
   (optional) ttl: # Specify in Seconds how long a Magic Link should be valid
   (optional) redirect_url: # Specify a default url or path to which the conn is redirected after the Email is sent

5. If you haven't already, create a Controller that handles the callbacks:

   defmodule MyApp.AuthController do
   use MyApp.Web, :controller
   
   plug Ueberauth
   
   def callback(%{assigns: %{ueberauth_failure: errors}} = conn, _params) do
    # do things with the failure
   end
   
   def callback(%{assigns: %{ueberauth_auth: auth}} = conn, _params) do
    # do things with the auth
   end
   
   end

6. If you haven't already, set up the routes for authentication

   scrope "/auth" do
   pipe_through :browser
   
   get "/:provider", AuthController, :request
   get "/:provider/callback", AuthController, :callback
   end

Calling

Depending on your routes, you can call the passwordless strategy with e.g.:

/auth/passwordless?email=foo@bar.com

Or, from a Phoenix Form:

<%= form_for @conn, Routes.auth_path(@conn, :request, "passwordless"), [method: get], fn f -> %>
  <%= text_input f, :email %>
  <%= submit "Submit" %>
<% end %>

You can optionally pass a redirect_url to which the conn will be redirected after the email was sent:

/auth/passwordless?email=foo@bar.com&redirect_url=/my-redirect-path

Or, from a Phoenix Form:

<%= form_for @conn, Routes.auth_path(@conn, :request, "passwordless"), [method: get], fn f -> %>
  <%= hidden_input f, :redirect_url, value: "/my-redirect-path"%>
  <%= text_input f, :email %>
  <%= submit "Submit" %>
<% end %>

TODOs:

• Ensure that a magic link can only be used once (e.g. using an :ets table)
• Make ttl an option in handle_request! and persist the option for when the magic link is validated