Behind The Sence of Magic Link Signup & Login
Magic links are a great way to create a smooth login experience for your users. Here’s everything you need to know to get started.
Introduction
Hi folks! Have you ever wondered why websites like Medium.com & Notion ask only for email for login & signup? If you entered your email you will get one verification email then once you verified. You will be logged into the website directly.
Today, in this article we will explore what is happening behind the scenes during this process. This is one type of authentication mechanism known as Magic Link.
Magic Link?
Magic links are a type of password-less login that allows users to log into an account by clicking a link that’s emailed to them, rather than typing in their username and password.
Definition of a Magic Link:
A Magic Link is a single-use URL that authenticates a user when clicked.
I hope now you have an idea about the magic link. Before getting into the detail. we need to know about the term sessions & cookies.
What are cookies and sessions?
The session is a temporary storage at the web server. For each user, there is a unique session on the server. During the request processing of a particular user, the user's session is accessible. Session data is stored on the server side.
A cookie is a small piece of data from a website that is stored on a visitor’s browser to help the website track the visitor’s activity on the website.
Misconsumption of Session
Sessions and cookies are sometimes conflated, creating confusion. While they are closely related, they are not the same thing.
We all know that HTTP is a stateless protocol. When a user requests some URL, the web server serves the requested page and closes the connection. Then how does the session hold the data or information between the requests?
The very first time the website loads in your browser it starts one session. which will set one cookie which is known as Session Cookie.As a subsequent request send a session cookie automatically to the web server.
On the web, a server session Cookie is stored in the database or in a file, so now the web server can identify your session with that session cookie & persist the subsequent request.
For example, A cookie may store information such as your name and preferences that it gathered when you filled out a form, then use that information to populate pages you visit throughout one or multiple web pages in the same web browser.
I hope now you have a clear understanding of the session & cookie. Let's dive into the behind-the-scenes.
How do magic links work?
Actually, what the name implies, magic links aren’t, in fact, magic. In a magic link workflow, the site or app asks users for an email address. Then, the application generates a link with an embedded token and sends it via email.
To access that mail we have to be logged in to our email account so, it acts as an identity provider. The user then opens the email, clicks the link, and is logged in to the given app or service.
Magical Part of Magic link
The magic behind this is when a user submits the email address. The server will generate a unique identification token or Magic token & save it to a database.
The generated token is passed with a magic link through the mail. Magic Token is nothing but a kind of session cookie to authenticate the user. At the same time, the user opens a magic link. It was once verified in the database and stored as an authentication cookie in your browser with a high expiry time.
This magic happens behind the scenes of Magic Link Login or signup.
Magic link pros and cons
Magic links have a number of advantages related to user experience, account security, and technical backend improvements. At the same time, magic links aren’t flawless.
Pros
Reduce user churn
Increase conversions
Reduced attack surface
Easy user experience and authentication
You don’t need to maintain the infrastructure for a safe password
Cons
Depends on the email service
Only as secure as the user’s email address
Can end up in the spam
When to use magic links?
While magic link authentication has many use cases, Here are some situations where magic links are good & handy.
User login is infrequent
User account creation is a priority
Increase security
Conclusion
Magic links are a great way to provide a simple user experience for your customers without compromising their account security.
This solution is perfect for a B2C marketplace, SaaS, or subscription e-commerce, as UX for onboarding starts to matter a lot, and a good level of security matters.
I hope you have learned something new today. Share your comments & share with your friends for more content.