Yes but clicking the link itself shouldn't log you in. Any implementation of mag... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Spivak 11 months ago \| parent \| context \| favorite \| on: Magic/tragic email links: don't make them the only... Yes but clicking the link itself shouldn't log you in. Any implementation of magic links that does this is broken because of link previews. You click the button on the page which knows the session you're logging in from and link code and does a POST which completes the login. This is how all the "login by scanning QR code" flows work.

portaouflop 11 months ago [–]

I see - but then you can just use OTP instead - it works in the same way and you can even use it cross device

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact