Customizing enchanted Link
Customize your enchanted link authentication flow from the Descope console (Settings > Authentication Methods > Enchanted Link).
An enchanted link is a single-use link sent to the user for authentication (sign-up or sign-in) that validates their identity. Enchanted links can only be sent via email.
Enchanted links are an enhanced version of magic links. Enchanted links enable users to start the login process on one device (the originating device) while clicking the enchanted link on a different device. When the user clicks the correct link, their session on the originating device is validated, and they are logged in. A special security feature of enchanted link is that the end-user needs to pick the correct link from the three links delivered to them.
Settings Summary
All Settings
Variables are displayed below and in the console as {{variable_name}}.
| Setting | Variable | Details |
|---|---|---|
| Redirect URL | {{redirectUrl}} | default URL for the route you implement to verify enchanted link tokens |
| Expiration time | {{expirationTime}} | length of time after which link or code expires |
| Connector | Who will be listed as the sender of the enchanted link. The default is Descope. | |
| Template | If you are using a customized connector, you can change the template of the email which your user will receive. The default is System. | |
| Enable method in API and SDK | This toggle switch enables or disables the authentication method from being available for use within API and SDK |
Additional Details
This section describes additional details about the configuration options available.
Redirect URL
The redirect URL is the location to send the user upon successful authentication. The redirect URL will be overridden when specified in the SDK or API call.
Expiration Time
For increased security, we recommend an expiration time of 3-5 minutes. A shorter expiration time limits how long a malicious actor has to attempt an attack (such as a dictionary or brute force attack) on the code or link.
Connectors
Email Connector
Descope supports sending email OTP messages using your email messaging provider, such as AWS SES, SendGrid, or a generic SMTP service. You can configure a email messaging connector by going to the connectors page within the Descope console and searching for the supported email messaging connectors. Then, on the OTP authentication method page, you can select the configured connector and customize the template if you would like.