Magic Link
Customize your magic link authentication flow from the Descope console (Settings > Authentication Methods > Magic Link).
If you would like the one-click login experience this authentication method provides, but would also like to have the ability to complete the login process on one device, from a separate device, check out Enchanted Link instead.
A magic link is a single-use link sent to the user for authentication (sign-up or sign-in) that validates their identity. The Descope service can send magic links via email or SMS texts.
The browser tab that is opened after clicking the magic link gets the authenticated session cookies. For example, consider a user that starts the login process on a laptop browser and gets a magic link delivered to their email inbox. When they click the email link, a new browser tab will open and they will be logged in on the new tab.
Settings Summary
All Settings
Variables are displayed below and in the console as {{variable_name}}
.
Setting | Variable | Details |
---|---|---|
Redirect URL | {{redirectUrl}} | default URL for the route you implement to verify magic link tokens |
Expiration time | {{expirationTime}} | length of time after which link or code expires |
Number of retries and Attempts timeframe (seconds) | Limit the number of communication attempts (email, text, or voice) a recipient can receive within the defined timeframe. If the limit is exceeded, no further messages will be sent until the timeframe resets. | |
Connector | Who will be listed as the sender of the magic link. The default is Descope. | |
Template | If you are using a customized connector, you can change the template of the email/sms which your user will receive. The default is System. | |
Enable method in API and SDK | This toggle switch enables or disables the authentication method from being available for use within API and SDK |
Additional Details
This section describes additional details about the configuration options available.
Redirect URL
The redirect URL is an optional argument in the API and SDKs, and will take precedence over the redirect URL configured here.
Expiration Time
For increased security, we recommend an expiration time of 3-5 minutes. A shorter expiration time limits how long a malicious actor has to attempt an attack (such as a dictionary or brute force attack) on the code or link.
Connectors
Email Connector
Descope supports sending email OTP messages using your email messaging provider, such as AWS SES, SendGrid, or a generic SMTP service. You can configure a email messaging connector by going to the connectors page within the Descope console and searching for the supported email messaging connectors. Then, on the OTP authentication method page, you can select the configured connector and customize the template if you would like.
Text Message (SMS) Connector
Descope supports sending text messages using your text messaging provider, such as Twilio or Amazon SNS. You can configure a text messaging connector by going to the connectors page within the Descope console and searching for the supported text messaging connectors. Then, on the OTP authentication method page, you can select the configured connector and customize the template if you would like.