osbre

osbre

Is there a specification or recommendations on implementing “one-time authentication” link?

Hello everyone

I’m trying to implement a “magic link” or “one-time login link” functionality

I wonder what a secure way to implement it would be.

The obvious and most simple solution to me seems to be generating a long enough string and storing it in the database.

When the link is opened, the app will just check the value against the database, and verify that it has not expired based on the creation date

But, an alternative way is to use encryption. Seems beneficial because it does not involve the generation of long enough string? As we can encrypt only database identifier which leads to a record of when the login request was made (to check if not expired)

I appreciate any feedback or tips, thanks :pray:

Marked As Solved

OvermindDL1

OvermindDL1

That’s basically what that “long enough string” is, when its long enough and random then you have enough entropy to not worry about it. Just using a UUIDv4 is enough entropy to not worry about it if it expires anywhere in the next thousand years, lol.

Except you encrypt it, which means it’s going to balloon in size to get enough entropy to be worth encrypting, which is going to end up longer in the URL anyway.

Also Liked

AstonJ

AstonJ

If the user has an account then I generally use SecureRandom to generate a random url-safe string then put that in the db associated with the user and an expiry, then in the URL params I will add the user’s ID as well as the generated string, that way the ID must correspond with the string, or it won’t work :023:

There’s an Elixir library for SecureRandom:

iex> SecureRandom.urlsafe_base64
"xYQcVfWuq6THMY_ZVmG0mA"

Where Next?

Popular Backend topics Top

mrmurphy
I’ve run into a situation where I’ve got a list of posts inside of a container that uses phx-update=“prepend”, and the posts on the socke...
New
Ookma-Kyi
I am learning Elixir at the moment but am finding it difficult to learn. The issue is there aren’t any good tutorial sites out there when...
New
Fl4m3Ph03n1x
Background I am trying to encode a structure into json format using the Jason library. However, this is not working as expected. Code L...
New
MarkIden
Hi, Recommend pls your favorite learning resources in Go, with best books, podcasts etc.
/go
New
Fl4m3Ph03n1x
Background PS: the following situation describes an hypothetical scenario, where I own a company that sells things to customers. I have ...
New
sona11
I’m having a difficulty. I want to modify an attribute’s data type from String to Array. { “id”: “trn:tarb:tradingpartner:uuid:00000...
New
New
Fl4m3Ph03n1x
Background I have a phoenix application in Windows 11. Unfortunately for me, I cannot compile the application because of a dependency err...
New
Fl4m3Ph03n1x
Background I have a release file inside a tarball. However I want the final release to have some additional files and to move things aro...
New
jaeyson
Hi! I have clarifications (please correct me, as I mostly mix/confuse this details) with the following: The term RAG here where it read...
New

Other popular topics Top

AstonJ
A thread that every forum needs! Simply post a link to a track on YouTube (or SoundCloud or Vimeo amongst others!) on a separate line an...
New
AstonJ
You might be thinking we should just ask who’s not using VSCode :joy: however there are some new additions in the space that might give V...
New
Exadra37
I am asking for any distro that only has the bare-bones to be able to get a shell in the server and then just install the packages as we ...
New
AstonJ
Biggest jackpot ever apparently! :upside_down_face: I don’t (usually) gamble/play the lottery, but working on a program to predict the...
New
foxtrottwist
A few weeks ago I started using Warp a terminal written in rust. Though in it’s current state of development there are a few caveats (tab...
New
AstonJ
Was just curious to see if any were around, found this one: I got 51/100: Not sure if it was meant to buy I am sure at times the b...
New
PragmaticBookshelf
Author Spotlight: VM Brasseur @vmbrasseur We have a treat for you today! We turn the spotlight onto Open Source as we sit down with V...
New
PragmaticBookshelf
Author Spotlight: Peter Ullrich @PJUllrich Data is at the core of every business, but it is useless if nobody can access and analyze ...
New
sir.laksmana_wenk
I’m able to do the “artistic” part of game-development; character designing/modeling, music, environment modeling, etc. However, I don’t...
New
AstonJ
This is cool! DEEPSEEK-V3 ON M4 MAC: BLAZING FAST INFERENCE ON APPLE SILICON We just witnessed something incredible: the largest open-s...
New