osbre

osbre

Is there a specification or recommendations on implementing “one-time authentication” link?

Hello everyone

I’m trying to implement a “magic link” or “one-time login link” functionality

I wonder what a secure way to implement it would be.

The obvious and most simple solution to me seems to be generating a long enough string and storing it in the database.

When the link is opened, the app will just check the value against the database, and verify that it has not expired based on the creation date

But, an alternative way is to use encryption. Seems beneficial because it does not involve the generation of long enough string? As we can encrypt only database identifier which leads to a record of when the login request was made (to check if not expired)

I appreciate any feedback or tips, thanks :pray:

Marked As Solved

OvermindDL1

OvermindDL1

That’s basically what that “long enough string” is, when its long enough and random then you have enough entropy to not worry about it. Just using a UUIDv4 is enough entropy to not worry about it if it expires anywhere in the next thousand years, lol.

Except you encrypt it, which means it’s going to balloon in size to get enough entropy to be worth encrypting, which is going to end up longer in the URL anyway.

Also Liked

AstonJ

AstonJ

If the user has an account then I generally use SecureRandom to generate a random url-safe string then put that in the db associated with the user and an expiry, then in the URL params I will add the user’s ID as well as the generated string, that way the ID must correspond with the string, or it won’t work :023:

There’s an Elixir library for SecureRandom:

iex> SecureRandom.urlsafe_base64
"xYQcVfWuq6THMY_ZVmG0mA"

Where Next?

Popular Backend topics Top

New
mrmurphy
I’ve run into a situation where I’ve got a list of posts inside of a container that uses phx-update=“prepend”, and the posts on the socke...
New
bsek43
Hello everyone, I’ve started learning Elixir and Phoenix few months ago and while I mostly grasped Elixir’s functional concepts and Phoe...
New
Fl4m3Ph03n1x
Background I am now trying Gradual type checking, as a consequence I am giving a shot to Gradient. As I see it, this is an alternative to...
New
Fl4m3Ph03n1x
Background I am trying out polymorphic typing with dialyzer. As an example I am using the famous Option type (aka, Maybe Monad) that is n...
New
Fl4m3Ph03n1x
Background I am trying to encode a structure into json format using the Jason library. However, this is not working as expected. Code L...
New
jeya
Dear Geeks I am new to pytest. I am following a youtube channel. I am writing the same code. learning to test login functionality of an...
New
Fl4m3Ph03n1x
Background I am moving towards defined data structures in my application, and I find that TypedStruct is quite useful. Questions Howeve...
New
Fl4m3Ph03n1x
Background I have a module that uses TypedStruct to create structs. This is the code: defmodule Shared.Data.Authorization do @moduledo...
New
Fl4m3Ph03n1x
Background When trying to execute mix release on a Windows 11 machine for a Phoenix project I get the following error: * assembling mark...
New

Other popular topics Top

PragmaticBookshelf
Take your Go skills to the next level by learning how to design, develop, and deploy a distributed service. Start from the bare essential...
New
PragmaticBookshelf
Ruby, Io, Prolog, Scala, Erlang, Clojure, Haskell. With Seven Languages in Seven Weeks, by Bruce A. Tate, you’ll go beyond the syntax—and...
New
siddhant3030
I’m thinking of buying a monitor that I can rotate to use as a vertical monitor? Also, I want to know if someone is using it for program...
New
dasdom
No chair. I have a standing desk. This post was split into a dedicated thread from our thread about chairs :slight_smile:
New
New
AstonJ
I’ve been hearing quite a lot of comments relating to the sound of a keyboard, with one of the most desirable of these called ‘thock’, he...
New
PragmaticBookshelf
Build highly interactive applications without ever leaving Elixir, the way the experts do. Let LiveView take care of performance, scalabi...
New
Margaret
Hello everyone! This thread is to tell you about what authors from The Pragmatic Bookshelf are writing on Medium.
1147 29994 760
New
AstonJ
This is cool! DEEPSEEK-V3 ON M4 MAC: BLAZING FAST INFERENCE ON APPLE SILICON We just witnessed something incredible: the largest open-s...
New
PragmaticBookshelf
As digital systems increasingly run the world, mastery of the recurring patterns of software development risk is the key to fast and effe...
New