1
0
Fork 0
mirror of synced 2024-06-17 10:14:50 +12:00

docs for magic urls

This commit is contained in:
Damodar Lohani 2021-08-31 13:11:36 +05:45
parent d67c754dad
commit dfe8bc6d53
2 changed files with 4 additions and 0 deletions

View file

@ -0,0 +1 @@
Sends the user an email with a secret key for login. When the user clicks the link he is redirected back to the URL you provided with the secret key and userId values attached to the URL query string. Use the query string params to submit a request to the [PUT /account/sessions/magic-url](/docs/client/account#accountUpdateMagicURLSession) endpoint to complete the login process. The login link sent to the user's email address is valid for 1 hour. If you are on mobile devices you can leave the URL parameter empty, so that the login completion will be handled by your Appwrite instance by default.

View file

@ -0,0 +1,3 @@
Use this endpoint to complete session creation with magic URL. Both the **userId** and **secret** arguments will be passed as query parameters to the redirect URL you have provided when sending your request to the [POST /account/sessions/magic-url](/docs/client/account#accountCreateMagicURLSession) endpoint.
Please note that in order to avoid a [Redirect Attack](https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.md) the only valid redirect URLs are the ones from domains you have set when adding your platforms in the console interface.