Passwordless Authentication
I saw a a post asking whether wasp supported passworldess authentication in March and it wasn't supported at the time. Has anything changed since then and if not does anyone have any good ideas as to how I can add the passwordless auth in myself and have it seamlessly integrate with wasp?
3 Replies
Hi @RPD. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
As of the information available, Wasp does not yet support passwordless authentication out of the box. The current supported authentication methods include username & password, Google, GitHub, and email [^1^][^10^].
However, there are discussions about adding passwordless authentication (also known as "one-time-password" login) in the future, and it's been suggested that this could potentially be implemented by supplying SMTP credentials to nodemailer [^2^].
In the meantime, if you want to implement passwordless authentication yourself, you would likely need to integrate it into your application manually. Unfortunately, there are no specific instructions available on how to do this with Wasp.
However, you can refer to the Wasp documentation on how to set up username & password authentication, which might give you some insights on how to integrate a custom authentication method [^4^][^6^][^10^].
Also, you can check the open-saas template provided by Wasp, which comes with the concept of admins and even has an admin dashboard in it [^9^].
Please note that any custom implementation would need to be carefully tested and reviewed to ensure it meets security standards.
^1^]: [Discord support thread: Passwordless authentication > Answers (https://discord.com/channels/686873244791210014/1216112386335969372)
^2^]: [Github Issue (closed): Abstract email sending with Wasp (for e.g. email login) > Comments (https://github.com/wasp-lang/wasp/issues/870)
^4^]: [Docs > Auth > Username & Password (https://wasp-lang.dev/docs/auth/username-and-pass)
^6^]: [Docs > Tutorial > 7. Adding Authentication (https://wasp-lang.dev/docs/tutorial/auth)
^9^]: [Discord support thread: Hi, how do you add authorization ? > Answers (https://discord.com/channels/686873244791210014/1211733266235916358)
^10^]: [Docs > Auth > Overview > Available auth methods (https://wasp-lang.dev/docs/auth/overview#available-auth-methods)
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------
Sorry @RPD, I seem to be having a bit of trouble. Don't worry though, I've pinged my support and they will try to fix me up! :technologist:
Perhaps try again in 15mins?
Paswordless as in magic link?
No support yet, we will be adding support for it in the future but can't say exactly when.
As for doing it completely on your own: Wasp does expose some lower level primities that might enable doing this, I will let @miho answer this one though.
You could hack around do something like:
1. Create a Wasp action / custom API that when triggered from the client receives an
email string and send a link to that email.
2. In that link you could put a token e.g. myapp.com/login-with-token?token=xxx (client route)
3. The token should be stored in a separate table that's connected to the user or directly on the user
4. The client should then send the token to the server to some custom API endpoint /auth-with-token.
5. The server checks the token, uses the createSession helper from wasp/server/auth and sends back the session ID to the client.
6. The client uses the initSession helper to init the user.
There are some useful methods in this gist: https://gist.github.com/infomiho/3c63de7d53aba59d6293bcb59501a029Gist
Implementing custom OAuth provider with Wasp 0.14.1+ (Spotify in th...
Implementing custom OAuth provider with Wasp 0.14.1+ (Spotify in this case) - .env.server