Ash Framework: Magic Link Auth behavior (p121)

mlooney · 10 June 2025 19:09

Running through the example, clicking on an already-used magic link email brings me to the magic link “sign in” page, clicking the magic “sign in” button does nothing, though no error warnings are generated as described by debug_authentication setting (a tiny debug message thus: [debug] Claim %{"jti" => "blah blah"} did not pass validation.)

Additionally, trying to use the magic link sign-in with a nonexistent user, will indeed generate the magic link email and associated magic link (which also works when used, creating a new user). Is this expected?

Versions

Erlang/OTP 27 [erts-15.2.7] [source] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:1] [jit]

Elixir 1.18.4 (compiled with Erlang/OTP 27)

sevenseacat · 11 June 2025 10:27

You don’t see the warning in your logs? Like

Did you restart your dev server after changing the debug config in dev.exs?

And yes, by default registration is enabled for magic links, so entering a non-existent email address will send a link to sign in and create that account. You can disable this in your magic_link config in your User resource, by setting registration_enabled? false.

mlooney · 11 June 2025 15:07

yes, i restarted, and see the warning about auth debug mode too. i’m as surprised as you are

good to know about the magic link behavior.

what versions are you using yourself?