Magical links, how they work

Question

Magical links, how they work

Some mobile apps, notably Slack , use magic URLs for authentication. I'm having trouble finding resources for implementation, and most importantly, does android have a similar method for doing this.

I understand that the server will send an email using this magic link (something like strings app://gf234h23f4j234342342), then the link will be passed to the registered one app, which then can use this information to contact the server to get information about the user. It's right? If so, gmail seems to have trouble recognizing this as a url, how is this allowed?

+4

android authentication ios email

Cenoc Jul 11 '16 at 21:09

source share

1 answer

Jim · Accepted Answer · 2016-07-11T21:20:32+0000

One way to approach this is to encode the trusted data as a JSON Web Token (JWT), which is digitally signed. This is then transmitted to the server by the application, and the server authenticates it.

As you already mentioned, Gmail and other software do not recognize custom URL schemes, such as app://. To work around this, provide an HTTPS link to your server of a similar form (for example https://example.com/redirect/gf234h23f4j234342342), which then redirects HTTP to a custom URL scheme using the information provided in the HTTPS URL. As an optimization, you can also configure the universal URL in iOS 9+ to directly redirect the HTTPS URL directly to your application without having to bounce through Safari.

Android.

Magical links, how they work

More articles: