I have implemented Passwordless Auth using the email link on my website following this Firebase documentation:
But even though the link generated by the function generate_sign_in_with_email_link() works fine the first time, it only works once:
from firebase_admin import auth
link = f'http://localhost:4200/login'
dynamic_link_domain = 'test.page.link'
action_code_settings = auth.ActionCodeSettings(
url=link,
dynamic_link_domain=dynamic_link_domain
)
link = auth.generate_sign_in_with_email_link("[email protected]", action_code_settings)
When the user tries to click a second time I get this error:
The action code is invalid. This can happen if the code is malformed, expired, or has already been used.
This is not the behavior I want. I'm looking for a "magic link" that the user can click on multiple times and still be logged in to my website. Is this possible with Firebase? What is the right configuration to apply?
CodePudding user response:
But even though the link generated by the function generate_sign_in_with_email_link() works fine the first time, it only works once.
That's the expected behavior. When you send a user an email containing an authentication link, once it is used the link expires. Why? So other users cannot use it. If you try to use it again, that error message appears.
I'm looking for a "magic link" that the user can click on multiple times and still be logged in to my website
To achieve that you should consider using another type of authentication. For example, email and password, or any other provider, like Google, Facebook, etc. In this way, you'll always be able to authenticate into the same account.
There is, however, a solution in which you can use custom tokens but as also @Dharmaraj already mentioned in his comment, that wouldn't be so secure.