How to automatically sign-in user in after they click a verify email link sent to their email inbox?
Once a user registers an account, the page prompts them to click the link in the email sent to them. How can I make that link automatically log them in? Is this possible, or would they still have to log in manually after verifying their email? One idea i had was to "pseudo" sign them in upon registration, and then them clicking on the verify link re-validates the registration page, giving them full access.
Is there a better way to do this?
Is there a better way to do this?
16 Replies
I would say there are a million ways to do this. You could do something like:
Then validate the super-secret token and return a cookie with the user session and finally redirect the user to the dashboard
the only way I know how to return a cookie with the user session is with
is there a way to do this without their credentials?
Oh gosh don't do that
like in general or in this context
First of all, you should never store a user's password
Like never ever
no yeah i only store it hashed and salted
the signIn is just a nextauth function that i plug in the form info into
Anyhow, you can create a session token with the credentials
Maybe with JWT?
JWT.IO
JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.
In JWT you should only put information that you need to identify the user. DO NOT put their password into it. Just use an ID and the token expiration and creation date
Anyhow, I've never used next-auth, so they might have a different approach. Check out their docks
ok so they click the link, the we look up the user associated with superSecretToken and make a JWT for that user, we send that JWT to the client's cookie jar, and then redirect them to a dashboard?
circumventing the credential input process?
Yes
ok
Also, when the user first registers their account you can return a cookie anyways and then handle if they are verified or not.
(a lot of websites tell you to verify with a popup or something like that)
have you used nextAuth.js by any chance?
.
Oh whoops haha
Thanks