Setting up a passwordless flow
I'm struggling setting up a passwordless approach. The use case is a website where people can buy a product using a Polar checkout, and on success Polar sends people back to /sucecss with their checkout id. Using the checkout id and Polar's sdk I get their email. At that point I create a user on better-auth with their email, but I don't have any password. From there, I'd like to just log the user in, so they can immediately see their dashboard and any premium thing they bought, but I can't manage to find the way to log people without a password or social sign in.
Workarounds that don't work:
crating a user before allowing them to purchase. This would add unnecessary friction when the main goal is to have them purchase, not to create a user.
use magic links. This would be great if I could have more than one type of magic link email: one for first time, one for the rest. I don't want to send the user multiple emails (magic link, purchase confirmation, license key, etc).
It'd be awesome if we could just do auth.api.signIn(user.id). If that doesn't sound good, it'd be great to be able to do something like auth.api.magicLinkToken(user.id) or similar, so I can build the email I want using that token, which I can then verify via /api/auth/magic-link/verify?token={magicLinkToken}
Maybe there's a simpler approach that I haven't thought about?
Workarounds that don't work:
crating a user before allowing them to purchase. This would add unnecessary friction when the main goal is to have them purchase, not to create a user.
use magic links. This would be great if I could have more than one type of magic link email: one for first time, one for the rest. I don't want to send the user multiple emails (magic link, purchase confirmation, license key, etc).
It'd be awesome if we could just do auth.api.signIn(user.id). If that doesn't sound good, it'd be great to be able to do something like auth.api.magicLinkToken(user.id) or similar, so I can build the email I want using that token, which I can then verify via /api/auth/magic-link/verify?token={magicLinkToken}
Maybe there's a simpler approach that I haven't thought about?
