Message7629
would a jwt make a good base for password less login with a magic link/url?
Consider a jwt with a 2 minute lifetime appended to a url like:
https://trackerorg/demo?@template=new_session&@action=new_session&session=<jwt>
the jwt has a scope/role of new_session that when browsed to results
in a new session cookies for the user.
Magic link might be better setup using a session token that can be revoked rather than
the time limited jwt but something to consider. |
|
| Date |
User |
Action |
Args |
| 2022-08-02 16:50:42 | rouilj | set | messageid: <1659459042.82.0.614234916329.issue2551064@roundup.psfhosted.org> |
| 2022-08-02 16:50:42 | rouilj | set | recipients:
+ rouilj |
| 2022-08-02 16:50:42 | rouilj | link | issue2551064 messages |
| 2022-08-02 16:50:42 | rouilj | create | |
|