-
Notifications
You must be signed in to change notification settings - Fork 1
Home
Ray Ch edited this page Jun 4, 2016
·
1 revision
First thing First I am a Realist.
So, only few people come visit the wiki page. But this mainly developer and django-users who want to understand how this really works.
You are always welcome to work on to push your changes to this project.
For, more detail go through CONTRIBUTING.md
- You either need CRSF token(Desktop), Mobile ID(iOS and Android) Some UUID
- You receive a mail to your, hope that time they have their account accessed through their devices.
This process is either web application or mobile app. But, you can write a hack around it. Which we wouldn't include(as of now).
- When you enter your email address and click on "Sign Magic Link"
-
Django Magic Linkgenerates arandom codeand stores it in some database, together with a time stamp and your user as Foreign Key sayuser x. - If someone shows you this code, until this time, accept it as a login credential for
user x. -
Django Magic Linkgenerates a link that includes therandom codein the URL and sends it touser xas email. - The person, mainly
user xclicks the link. Which opens a web browser, which logs in the user in the web application.
- When user click link in the mail. It redirects to web browsers.
User can click
Login using Appwhich redirects user to the application.( Where, therandom codeis passed as application launch parameter). - In the mobile application you have to parse the
launch parameterand present it to the server API. -
Django Magic Linklooks up the database, finds therandom code, validates that not too much time has passed and tells the mobile app: "Yep, that's user X" – in reality exchange the random code for session token is exchanged.
The
random codeonce used is mark as used, so that you cannot use it twice, preventing others to login later.