Magic Link Module
Passwordless authentication via email. Users receive a link (or code) that authenticates them without a password.
Features​
- Email-based passwordless login
- Code-based verification (for mobile apps)
- Auto-registration for new emails (optional)
- Configurable token expiry
- Frontend redirect or JSON response
Registration​
import "github.com/bete7512/goauth/internal/modules/magiclink"
a.Use(magiclink.New(&config.MagicLinkModuleConfig{
TokenExpiry: 15 * time.Minute,
AutoRegister: true,
CallbackURL: "http://localhost:3000/auth/magic",
}, nil))
Configuration​
type MagicLinkModuleConfig struct {
// Token validity (default: 15 minutes)
TokenExpiry time.Duration
// Create new user if email doesn't exist (default: false)
AutoRegister bool
// Frontend URL to redirect after verification
// Tokens appended as URL fragment: CallbackURL#access_token=xxx&refresh_token=xxx
// If empty, returns JSON response instead
CallbackURL string
}
Endpoints​
| Method | Path | Description |
|---|---|---|
| POST | /magic-link/send | Send magic link email |
| GET | /magic-link/verify | Verify magic link token (from email click) |
| POST | /magic-link/verify-code | Verify using code (for mobile) |
| POST | /magic-link/resend | Resend magic link |
Flow​
- User submits email to
POST /magic-link/send - GoAuth sends email with magic link
- User clicks link →
GET /magic-link/verify?token=xxx - GoAuth verifies token, creates/authenticates user
- Redirects to
CallbackURL#access_token=xxx&refresh_token=xxx
For mobile apps, use POST /magic-link/verify-code with the code from the email instead.
note
Requires the Notification module for sending emails. Register it before the Magic Link module.