Skip to content

feat(auth): magic-link auto-login from verification email #130

Description

@mindsers

Current flow

  1. User submits /register on the marketing site
  2. Platform creates congregation + sends verification email
  3. User reads email, clicks link
  4. User lands on app (or marketing site)
  5. User must re-enter email + password to log in

Step 5 is the friction. Each step in this chain is a 10\u201330% drop-off opportunity, and asking users to re-type their just-set password right after clicking an email link is the weakest point.

Proposal

The verification email link should auto-create a session (single-use, signed token) and land the user directly inside the app dashboard. Eliminate the manual login step.

Implementation likely involves:

  • A signed token in the verification URL (short TTL, single-use)
  • An endpoint (/auth/verify) that consumes the token, marks the email as verified, creates a session, and redirects to the dashboard
  • Token issuance from the platform when the email is sent (or by the main app when the link is generated)

Out of scope

Resend-verification UX is tracked separately in unitae-platform (/api/resend-verification endpoint) and unitae-website (UI on success page).

Metadata

Metadata

Assignees

No one assigned

    Labels

    area: authAuthentication, sessions, registrationstatus: readyTriaged and ready to pick uptype: featureNew capability

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    Mid Term

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions