Magic Link
How to choose your integration strategy?
Discover how to integrate Magic Link authentication for an Organization within in your app in a headless way: learn the process of creating a Magic Link connection for the organization and generating a Magic Link challenge for the user. Or use ready to use interface with the self-hosted Gateway User Interface here
Watch the video guide
- Quickstart
- 15 min
A
However, it is important to ensure a number of security measures, that the link is sent securely, and that the
1 Configure your first Magic Link Connection
API object definitions
- Organizations: An The fallback content to display on prerenderingrepresents a business customer or partner in your Cryptr service.
- Users: Cryptr stores The fallback content to display on prerenderingprofiles for yourThe fallback content to display on prerenderingin a dedicated hosted cloud database for a specificThe fallback content to display on prerendering.The fallback content to display on prerenderingprofile information can come from yourThe fallback content to display on prerenderingdirectly. The sources areThe fallback content to display on prerenderingsignup,The fallback content to display on prerendering(viaThe fallback content to display on prerendering) logins or Active Directory.
How to leverage your API key
Setting up Environment Variables
It is important that your Cryptr
CRYPTR_CLIENT_SECRET
environment variable at the start of your CRYPTR_CLIENT_ID
must also be defined.CRYPTR_ACCOUNT_DOMAIN=communitiz-app
CRYPTR_CLIENT_SECRET=79cef058-530c-4c19-a12d-ff57ff5e592b
CRYPTR_CLIENT_ID=b7bde828-4df1-4f62-9a3a-d1541a2fc9e4
Cryptr does not keep the created
In a dedicated environment, remember to set the CRYPTR_SERVICE_URL
as an environment variable. This ensures proper communication with the service and enables customization of the service URL based on your environment.
Cryptr Service URL for dedicated instance
CRYPTR_ACCOUNT_DOMAIN=communitiz-app
CRYPTR_CLIENT_SECRET=79cef058-530c-4c19-a12d-ff57ff5e592b
CRYPTR_CLIENT_ID=b7bde828-4df1-4f62-9a3a-d1541a2fc9e4
CRYPTR_SERVICE_URL=https://my-company.authent.me
Instantiating your Cryptr Client
Here is a concrete example to illustrate how to leverage an
- cURL
- Kotlin
curl -X POST ${cryptr_service_url}/oauth/token
-d '{
"grant_type": "client_credentials"
"domain": "CRYPTR_ACCOUNT_DOMAIN",
"client_id": "CRYPTR_CLIENT_ID",
"client_secret": "CRYPTR_CLIENT_SECRET"
}'
val cryptr = Cryptr(
accountDomain = System.getProperty(CryptrEnvironment.CRYPTR_ACCOUNT_DOMAIN.toString()),
apiKeyClientId = System.getProperty(CryptrEnvironment.CRYPTR_API_KEY_CLIENT_ID.toString()),
apiKeyClientSecret = System.getProperty(CryptrEnvironment.CRYPTR_API_KEY_CLIENT_SECRET.toString()),
//Optional fields
defaultRedirectUrl = System.getProperty(CryptrEnvironment.CRYPTR_DEFAULT_REDIRECT_URL.toString()),
serviceUrl = System.getProperty(CryptrEnvironment.CRYPTR_SERVICE_URL.toString()),
)
Create your Users directory
When it comes to controlling access to your
sandbox
environment for testing and development or a default
environment for production. An
To get started, we create a dedicated environment for each new customer, where we store all
The environment is defined by your
For example, if your
To learn more about sandbox and production environments and how they affect your
The Organization Owner
Create a new Organization with the name, and the list of email domains from the professional emails of the
- cURL
- Kotlin
curl -X POST ${cryptr_service_url}/api/v2/organizations \
-H "Authorization: Bearer your-access-token-from-client-id-and-secret" \
-d name="Communitiz App" \
-d allowed_email_domains[]="communitiz.app"
val organizationResponse = cryptr.createOrganization(
name = "My company name",
allowedEmailDomains = setOf("my-company.com")
)
Now we get the domain
of our new
communitiz-app
is the domain identifier
. Now, each time a new Create a User
We can create a
- cURL
- Kotlin
curl -X POST '${cryptr_service_url}/api/v2/org/${org_domain}/users'
--form 'profile[email]="emilie@communitiz-app.co"'
val userResponse = cryptr.createUser(
orgDomain = "communitiz-app",
email = setOf("emilie@communitiz-app.co")
)
However, it is important to consider the following error:
- "422 email has already been taken": This means that a The fallback content to display on prerenderingwith this email address already exists in your project. We inform theThe fallback content to display on prerenderingthat they can use another email address or invite him to connect. (The email address is used as an
identifier
to find aThe fallback content to display on prerendering.)
You can access a
Click here to access the API page and explore the options for
List the users of a directory from a sandbox or production environment
We can fetch the
- cURL
- Kotlin
curl "${cryptr_service_url}/api/v2/org/${org_domain}/users" \
-d page=${page}
-d per_page=${per_page}
val listing = cryptr.listUsers(
orgDomain = orgDomain,
// Optional, size of the page
// perPage = perPage,
// Optional your current page
// currentPage = currentPage
)
Of course, at this time our list is empty. To see more about
Magic Link Connection creation
- Organization: An The fallback content to display on prerenderingrepresents a business customer or partner in your Cryptr service.
- Magic Link Connection: A The fallback content to display on prerenderingThe fallback content to display on prerenderingrepresents the parameters of theThe fallback content to display on prerenderingand enable the functionality. Without it you can't useThe fallback content to display on prerendering.
With a created
Create a new
- cURL
- Kotlin
curl -X POST ${cryptr_service_url}/api/v2/org/${org_domain}/magic-link-connection
val resp = cryptr.createMagicLinkConnection(
orgDomain = 'communitiz-app'
)
Note that there is a find_or_create_user
option. Thanks to this option, you can ask to create the user at the time of login. To do so, set this option to true
. If you do not wish to create a user at the same time as the login, leave this option set to false
or leave it blank. The default setting is true
.
Manage the Magic Link
Here are the other possible actions for managing
Update the Magic Link Connection
This request will help you to update the
- cURL
- Kotlin
curl -X PUT ${cryptr_service_url}/api/v2/org/${org_domain}/magic-link-connection \
-d find_or_create_user=true
val resp = cryptr.updateMagicLinkConnection(
orgDomain = 'communitiz-app',
findOrCreateUser = true
)
Delete the Magic Link Connection
- cURL
- Kotlin
curl -X DELETE ${cryptr_service_url}/api/v2/org/${org_domain}/magic-link-connection
val resp = cryptr.deleteMagicLinkConnection(
orgDomain = 'communitiz-app'
)
If you want to disable the
Retrieve the Magic Link Connection
- cURL
- Kotlin
curl "${cryptr_service_url}/api/v2/org/${org_domain}/magic-link-connection"
val resp = cryptr.getMagicLinkConnection(
orgDomain = 'communitiz-app'
)
You are now able to view the params of your
2 Integrate the Magic Link authentication to your Application
- Organization: An The fallback content to display on prerenderingrepresents a business customer or partner in your Cryptr service.
- Magic Link: A The fallback content to display on prerenderingrepresents is a link that aThe fallback content to display on prerendering's will use as authentication credential to access protected services.
Login
Challenge a Magic Link
- cURL
- Kotlin
curl -X POST ${cryptr_service_url}/api/v2/magic-link-challenge \
-d user_email="emilie@communitiz-app.co" \
-d redirect_uri="https://authent.me/welcome-back"
val createMagicLinkChallengeResponse = cryptr.createMagicLinkChallenge(
userEmail = "john@communitiz-app.com",
redirectUri = "https://authent.me/welcome-back"
)
The user_email
domain is used to retrieve your organization domain but you can also use this endpoint with the org_domain
as paramater.
Magic Link Challenge using Organization Domain
Magic Link Challenge with Org Domain
This request will help you to Challenge the
user_email
.- cURL
- Kotlin
curl -X POST ${cryptr_service_url}/api/v2/magic-link-challenge \
-d user_email="emilie@communitiz-app.co" \
-d org_domain=${org_domain} \
-d redirect_uri="https://authent.me/welcome-back"
val createMagicLinkChallengeResponse = cryptr.createMagicLinkChallenge(
userEmail = "john@communitiz-app.com",
orgDomain = "communitiz-app",
redirectUri = "https://authent.me/welcome-back"
)
The createMagicLinkChallenge
function takes an email address to create a
We are using email to find the
domain
is an optional parameter.Full example of processing of results
- cURL
- Kotlin
curl -X POST ${cryptr_service_url}/api/v2/magic-link-challenge \
-d user_email="emilie@communitiz-app.co" \
-d redirect_uri="https://authent.me/welcome-back" \
# OPTIONAL -d org_domain=${org_domain}
## This will create a Magic Link to send to your user
## Once your user will click on this link he will be redirected to
## your redirect URI and a code will be present in the params
## You can then use:
## For example: https://authent.me/welcome-back/?code=code
curl -X POST ${cryptr_service_url}/oauth/token \
-d code={code} \
-d grant_type="authorization_code"
val createMagicLinkChallengeResponse = cryptr.createMagicLinkChallenge(
userEmail = "john@communitiz-app.com",
orgDomain = "communitiz-app",
redirectUri = "https://authent.me/welcome-back"
)
// CALLBACK
val callbackResp = cryptr.validateMagicLinkChallenge(call.parameters.get("code"))
if (callbackResp is APISuccess) {
val challengeResponse = callbackResp.value
// Handle the response as you want
} else {
// Error occurend while validating
}
After generating a
If the Challenge is a success and is valid, it will contains a code to retrieve the authentication
Conclusion
I hope this guide has given you a better understanding of the steps involved in
- Creating an The fallback content to display on prerenderingwith a
name
and a list of associatedemail domains
. - The initial configuration of the The fallback content to display on prerenderinglogin to create a new account for yourThe fallback content to display on prerendering.
- Magic Link challenge, a feature that enhances security while simplifying authentication.
To test and ensure the operation of your password authentication system, here are a few practical tips:
- Use authentication and authorization scenarios in a test environment to check that the process runs smoothly.
- Take advantage of activity monitoring features to quickly identify and resolve any problems relating to authentication and user management.
If you'd like to go even further, we encourage you to explore our advanced features such as two-factor authentication (coming soon) to further enhance security.
Alternatives
If the
To offer your users a convenient and secure login experience, we offer one more alternative authentication methods: Single Sign-On (SSO). To benefit from these features, the
Thank you for choosing Cryptr to simplify
Please do not hesitate to contact us should you require any further assistance.
API endpoint used in this guide
You can read more about