Validation email with fully formed link to POST the code & email address? #1
Comments
|
You can already do that as you can control the content of the email that is sent to the user. You can for example in this email provide a link that's formatted as you want, for example with your parameters as query params. However since it's a link for the user to click on, it will never be a POST request, always a GET request. |
|
Thanks for the prompt response. It wasn't an issue, more a question / suggestion. Also thanks for confirming it will be a GET request. Does this invalidate the authentication process, in your opinion? As the parameters will be visible in the headers, rather than embedded in the data packet. |
|
If it's over http, neither the body nor the query params are secure (you can't have a body in GET requests). If it's over https, both are secure. It doesn't matter how you decide to do it. Query params are fine 😊 |
|
FYI, link to the docs: https://www.nopass.me/docs |
The default email template includes some text to the user, with a URL link to nopass.me.
I am authenticating users on a PHP-based web app / site. My current flow is using a 2nd form which the user manually enters the code received. Once submitted, a 3rd page completes the validation stage of authentication.
Could this be formatted as a simple link to click, that would include the required parameters (email & code)? Ideally as POST.
The text was updated successfully, but these errors were encountered: