For the passwordless.requestToken() method, is there a recommended way to:
- accept any email and send the user onto a "check your email" message in every case
- then, silently look up the email and only send a token if the email is found. if the email is invalid, nothing happens
I don't want to give users a way to figure out which email addresses are valid from the interface, but following the example code, an invalid email gives a 401 unauthorised error.
I've settled for sending successRedirect and failureRedirect to the same view for the moment:
router.post("/login", passwordless.requestToken(authController.sendMagicLink, {
successRedirect: "/login/check-email",
failureRedirect: "/login/check-email"
}))
router.get("login/check-email", authController.checkEmail)
For the
passwordless.requestToken()method, is there a recommended way to:I don't want to give users a way to figure out which email addresses are valid from the interface, but following the example code, an invalid email gives a 401 unauthorised error.
I've settled for sending successRedirect and failureRedirect to the same view for the moment: