Magic Link Authentication with generates_token_for in Rails 7.1 Discussion
is magic link login considered secure ?
can it be used for a production website reliably ?
Thanks
As long as the tokens expire, are one-time use, and the user's email isn't compromised it should be fine. You'll still want to support 2FA through another mechanism for more security.
I much prefer email/password login so I can use a password manager.
Hi Chris,
How do you use CurrentAttributes in real world projects? as I read from several blogs that it's considered as harmful, so it's not recommended to use it.
So I want to know from your perspective regarding this.
Thanks
How are CurrentAttributes implemented in practical projects? According to several blog posts, it is deemed hazardous and therefore its use is not advised.
I would therefore like to hear your perspective on this.
How can you mock this in an integration test where you need to be authenticated but you don't have access to session?