Adding extra data to the token

[kevinwolfcr]

Hello! I have been using this library since it was released and I can say I really appreciate your effort on putting this together, it has made authentication more straightforward on my apps.

That said, I want to request a feature to encode extra data to the auth token and somehow read it on the validate function. I want to create a workflow where users get inserted into the DB only after they clicked the magic link, so on the signup flow, I send the magic link with some other information requested for the user creation.

Initially, I was adding some extra data to the magic link via query, then reading that data from the query and trying to modify the request.formData before calling authenticator.authenticate("email-link", request) to receive the data in the form property of the validator, but it didn't work since the loader doesn't have any FormData because it is coming from a link.

[pbteja1998]

@fullstackjedi

Can't you use Form data for this?

[kevinwolfcr]

Ok, let me describe the following scenario:

1. User goes to the sign-up flow (/sign-up), inputs their email, full name, and phone, and the link is sent to the user's email. I don't want to insert the user in the DB on this step, because I don't want to register users who haven't verified their email.
2. The user clicks the link, which has a token with the email AND their full name and phone. (/magic?token=xxx).
3. I check in the verify callback is magicLinkVerify is true, and if it is like that, then I somehow get the tokenData (this can be an extra property added to the verify clalback) and insert the user into the DB on this step, after they have proved they own the email.

[pbteja1998]

I just published a new version v1.4.1.

If you use this version, you should get form: FormData in the verify callback even when magicLinkVerify is true.

It would be great if you can try this new version and let me know if everything works ok, and whether you are successfully getting the form data or not.

[kevinwolfcr]

Works fantastic! Thank you so much.

[pbteja1998]

Awesome 👍

[dimaishere]

Hi! Remix newbie here. I wanted to create a separate discussion thread, but I think my question is related to the @elkevinwolf original request.
This strategy says that it

implements the authentication strategy used on kentcdodds.com.

I've read Kent's blog post and really liked the way he handles passwordless auth. My favourite part is checking whether user exists after token decryption in /magic, and then redirecting to the /signup page if the user couldn't be found.

I'm trying to find a way to do the same with this strategy, and can't find a way to perform this check. My User model has a "firstName" required field, which I want to ask for on the /signup page (see Kent's diagram above). Thus, I can't create a user in database if I only have their email.

Now, it looks like the EmailLinkStrategy expects me to return a user in any case. Which, again, I can't do if there's not already a user in a database. I want to check for that, and in case there's no user, I want to redirect a user to the /signup page with their email address in a cookie to pre-fill the email input.

Type 'User | null' is not assignable to type 'User'.

Also, notice how Kent originally returns "null" if there's no user in his site's repo, that inspired this strategy.

How would you solve that? Thanks!