Overview
Add Email Magic Link Login. This is a method where a user requests a login link via email and, upon clicking that link, is granted an authenticated session.
API
GraphQL
requestLogin(email: Email!): RequestLoginResult! mutation:
If the email account exists, a one-time login link is sent to the email.
viewer: Account query:
Returns the currently authenticated account or null.
Example:
mutation {
requestLogin(email: "email@example.com") {
sent
}
}
query {
viewer {
uuid
name
email
}
}
HTTP
GET /auth/callback?token=…:
After verifying the link, creates a session, sets an HttpOnly cookie, and redirects.
POST /auth/logout:
Expires the session
Flow
Login:
requestLogin(email)
- Send
${baseUrl}/auth/callback?token=<token> via email
- User accesses
${baseUrl}/auth/callback?token=<token>
- Set session cookie and redirect to the app
Logout: POST /auth/logout → Destroy session, delete cookie.
Data Model
login_tokens
accountId
tokenHash
expires
consumed
sessions
accountId
tokenHash
expires
Email Sending
Use Upyo
- Build message:
@upyo/core
- Send:
@upyo/smtp
- Test:
@upyo/mock
Out of Scope / Follow-up Tasks
- Sign up
- PassKey
- rate limiting
- UI
Overview
Add Email Magic Link Login. This is a method where a user requests a login link via email and, upon clicking that link, is granted an authenticated session.
API
GraphQL
requestLogin(email: Email!): RequestLoginResult!mutation:If the email account exists, a one-time login link is sent to the email.
viewer: Accountquery:Returns the currently authenticated account or
null.Example:
HTTP
GET /auth/callback?token=…:After verifying the link, creates a session, sets an
HttpOnlycookie, and redirects.POST /auth/logout:Expires the session
Flow
Login:
requestLogin(email)${baseUrl}/auth/callback?token=<token>via email${baseUrl}/auth/callback?token=<token>Logout:
POST /auth/logout→ Destroy session, delete cookie.Data Model
login_tokensaccountIdtokenHashexpiresconsumedsessionsaccountIdtokenHashexpiresEmail Sending
Use Upyo
@upyo/core@upyo/smtp@upyo/mockOut of Scope / Follow-up Tasks