Integration with passwordless authentication to do auth code flow + PKCE?


#1

Hi,

I’m figuring out the API integration between our mobile app and our cloud service. I’d like users to go thru passwordless authentication in our mobile app, sth very similar to Slack’s magic link design (i.e. user provides email address on mobile app => a short-lived verification link is sent by email => user clicks on it via mail client and will land back to the mobile app in authenticated state). Upon authentication success the mobile app would continue OAuth authorization code flow + PKCE to get the access token and refresh token etc. for calling our cloud service API.

Per my understanding, to implement this design with Hydra, I think this means I need to write a login-and-consent-provider that implicitly handles the whole login & consent challenge part WITHOUT any user interaction except for providing the email address (i.e. there’s no redirection/prompt asking for login credentials nor user’s consent on granting permissions). May I ask if this sounds correct, as I am aware this isn’t that typical for OAuth flow? Any advice is greatly appreciated.

Thanks very much!


#2

Hi, I too am evaluating Ory Hydra right now. Currently our only authentication model is Magic Link. I am going to try and use Hydra with authentication going through the magic link in the users email. I have a plan of attack to implement this POC I am just wondering if anyone else has tried this before.