Setting up magic link with payload auth

I am running into an issue with integrating

with payloads custom auth strategy. I was able to add the strategy and trigger the e-mail magic link flow.

To get it to work I have to configure the webpack server alias, set

on the collection and then create a custom

endpoint for the collection. Everything is flowing correctly

but whenever I try to either

or

with the required fields, I get the type error

other functions like

work as expected.

The goal at this point is based on the lookup to either

A. create a new user and have it set access token/cookie etc..

or B. login the user and set the access token/cookie etc...

Any insight into why this error could be happening?

Is this issue caused because I disabled the local strategy?

If so I can create and login users through the custom strategy

So looking at the DB it looks like the user

on

but the server still throws this error hmm

The issue self resolved for create but not login. Likely won’t work anyway because it also expects a password and that does not get generated with magic.

Based on this discussion, I’m not sure how likely / worth it is to continue down this path

Will probably abandon it for the built in Auth. I don’t want to have to manage creating the token, lifecycle, refreshing etc…

I want to ideally just layer magic on top of payloads Auth and only use payload for the portions that magic couldn’t do ie generating and managing tokens after I determine if it’s a valid login or sign up

Hmm I think I actually got it... I can login and see the admin...working but i'm nervous that it'll break down the line when I add other collections/access

For future reference, based on what I can tell/learned

If you’re going the set your own strategy route, specifically magic link. Some of the below is expended further in various docs, discord and GitHub threads.

1. Server code needs to be in its own file and aliased by webpack, not the package but the file itself.

2. On the collection that is being used to auth the admin panel, pass in the passport strategy as documented by payload

3. Set

4. Using the endpoints property on the collection you can create a custom route. For example you can recreate /login

5. On the UI pass in a custom component using before or after dashboard. This component should be the form to post login/sign up info to your route.

6. Order of operations are

- your strategy function is called. whatever is returned will be accessible by the endpoint route

- endpoint api route is called in req.user there is the data previously returned by the strategy.

7. In the endpoint api route you can access your payload instance to do look ups, create etc

- for example… for login, I do a lookup based on email… since it’s password less flow (magic link)

8. Then create the session yourself using a JWT. The shape of the cookie needs to be an object with the fields collection, e-mail and payload ID set as a httponly. The discussion I linked about has useful sudo code. You also have to set res.user to have the same object as the cookie.

9. The cookie name must be the same payload expects. The payload instance has the prefix ->

10. Visit admin and 🚀

Lastly remember to recreate logout, refresh, etc… for your cookie synced with your strategy provider

Setting up magic link with payload auth