Back
Prevent Magic Link from Creating New Users
Hey everyone, Am I missing something, or is there no way to generate a magic link only if an account already exists for the given email? From what I can see, "account.createMagicURLToken" always accepts the email and creates a new user if none exists. In practice -especially for applications subject to GDPR- a user should agree to the terms before registering. But there’s no way to determine whether I need to show the terms or not. I considered implementing a server function to check if the email exists, but that would mean exposing an endpoint that checks sensitive data (email addresses) without authentication, which seems problematic. Has anyone found a good solution for this? Thanks!
TL;DR
Preventing Magic Link from creating new users when using "account.createMagicURLToken" can be a challenge for developers. To avoid creating new users for existing emails, one workaround is to implement a server function to check if the email already exists before generating the magic link. However, this approach could pose security risks as it involves exposing sensitive data without authentication. Developers are still looking for better solutions to address this issue while ensuring compliance with GDPR.