npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

passport-magic-link

v3.0.0

Published

Passport JS module for Magic Link authentication

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

vinialbanovinialbano

Keywords

passportmagiclinkpasswordlessencryptiontimestamptwofactorauthentication2FA

Readme

passport-magic-link

Magic Link authentication for Passport JS

Build Status Coverage Status

Installation

npm install passport-magic-link

Usage

This package supports both CommonJS and ES Modules, and includes TypeScript definitions.

Configure Strategy

The MagicLinkStrategy constructor receives three parameters:

  • options: A javascript object containing some configuration:
    • secret Mandatory string, used to sign tokens
    • userFields: An array of mandatory field names from the request query or body that are going to be used to create or retrieve the user.
    • tokenField: The name of the field which contains the token in the request query or body.
    • ttl: Optional integer, defaults to 10 minutes (in seconds). It's used to set the token expiration
    • passReqToCallbacks: Optional boolean, defaults to false. If true, the request is passed to the sendToken and verifyUser functions.
    • verifyUserAfterToken: Optional boolean, defaults to false. If true, the request data is passed to the token and the user is verified after the token confirmation.
    • storage: Optional token storage instance. Defaults to MemoryStorage.
  • sendToken: A function that is used to deliver the token to the user. You may use an email service, SMS or whatever method you want. It receives the user object, the token and optionally the request. It returns a promise indicating whether the token has been sent or not.
  • verifyUser: A function that receives the request and returns a promise containing the user object. It may be used to insert and/or find the user in the database. It may be executed before the token creation or after the token confirmation.

Examples

CommonJS:

const { Strategy } = require('passport-magic-link')

passport.use(new Strategy({
   secret: 'my-secret',
   userFields: ['name', 'email'],
   tokenField: 'token'
}, (user, token) => {
   return MailService.sendMail({
    to: user.email,
    token
   })
}, (user) => {
  return User.findOrCreate({email: user.email, name: user.name})
}))

ES Modules:

import { Strategy } from 'passport-magic-link'

passport.use(new Strategy({
   secret: 'my-secret',
   userFields: ['name', 'email'],
   tokenField: 'token'
}, (user, token) => {
   return MailService.sendMail({
    to: user.email,
    token
   })
}, (user) => {
  return User.findOrCreate({email: user.email, name: user.name})
}))

TypeScript:

import { Strategy, MagicLinkStrategyOptions } from 'passport-magic-link'
import type { SendTokenFunction, VerifyUserFunction } from 'passport-magic-link'

const options: MagicLinkStrategyOptions = {
   secret: 'my-secret',
   userFields: ['name', 'email'],
   tokenField: 'token'
}

const sendToken: SendTokenFunction = async (user, token) => {
   return MailService.sendMail({
    to: user.email,
    token
   })
}

const verifyUser: VerifyUserFunction = async (user) => {
  return User.findOrCreate({email: user.email, name: user.name})
}

passport.use(new Strategy(options, sendToken, verifyUser))

Authenticate Requests

Use passport.authenticate(), specifying the 'magiclink' strategy for two actions:

request token

In this situation the passport authenticate middleware will send a token produced by the user information, which is returned by the verifyUser function. The delivery system is not provided by default and must be placed in the sendToken function.

app.post('/auth/magiclink',
    passport.authenticate('magiclink', { action : 'requestToken' }),
    (req, res) => res.redirect('/check-your-inbox')
)

accept token

In this situation (the default) the passport authenticate middleware will check for a token. The token value is returned by the verifyToken function.

app.get('/auth/magiclink/callback',
  passport.authenticate('magiclink', { action : 'acceptToken' }),
  (req, res) => res.redirect('/profile')
)

The options field can also receive some optional properties:

  • allowReuse: A boolean indicating whether a token can be used more than once. Defaults to false.
  • userPrimaryKey: A string containing the primary key of the user object. This is only used if the token cannot be reused. Defaults to email.
  • tokenAlreadyUsedMessage: A string containing the error message if the token has already been used. Defaults to Token was already used.
app.get('/auth/magiclink/callback',
  passport.authenticate('magiclink', {
    action : 'acceptToken',
    userPrimaryKey: 'id'
   }),
  (req, res) => res.redirect('/profile')
)

TypeScript Support

This package includes comprehensive TypeScript definitions. Key types include:

  • MagicLinkStrategyOptions: Configuration options for the strategy
  • SendTokenFunction / SendTokenFunctionWithRequest: Function signatures for token delivery
  • VerifyUserFunction / VerifyUserFunctionWithRequest: Function signatures for user verification
  • StorageInterface: Interface for custom token storage implementations
  • MagicLinkUser: User object structure
  • MagicLinkPayload: JWT payload structure

Custom Storage Implementation

import { StorageInterface } from 'passport-magic-link'

class RedisStorage implements StorageInterface {
  async set(key: string, value: any): Promise<void> {
    // Redis implementation
  }
  
  async get(key: string): Promise<any> {
    // Redis implementation
  }
  
  async delete(key: string): Promise<boolean> {
    // Redis implementation
  }
}

const strategy = new Strategy({
  secret: 'my-secret',
  userFields: ['email'],
  tokenField: 'token',
  storage: new RedisStorage()
}, sendToken, verifyUser)

Module Formats

This package supports multiple import methods:

// CommonJS
const { Strategy, MemoryStorage, lookup } = require('passport-magic-link')

// ES Modules
import { Strategy, MemoryStorage, lookup } from 'passport-magic-link'

// TypeScript
import { Strategy, MemoryStorage, lookup } from 'passport-magic-link'
import type { MagicLinkStrategyOptions } from 'passport-magic-link'

Acknowledgements

This module is forked and modified from Nick Balestra's Passport Zero