Is email verification guide legit for implementing magic link/one time code auth?

[brachkow]

I want to implement passwordless login to my app, like firebase magic link login but with one time codes.

I think this guide has needed information — https://lucia-auth.com/guides/email-and-password/email-verification-codes, but it puts heavy emphasis on being «verify user email for username + password login, in case user forgets his password».

I fear that it might possess some security flaws, that are not critical for verification but critical for account access.

Is email verification guide legit for implementing magic link/one time code auth?

P.S. I saw likewise thread here #257, but it was prior v3, and also has no clear answer

[Rykuno]

Im currently using token auth via email for my registration/login if you wanted to see how I've been doing it. https://github.com/Rykuno/TofuStack/tree/main/src/lib/server/api