[core] Support magic links in SignInPage

[bharatkashyap]

• Closes [SignInPage] Add magic link support #3990

Docs preview: https://deploy-preview-4085--mui-toolpad-docs.netlify.app/toolpad/core/react-sign-in-page/#magic-link

[apedroferreira]

Cool, seems to work well, the demos look clean!
I wrote down some thoughts and ideas.

[apedroferreira]

Should there be a default success alert that would already show in this demo?

[bharatkashyap]

We have a separate demo on the Alerts just below this one, so I think this one is okay? If you think strongly that we should merge them, I can do that

[apedroferreira]

Not a huge deal, it's just that the first demo doesn't provide any feedback when you press the submit button so maybe that will feel a bit weird if it's the first thing a user tries.
But I just noticed that other demos in the same page work the same... maybe they could always show a standard browser alert or something (instead of a console log that most people will miss), but I guess that's something you can add at any time, doesn't need to block this PR.

[apedroferreira]

I guess they don't really "need" to but it's a way that users can do it, right? So maybe we can say they "can" add that code instead, as this is an example of how they can do it with Auth.js?

[apedroferreira]

Would a more specific name like successAlert or successMessage be better?

[bharatkashyap]

Perhaps, but that would mean we also rename the error prop in AuthResponse to errorMessage which – while better – would be a breaking change on the AuthResponse interface. What do you think?

[apedroferreira]

Got it, just a thought, I think error shouldn't be renamed so we can keep success if it's more consistent with that.

[apedroferreira]

I guess they don't provide types that we can use to type this error with the digest?

[bharatkashyap]

I agree that this is quite fragile, but I couldn't find any way to detect exclusively that the redirect is to verify-request using an Error type. I'll investigate a bit more

[apedroferreira]

Ok, no big deal if you can't find it, was just wondering.

[apedroferreira]

Not super clean that this is how "success" works (by catching an error) but if that's just how Auth.js does it I guess there's nothing we can do?
Ideally this code would be easier to follow.

[bharatkashyap]

This is how Next.js + Auth.js server compoents redirects work - throwing a NEXT_REDIRECT which we must catch, I'm basing this on vercel/next.js#49298 (comment)

[jakobmerrild]

@bharatkashyap I was looking for any open issues w.r.t. supporting one-time passwords when using the credentials provider and found your issue. However, looking at the code in this PR it doesn't seem to solve that part of the issue.
Do you have any plans to include support for one-time passwords in the credentials provider with this PR?

[bharatkashyap]

@bharatkashyap I was looking for any open issues w.r.t. supporting one-time passwords when using the credentials provider and found your issue. However, looking at the code in this PR it doesn't seem to solve that part of the issue. Do you have any plans to include support for one-time passwords in the credentials provider with this PR?

@jakobmerrild Not with this PR (I should edit the title of that issue) but the plan is to implement support for OTPs as an immediate follow up of this PR, including adding an example app. I'll create a separate issue: #4292

[jakobmerrild]

Sounds great!

[jakobmerrild]

Actually, looking at the new issue it sounds like you are planning to support one time codes sent to the user's email.

What I'm looking for is 2FA support via one-time passwords, basically an additional optional input field on the SignInPage.

[bharatkashyap]

Actually, looking at the new issue it sounds like you are planning to support one time codes sent to the user's email.

What I'm looking for is 2FA support via one-time passwords, basically an additional optional input field on the SignInPage.

Understood, that isn't part of the roadmap yet but feel free to open an issue/comment with your requirements on that issue!

[jakobmerrild]

Thanks for letting me know. I have opened an issue. In the mean time is there a way for me to create my own sign-in page and have it integrate with the Account component?

[bharatkashyap]

Thanks for letting me know. I have opened an issue. In the mean time is there a way for me to create my own sign-in page and have it integrate with the Account component?

Thanks for the detailed issue, I'll add it to the consideration for our future versions.

For the meantime, you could use the Account component separately like the demos in this page: https://mui.com/toolpad/core/react-account/ while building your own component for the sign in page.

[jakobmerrild]

Thanks! I managed to get it to work using your example and the basic page from authjs. Should then be able to just create a new custom page and pass it into the pages prop for the NextAuth I believe.
Though I am curious why your example uses the signIn and signOut functions from next-auth/react instead the ones exported from auth.ts.

[bharatkashyap]

Though I am curious why your example uses the signIn and signOut functions from next-auth/react instead the ones exported from auth.ts.

This is because SignInPage is a client component - see https://authjs.dev/getting-started/migrating-to-v5#details

[jakobmerrild]

Gotcha! Thanks for all the help and sorry for spamming your PR 🙈

[apedroferreira]

No major changes since last time I approved, right? Let me know if there's anything I should check more in specific.
LGTM, added some comments that sound worth doing before merging, but nothing blocking!

[apedroferreira]

I guess that none of those usual methods like toHaveBeenLastCalledWith works for these checks? Or would it? They're just more readable.

[apedroferreira]

Maybe try to use theme units if possible unless we really need the 12px specifically here?

[apedroferreira]

A .filter here would probably be cleaner, before using .map?

[apedroferreira]

You can also just create a single boolean variable for these provider id checks, might end up being useful for other situations later too.