Problem Statement
Users suffer from password fatigue, leading to forgotten passwords and friction during the login process.
Technical Approach
Create new /api/auth/magic-link/request and /api/auth/magic-link/verify endpoints. Store a highly secure, short-lived (e.g., 15m) token in Redis and email it as a clickable link.
Acceptance Criteria
- Users can authenticate purely via email.
- Magic links are single-use and expire after 15 minutes.
- Rate limiting is strictly enforced on the request endpoint.
Problem Statement
Users suffer from password fatigue, leading to forgotten passwords and friction during the login process.
Technical Approach
Create new
/api/auth/magic-link/requestand/api/auth/magic-link/verifyendpoints. Store a highly secure, short-lived (e.g., 15m) token in Redis and email it as a clickable link.Acceptance Criteria