create a link in an email that bypasses login but still facilitates authentication
I have a rails 3 app that is currently using Devise for authentication. I would like to send an email to users from time to time that would contain a link. When they click the link they would...
- bypass the login page
- go directly to the page i'm directing them to
- and authenticate in the process
I tried several Google searches that would shed some light but came up empty. I am interested in the how to's, the risks and how to make it as secure as p开发者_开发知识库ossible.
Also, are there any other Tags that would be relevant to this question?
Thanks!
I think you're really looking for token authentication.
Take a look at this blog (deleted) which is linked to from the devise wiki here.
It's a bit of a weird example in that UI given is for a user to generate a login link for themselves. Still - it presents the correct approach to login-using-a-link.
Update: Token Authentication has been removed from Devise. This gist and this Stack Overflow post address the issue.
精彩评论