Password-based authentication and ‘Login with Wallet’ can create security vulnerabilities and user friction. Magic links are an easy and fast way to create a secure authentication process for your users. Instead of users needing to sign data with a blockchain wallet, passwordless authentication with magic links for Passport.js improves the safety of users. Your users will have already proven they own the wallet address in Mailchain and can therefore take advantage of Mailchain’s account abstraction.
Key features include:
At the end of this tutorial, you will have built an Express JS app that sends a passwordless magic link from the Stytch auth platform to the user's wallet address using Mailchain's SDK and protocol.
Stytch supports multiple authentication methods, including the so-called magic link. Magic links work by generating and sending a link with an unique authentication token to an address.
The recipient can prove they own the address by clicking on the link within the message. The link contains an unique and single use authentication token, When a user clicks the Magic Link, the application's authentication service processes and validates the authentication token and creates a user session. For more details and visual representation of the flow, check out Stytch's Email Magic Link overview.
To send messages via Mailchain you need to use Stytch's Embeddable Magic Link. This lets you send magic links via a custom channel.
Since Mailchain requires any registered wallet address to have sign a proof to verify ownership. Applications can build upon that proof, and Mailchain's built-in sender and recipient verification to reliably prove address ownership.
You can find the full step-by-step tutorial here: https://docs.mailchain.com/developer/tutorials/integrations/stytch-magic-link/