Skip to content

Generate and Validate Magic Link Tokens

Create a JWT-based token generation and validation service for magic link authentication. Tokens are cryptographically secure, time-limited (15min default), and one-time use. Validation checks JWT signature, expiration, and database state before marking as used.

Note: - Use JWT with claims: email, expiration, issued-at - Database tracking table: token ID, email, timestamps, used/invalidated flags - Reference passport-magic-login pattern - Keep modular for future IAM migration