Tired of passwords? So are your users. Passwordless authentication boosts security and UX by eliminating password fatigue. Let’s build a passwordless login flow with MojoAuth faster than it takes to brew coffee ☕.
Why Go Passwordless?
- 🔒 No more password leaks or phishing risks
- 📲 Users log in via magic links (email/SMS)
- âš¡ Faster implementation than traditional auth
What We’ll Build
A Node.js app that:
- Sends magic links via email
- Authenticates users with a single click
- Secures sessions with JWT
Prerequisites
- Node.js installed
- Free MojoAuth Account
- Basic Express.js knowledge
Step 1: Set Up MojoAuth
- Create a Project in your MojoAuth dashboard.
- Grab your API Key and Publishable Key (we’ll use these later).
- Configure Allowed Redirect URLs (e.g.,
http://localhost:3000/callback
).
Step 2: Install MojoAuth SDK
npm install mojoauth-sdk
Step 3: Backend Setup (Express.js)
Create server.js
:
const express = require('express');
const MojoAuth = require("mojoauth-sdk");
const app = express();
app.use(express.json());
// Initialize MojoAuth
const mojoAuth = MojoAuth("[YOUR_API_KEY]");
// Login endpoint
app.post('/login', async (req, res) => {
const { email } = req.body;
try {
const response = await mojoAuth.magicLink.send(email);
res.json({ message: "Magic link sent! Check your email." });
} catch (error) {
res.status(500).json({ error: "Auth failed" });
}
});
// Callback endpoint (handles magic link verification)
app.get('/callback', async (req, res) => {
const { token } = req.query;
try {
const user = await mojoAuth.magicLink.verify(token);
// Create JWT session or redirect to dashboard
res.json({ success: true, user });
} catch (error) {
res.redirect('/login?error=auth_failed');
}
});
app.listen(3000, () => console.log('Server running on port 3000'));
Step 4: Frontend Form (HTML/JS)
Create index.html
:
<!DOCTYPE html>
<html>
<body>
<h1>Login with Magic Link ✨</h1>
<form id="loginForm">
<input type="email" id="email" placeholder="Enter your email" required>
<button type="submit">Send Magic Link</button>
</form>
<script>
document.getElementById('loginForm').addEventListener('submit', async (e) => {
e.preventDefault();
const email = document.getElementById('email').value;
// Call backend login endpoint
const response = await fetch('/login', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ email })
});
alert('Magic link sent! Check your inbox.');
});
</script>
</body>
</html>
Step 5: Test It!
- Run
node server.js
- Open
http://localhost:3000
- Enter your email → check inbox → click magic link → Boom! 🔥 Authenticated.
How It Works
- User enters email → MojoAuth sends magic link.
- Clicking the link hits
/callback
with a verification token. - MojoAuth SDK verifies the token → returns user data.
- You create a session (e.g., JWT cookies) or redirect.
Why MojoAuth?
- ✅ Pre-built UI components (save 20+ hours)
- ✅ Brute-force protection & rate limiting
- ✅ SOC2-compliant infrastructure
- ✅ Customizable templates (brand your emails)
Troubleshooting Tips
- Magic link not arriving? Check spam folder or MojoAuth's email logs.
- Invalid redirect URL? Ensure it matches your MojoAuth dashboard settings.
-
CORS issues? Use
cors
middleware in Express.
Next Steps
- Add SMS authentication (MojoAuth supports it!).
- Implement user sessions with JWTs.
- Check the MojoAuth Docs for advanced features.
👨💻 Your Turn!
Clone the full code example on GitHub and customize it.
Got questions? Drop them below – let’s chat about auth!
Top comments (0)