Passwordless: clicking magic link on another device, how to detect valid login on original device? In my application I would like a user to login to my web SPA app on laptop, and have the ability for that SPA to sit and wait for the magic link to be clicked on any device/browser (not necessarily that machine or browser). When the magic link is clicked, I've overridden the

sendEmail

fn to redirect to

/auth/verify

on my API (not the frontend) so that a very basic (non-SPA) HTML page is served to conduct the

consumeCode

and validate the login, but of course the cookies end up on that device (eg. a phone browser). What is the best way to poll for the original login request on the original device and to then have the cookies for the authentication tokens sent to the original SPA, as if the consumeCode fn was called on the original browser? I'm thinking to use

consumeCodePOST

to mark my own DB with the user/preAuthSessionId as logged in, and have the original SPA poll my endpoint for validating that, but then how do I get supertokens to send the token data to the SPA in order that the user can become validated on that device? Many thanks for any advice.

hey @FlyingFox

hi

Thanks, I've just discovered this which might help: https://supertokens.com/docs/passwordless/migration/session-migration

also keep in mind that you'll end up with a separate active session on the device that clicked the link

It seems to work, my only question now is how can I extract the

preAuthSessionId

from the createCodePOST override so I can enter that in my DB against the submitted

email

?

@porcellus ?

Oh, I didn't see the notif, sorry

Thank you, most helpful. I'm looking at this now

happy to help 🙂 please let me know if it works out