I’ve written before about what I consider to be best practices for magic links from a UX perspective. Recently, I got a chance to apply those principles to using magic links with AWS Cognito.
Cognito by is heavily focussed on username and password based login by default. Alongside that it offers ways to do 2-factor authentication and OAuth login, but no direct way of using magic links instead of passwords.
That begs the question: is there a way to work around that? Can we make that workaround simple enough to still retain all the advantages of using Cognito in the first place?
The ingredients
The key in the solution lies in the multi-factor login support Cognito has. This system is built in a flexible manner to not only allow it for use as a second factor, but also as a replacement for a password.
The second important piece of the puzzle is that user accounts in Cognito have attributes. There’s a set of default attributes (email, name, phone, etc.), but you can also add your own custom attributes, and configure those to be editable by the user or only by the admin.
The solution
The combination of those properties of Cognito makes it relatively easy to implement easy to use magic links.
