First thing First I am a Realist.

So, only few people come visit the wiki page. But this mainly developer and django-users who want to understand how this really works.

You are always welcome to work on to push your changes to this project. For, more detail go through CONTRIBUTING.md

• You either need CRSF token(Desktop), Mobile ID(iOS and Android) Some UUID
• You receive a mail to your, hope that time they have their account accessed through their devices.

This process is either web application or mobile app. But, you can write a hack around it. Which we wouldn't include(as of now).

• When you enter your email address and click on "Sign Magic Link"
• Django Magic Link generates a random code and stores it in some database, together with a time stamp and your user as Foreign Key say user x.
• If someone shows you this code, until this time, accept it as a login credential for user x.
• Django Magic Link generates a link that includes the random code in the URL and sends it to user x as email.
• The person, mainly user x clicks the link. Which opens a web browser, which logs in the user in the web application.

• When user click link in the mail. It redirects to web browsers. User can click Login using App which redirects user to the application.( Where, the random code is passed as application launch parameter).
• In the mobile application you have to parse the launch parameter and present it to the server API.
• Django Magic Link looks up the database, finds the random code, validates that not too much time has passed and tells the mobile app: "Yep, that's user X" – in reality exchange the random code for session token is exchanged.

The random code once used is mark as used, so that you cannot use it twice, preventing others to login later.