I’m building an app that is passwordless, and the user enters their First Name and Email Address to sign up. I don’t want the user to be able to create or use a password to login. Only the ‘Email a Magic Link’ option.
What I’ve tried and what’s not working:
The syntax for signup_with_email(email, password, [remember=False])`
and I used signup_with_email(email_textbox, ‘’, remember=True)
The error: “anvil.server.InternalError: Email/password authentication is not enabled.”
and then I tried “signup_with_email(email_textbox, remember=True)”
I’ve done similar before, and I used an adaptation of the custom login flow to generate and salt a random password as part of the sign up server call. The user will only ever do the magic link but it seems to effectively work around the issue you’re facing.
Thank you! I looked through the custom login documentation very closely. It seems be heavily designed around the use of a password.
I’m not sure where I would customize the app to accept other fields (or to not require a password to be created). Also I’m not sure if/how the ‘Email me a magic link’ login option will work with the custom login app?
Maybe it’s not possible to have a completely password-less app / users?
It sounds like you probably don’t need to use Anvil’s user authorization system, if you’re not actually interested validating users or using a password. Just pass an ‘email_address’ variable around between pages, which can be entered into a text_box, and used to pick out other column values from a ‘user_info’ table that you create.
Otherwise, you could manually create a UI that allows users to sign up for an account, collect whatever info you want from them (name and email address), and save those values to the Users table, along with a generic (unused) password that is the same for every user. Use bcrypt to hash your unused password string to match Anvil’s automated mechanism for storing passwords in the user table (or just create one user manually and copy that string). Also, if you don’t want users to be required to confirm their email, you can set the ‘enabled’ and ‘confirmed_email’ columns to True.
Then, create another UI to act as a login page, with a text box for the email and, for example:
If you want to validate with a user’s birthday, for example, instead of password, you can check the user column you’ve created to store the user’s birthday, to confirm it matches the value they’ve entered in a UI, for example:
if logged_in['email']!=self.date_picker_1.date:
anvil.users.logout()
…Or… if you still want to use Anvil’s auth system (I don’t really see why, if you’re not actually validating them), you could alternately skip all that and just require users to enter their email address as both their email address and password in the built-in authorization popups
This is set up with a front end form, which lets users sign up with just an email and a click yes to privacy. (Add whatever fields you like and handle them however you want).
It handles the rest of the login flow in the back end, creating a random NIST compliant password and all still using the users service, so the confirmation email is automatic.
Then, when a user logs in, they just enter their email and get sent a magic link, again straight from the users service, and when they click though from email the form takes them straight to the logged in page if their account is valid.
I chucked some very basic validation errors for the front end forms because I’m wired up all wrong and can’t stop myself.
By doing it this way, you kind of make it easier for yourself to add alternative login options later if you scale / needs change.
Thank you @socint ! This is exactly what I was trying to create. I’ve learned a few new tricks here. I really appreciate your help with this. I’m going to keep working on this and integrate the methods into my app.
Happy to help. I remember coming at this the first time halfway through a project so I made it into a reusable pattern. Hopefully it’ll open everything up for you.
