Allow Magic Link sign in to register new user (#9007)

Adds a configuration property to the provider config that will have the
sign-in flow act as a sign-up flow if set to true.

Author: scotttrinh

edb/buildmeta.py

@@ -57,7 +57,7 @@
 # The merge conflict there is a nice reminder that you probably need
 # to write a patch in edb/pgsql/patches.py, and then you should preserve
 # the old value.
-EDGEDB_CATALOG_VERSION = 2025_08_20_00_00
+EDGEDB_CATALOG_VERSION = 2025_09_09_00_00
 EDGEDB_MAJOR_VERSION = 8
 
 

edb/lib/ext/auth.edgeql

@@ -378,6 +378,10 @@ CREATE EXTENSION PACKAGE auth VERSION '1.0' {
         create required property verification_method: ext::auth::VerificationMethod {
             set default := ext::auth::VerificationMethod.Link;
         };
+
+        create required property auto_signup: std::bool {
+            set default := false;
+        };
     };
 
     create scalar type ext::auth::FlowType extending std::enum<PKCE, Implicit>;

edb/server/protocol/auth_ext/config.py

@@ -104,6 +104,7 @@ class MagicLinkProviderConfig(ProviderConfig):
     name: Literal["builtin::local_magic_link"]
     token_time_to_live: statypes.Duration
     verification_method: VerificationMethod
+    auto_signup: bool
 
 
 @dataclass

edb/server/protocol/auth_ext/http.py

@@ -1464,6 +1464,7 @@ async def handle_magic_link_email(
     ) -> None:
         data = self._get_data_from_request(request)
         email: str | None = None
+        return_data: dict[str, Any] = {}
 
         try:
             _check_keyset(data, {"email"})
@@ -1483,22 +1484,45 @@ async def handle_magic_link_email(
             email_factor = await magic_link_client.get_email_factor_by_email(
                 email
             )
+            is_signup = False
             if email_factor is None:
-                logger.error(
-                    f"Cannot send magic link email: no email factor found for "
-                    f"email={email}"
-                )
-                await auth_emails.send_fake_email(self.tenant)
-                if magic_link_client.provider.verification_method == "Code":
-                    return_data = {
-                        "code": "true",
-                        "email": email,
-                    }
+                if magic_link_client.provider.auto_signup:
+                    # Auto-signup is enabled, create a new user
+                    is_signup = True
+                    email_factor = await magic_link_client.register(
+                        email=email,
+                    )
+                    await self._maybe_send_webhook(
+                        webhook.IdentityCreated(
+                            event_id=str(uuid.uuid4()),
+                            timestamp=datetime.datetime.now(datetime.timezone.utc),
+                            identity_id=email_factor.identity.id,
+                        )
+                    )
+                    await self._maybe_send_webhook(
+                        webhook.EmailFactorCreated(
+                            event_id=str(uuid.uuid4()),
+                            timestamp=datetime.datetime.now(datetime.timezone.utc),
+                            identity_id=email_factor.identity.id,
+                            email_factor_id=email_factor.id,
+                        )
+                    )
                 else:
-                    return_data = {
-                        "email_sent": email,
-                    }
-            else:
+                    logger.error(
+                        "Cannot send magic link email: no email factor found "
+                        f"for email={email}"
+                    )
+                    await auth_emails.send_fake_email(self.tenant)
+                    if magic_link_client.provider.verification_method == "Code":
+                        return_data = {
+                            "code": "true",
+                            "email": email,
+                        }
+                    else:
+                        return_data = {
+                            "email_sent": email,
+                        }
+            if email_factor is not None:
                 identity_id = email_factor.identity.id
                 if magic_link_client.provider.verification_method == "Code":
                     code, otc_id = await otc.create(
@@ -1530,6 +1554,8 @@ async def handle_magic_link_email(
                         "code": "true",
                         "email": email,
                     }
+                    if is_signup:
+                        return_data["signup"] = "true"
                 else:
                     _check_keyset(
                         data,
@@ -1587,6 +1613,8 @@ async def handle_magic_link_email(
                     return_data = {
                         "email_sent": email,
                     }
+                    if is_signup:
+                        return_data["signup"] = "true"
 
             if allowed_redirect_to:
                 return self._do_redirect(

edb/server/protocol/auth_ext/magic_link.py

@@ -63,6 +63,7 @@ def _get_provider(self) -> config.MagicLinkProviderConfig:
                     name=cfg.name,
                     token_time_to_live=cfg.token_time_to_live,
                     verification_method=cfg.verification_method,
+                    auto_signup=cfg.auto_signup,
                 )
 
         raise errors.MissingConfiguration(