🚀 Feature: SMS login (and Magic link) is not consitent with Email login

[Megamannen]

🔖 Feature description

Right now Create Email Session is the odd duck. Since it doesn't create the user if it doesn't exist.

I'm mainly focusing on the Create Phone session

Possible solution is to accept a "null" userID which can mean "existing user only"

🎤 Pitch

I don't want user registration, but I want to allow signing in with phone or magic link.
Right now that is not possible since the API will create the user if the phone/email doesn't exist.

Probably a fairly common use case?

👀 Have you spent some time to check if this issue has been raised before?

• I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?

• I have read the Code of Conduct

[stnguyen90]

@Megamannen, thanks for raising this issue! 🙏🏼 I would suggest setting the Users Limit to 1:

This should prevent new accounts from being created. Then, you can use a server SDK and API Key to create users (which bypasses this limit).

Does that solve your use case?

[Megamannen]

No, since I don't have any way of knowing the ID/UserId, or am I missing something? Feels the current function can only be used for registration and not login

[ItzNotABug]

What the OP means is that createEmailSession doesn't create a new user if one doesn't exist with the provided email address. The OP needs the same behaviour for Phone and Magic-Url Sessions i.e. don't create a new user if the user does not exist in Auth database.

Something like: account. account.createMagicURLSession('[USER_ID]', '[email protected]', false); where false means Don't create an account/register if this user doesn't exist.

[Megamannen]

You are correct in my need. But also remember that it's impossible to provide the matching [USER_ID] when logging in
so account.createMagicURLSession(null, '[email protected]') and account.createPhoneSession(null, '+3800000000') also works :P

[stnguyen90]

@Megamannen, if you set the user limit to some low number and someone calls createMagicURLSession() or createPhoneSession(), but their account (match on email or phone respectively) doesn't exist, they will get an error.

createMagicURLSession() code:

appwrite/app/controllers/api/account.php

Line 920 in 891099c

throw new Exception(Exception::USER_COUNT_EXCEEDED);

createPhoneSession() code:

appwrite/app/controllers/api/account.php

Line 1258 in 891099c

throw new Exception(Exception::USER_COUNT_EXCEEDED);

it's impossible to provide the matching [USER_ID]

You don't need to provide a matching user id when just logging in. that user id parameter is only used during account creation. Otherwise, it's ignored.

[Megamannen]

You don't need to provide a matching user id when just logging in. that user id parameter is only used during account creation. Otherwise, it's ignored.

In that case it will work in my use case, thank you!