Say you wanted to share sign in details with someone and the only way to sign in to a website or service was a magic email link (tied to an IP address) or a passkey (tied to the physical user).
How do you do it without the service implementing guest sign in as a feature? I’m asking as someone who has implemented auth.
iOS allows sharing passkeys via Airdrop, I believe, and presumably 1Password also allows storing them in shared vaults?
Regarding email, nothing prevents somebody wanting to share an account from just forwarding the magic link to the intended recipient without clicking on it, right?
Which would come from the person that’s trying to login, right?
I don’t think I understand the problem. Person A tries to log in; B receives a magic link, does not click it but forward it to A; A clicks it and gets logged in.
I’ve done this myself successfully, even with services pinning the link to A’s client IP (which is a bad idea anyway in an age of privacy proxies, CG-NATs, dynamic IPs etc.)
How do you do it without the service implementing guest sign in as a feature? I’m asking as someone who has implemented auth.