Email & OTP

Both require an adapter for verification tokens.

Magic link (email provider)

import "github.com/izetmolla/goauth/providers/email"

email.New(email.Options{
    SendVerificationRequest: func(ctx context.Context, p goauth.SendVerificationRequestParams) error {
        return mailer.Send(p.Identifier, "Sign in", p.URL)
    },
})

1. POST /auth/signin/email with email=…
2. User clicks link → GET /auth/callback/email?token=…&email=…

One-time code (OTP provider)

import "github.com/izetmolla/goauth/providers/otp"

otp.New(otp.Options{
    CodeLength: 6,
    MaxAge:     10 * time.Minute,
    SendCode: func(ctx context.Context, p goauth.SendVerificationRequestParams) error {
        return sms.Send(p.Identifier, "Code: "+p.Token)
    },
})

1. POST /auth/signin/otp with email=…
2. POST /auth/callback/otp with email=…&code=123456 (also accepts otp or token field names)

Token flow

Add X-Auth-Flow: token on the callback POST to receive JSON tokens instead of a redirect.