CollabPortals

Portal User Authentication

How portal user authentication works in CollabPortals, including the email verification flow and session management.

Overview

Portal users authenticate via email verification, no passwords, no accounts. This keeps the login process simple for end users while ensuring only authorized people can access your portal.

Authentication Flow

  1. 1

    User enters their email

    On the portal login page, the user enters their email address. This email must match a record in the portal's user table.

  2. 2

    CollabPortals validates the email

    CollabPortals checks the user table for a matching email. If no match is found, the user sees an error and cannot proceed.

  3. 3

    Verification code is sent

    A 6-digit code is sent to the user's email address. The code is valid for a limited time.

  4. 4

    User enters the code

    The user enters the code on the verification screen. If correct, they're authenticated.

  5. 5

    Session is created

    CollabPortals creates a JWT session token. The user is now logged in and can access the portal.

Why No Passwords?

The email + code approach has several advantages:

  • No password management - Users don't need to remember or store passwords
  • No registration - Users don't need to create an account
  • Reduced friction - Login is fast and familiar (similar to "magic links")
  • Email-based identity - The email field in Airtable is the single source of truth

Session Management

After authentication, CollabPortals issues a JWT (JSON Web Token) that stores the user's identity:

  • Duration - Sessions last for the configured period
  • Automatic - The token is stored in the browser and sent with each request
  • Stateless - No server-side session storage needed

When a session expires, the user is redirected to the login page to re-authenticate.

Sessions are per-portal. If a user accesses multiple portals, they authenticate separately for each one.

How User Identity Works

When a portal user is authenticated, CollabPortals knows:

  1. Who they are - Their email and user table record
  2. What role they have - If roles are configured, the role field determines permissions
  3. What data they see - Records linked to their user record

This identity is used for:

  • Filtering records to show only data linked to the user
  • Applying the correct role-based permissions
  • Auto-linking new records to the user when creating

Email Field Requirements

The email field in your user table must:

  • Contain valid email addresses
  • Have unique values (no duplicate emails)
  • Use the Airtable email or singleLineText field type

If two records in the user table have the same email, authentication may not work correctly. Ensure each email appears only once in the user table.

Security Considerations

  • Verification codes expire after a short time window
  • Failed code attempts are rate-limited
  • Sessions use signed JWTs that cannot be tampered with
  • All communication happens over HTTPS

Next Steps

Previous
Linked Record Filtering
Next
Viewing Records