Get Parameter from URL

I am trying to set up Magic Link through Xano and SendGrid. I’ve got everything working but I have to get one final piece of the puzzle set up. I need to be able to extract the magic token from the user’s URL, and then can exchange that for an auth token with Xano.

Here’s an example of what the URL looks like:;LJ43T9KaADFAS;A;-0A;KLSDFJC9ADEFNDSA;a0d9.aksfdASDJkA;SLDJKN32ASD.DZTCo1Tm2W3bBwbxOOoLWrtID11qj_fSUD0LcM-BlikKJ;A3NADFAAN44kDFNDSJNQKNKNnadsJEW443Kndasfl;khG47xc4._kafdsKASDFNkNDFKJkan;9834t7JAFDkd3KDk3KANnRnALPHs

Here’s the javascript code I have tried to get the token, but it’s not working:
const queryString =;
const urlParams = new URLSearchParams(queryString);
const token= urlParams.get(‘token’)
return token

I’d love some help! Thank you!


const urlParams = new URLSearchParams(;

You can just dump the whole url into the URLSearchParams constructor.


1 Like

You can also create a query variable that have the same name as the key you want to target in the URL. WeWeb will fill the value with the value from the URL.


Wow, that’s great! I’m so glad I know that now.

I was able to set up magic link with Xano and am happy to share my work if anyone else is looking to do the same.



I have this all figured out up through final step, once the user clicks on the link from their email and they end up on the website …

I can run the API request, and it all works.

The api is responding with a token, what do I do with that response token? how do you get the user logged in on WeWeb side?

Thank you.

Hey @kevinwasie , happy to help!

Can you say a bit more about the api response with the token? Is it coming through in the URL or as the result of an api call? And are you using Xano as your backend?

  1. I’m using the Xano Auth Plugin in WeWeb.
  2. After running the function to check the magic_link, Xano responds with the auth_token

So, I have the auth_token, now I don’t know how to make it so the user is authenticated in WeWeb.

In the WeWeb xano auth plugin, when someone is logged in, it shows:

Screen Shot 2022-06-08 at 10.57.29 AM

I don’t know how to do that part.

Oh, I see. I didn’t use the Xano Auth Plugin when I created Magic Link - the plugin didn’t exist yet when I did it.

So I used the /auth/magic-link Xano endpoint to exchange the token for login.

1 Like

What happens in the step after that one? that’s what i’m looking for.

Thanks. Is there anything after that? I think there needs to be something to populate the WeWeb auth variables. Thats what I’m trying to figure out.

This is what the rest of my workflow looks like:

Did you manage @kevinwasie?

I’ve been working on a tutorial to explain the forgot password flow in full.

Hoping to publish it next week! I’ll let you know when it’s done :slight_smile:

@Joyce I don’t think so …

@kyanaloe in the login action, are you getting the username and password from the previous Get Me action and then inputting them into the login action?

@Joyce is there another way to do it? I think that way is exposing a plain text password through the endpoint and could be a security issue.

Yes, that is how I do it. If that’s not a secure way, I’d love to learn a better way @Joyce !

Hi guys :wave:

Here’s the tutorial on how to create a forgot password flow with the Xano Auth plugin.

Let me know what you think! Feel free to critique. I would love to improve it where needed.

Re the question about exposing a plain text password through the endpoint when the user updates it, the password and confirm_password variables are protected by SSL when you send them to Xano, where they will be compared to make sure they are identical, then hashed and stored securely.

Does that make sense?

1 Like

Thank you, @Joyce

The tutorial is great … I’m still trying to figure out how to actually get the user logged in on WeWeb though.

In “Action 1: Login with the magic link” in the tutorial, this Xano endpoint responds with an auth_token.

WeWeb gets back this auth_token, but nothing happens. My user variable still is null, and accessToken, isAuthenticated, User is not populated.

Screen Shot 2022-06-13 at 8.24.08 PM

In the tutorial, after this action, you are using the accessToken. Somehow that got populated for you, but it does not for me.

How do I get the user logged in in WeWeb?

I hope that makes sense what I am asking.

From what I can figure out, I think there needs to be another step that takes that auth_token and logs the user in…

This could (partially) be done using JS by setting the access_token of the Xano Auth Plugin, and then using a Fetch User action. However, this does not set the cookie: window.vm.config.globalProperties.$cookie.setCookie(ACCESS_COOKIE_NAME, accessToken);

EDIT: It looks like you can just set the cookie value in JS, so thats what I’ve done to populate the user.

@Joyce I’m still wondering if there is a better process though, or if there should be a Xano plugin action like “Populate User with Auth Token”

1 Like

Hi Kevin!

The logic is:
Action 1: login with the magic link (so user should be logged in then)
Action 2: because the user is logged in, they can update their password

Ah ok, something I didn’t mention in the tutorial (will add it!) is that you’ll need to test Action 1 before moving on to Action 2 to get the accessToken and populate the User.

Did you try that?

Not sure if I answered your question here :confused:

If not, could you record a short video to walk me through what you’re trying to do? Maybe I’m missing the point altogether! :sweat_smile:


I think I know what the error is … in Action 2 (Update the Password), for the Authorization header value, are you using the auth_token supplied from Action 1(Login with magic link)?

If so, thats the breakdown and what is not clear in the tutorial… The Xano Plugin Update Password Component in WeWeb is set up to pull the Authorization value from the Xano Auth Plugin accessToken variable. But, this variable is null when it is called. See image below.

Screen Shot 2022-06-13 at 8.24.08 PM

So, the user needs to update the Authorization value in Action 2 if they are following along with your tutorial or it will not work because accessToken is null when it is called.

OR, if they do want to have the user logged in, then they will need to update the isAuthenticated, accessToken, user variables and cookie manually like I mentioned above.

If I have followed along correctly with the tutorial, after the user completes the update password step, the user is still going to need to login again on the login screen to access their private data .

Maybe this is a reason that the auth plugin should have a function like Fetch User that takes an auth_token as an input.

No, I am using the accessToken from the user tab which is not null if Action 1 went through ok.

Action 1 is login with magic link which literally logs in the user so the user should be authenticated and you should have access to their accessToken in the user tab.

I’ll record a video to make things a little clearer because the text-based tutorial is a beast and hard to follow! :sweat_smile: