the link, token is verified, and then the user is logged in. ◍ User submits an email, clicks login. It sends a POST request to the server. ◍ A token is generated, and then a security code is sent together with a link to the users inbox. ◍ User clicks on the verify link. The token is verified on the server and sets a cookie on server and client.