You're right, there's certainly security implications for magic links. Unfortunately for an auth that incorporates hardware keys, I can't think of how you would test behind that without some sort of workaround, but I may be overlooking something.
I generally have service accounts specific for testing with significant restrictions. Hardware keys present their own complications for non-human ops, so they don't really belong there.
More just seeking bounds of possibilities, thanks for your replies.
