Auth mobile&web

[MarcosMoreu]

I think it is confusing the way it is. A few points:

• We agree that mobile needs phone-based auth (for users who don't have email)
• We agree that web needs to have email-based auth
• We know that most platforms that have a mobile & web app allow to authenticate with both phone & email, BUT it needs to be only one.
• On the other hand, WhatsApp, which has both a web & mobile app is phone-based authentication only.

Question is "Do we want phone-based auth ONLY for mobile?" If not, then best solution is: "Enter phone or email" in both web & mobile? I know this requires changes in Kapta Mobile and we do not need to do it now.

So, FOR NOW, I think the best solution is:

• Kapta-mobile: phone-based auth only
• Kapta-web: email-based auth and phone as optional (but without verification code). Once authenticated and logged in (with email), then we can give the option to verify the phone number in case they are kapta mobile users. I don't see this as a priority feature though.

Agree?

[acholyn]

Yep, makes sense. I've made web email only for verification at present just due to some difficulties with sending the verification to both email and phone numbers; AWS puts greater emphasis on the phone number but as we've seen, this can be problematic.
https://github.com/UCL/kapta-infrastructure/pull/14