Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Login with Code sent to Phone Number/Email #5034

Closed
promisenxu opened this issue Sep 7, 2018 · 4 comments
Closed

Login with Code sent to Phone Number/Email #5034

promisenxu opened this issue Sep 7, 2018 · 4 comments

Comments

@promisenxu
Copy link
Contributor

Is your feature request related to a problem? Please describe.
In our app, we allow users to sign up with their phone number. As of now, to login with phone number, one needs to provide their password. We want to allow users to login with a verification code sent to their phone.

Describe the solution you'd like
It seems to me the best approach is to implement an auth provider that handles the verification process. We would also need to update the authData field for all existing users with a phone number so that they can login.

Describe alternatives you've considered
Is there a way to implement this feature without any new code/auth provider? I read through the documentation for Session and User and it doesn't seem possible to me.
@georgesjamous
Copy link
Contributor

georgesjamous commented Sep 7, 2018
edited
Loading

@promisenxu

Is there a way to implement this feature without any new code/auth provider?

Actually you can.
If the process you are looking for is:
1- user enters phone/email
2- user waits for sms/email
3- user enters passcode got from sms/email
You can create a cloud code function to do this process and edit the password to match the code sent via sms/email.
Then you can treat the number/email as Usernames, and code as a password.

Edit:
But of course, this is a general explannation. You also have to make sure the pin is strong enough to be considered a password, and make sure to change it after the user loggs in.
You can even generate the pin and password save it to another class (pin - password) and use cloud code to match the pin, grab the password then login the user and delete it.
I guess you could also perform the whole login operation in cloud, return the session token, then become the user in the device.

hope this helps

@promisenxu
Copy link
Contributor Author

@georgesjamous Thanks for the reply! Your proposed solution would definitely work for many situations. However, in our situation, users can also choose to login with username and password directly. This would prevent us from changing the password on the fly.

@flovilmart
Copy link
Contributor

So a custom Auth adapter is a valid solution in this case. Coupled with a cloud functions. As there is no need to make any change inside the server and the details are specific to your implementation, I’ll be closing this issue

@Eolykab
Copy link

Eolykab commented Oct 22, 2019

This is what I also require. Any example of the custom Auth adapter @flovilmart ? @promisenxu How did you solve this?

@snyk-bot snyk-bot mentioned this issue May 6, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@flovilmart @promisenxu @Eolykab @georgesjamous