-
Notifications
You must be signed in to change notification settings - Fork 210
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Passwordless login support #121
Comments
I am composing an answer to your questions but until I can formulate it properly, would you like to elaborate on why you think it would fit in bell's scope? I know that's the question you asked but I would like to hear your opinion on it. |
Types of passwordless systems that I am aware of
I believe you may be talking about number 3 so let's concentrate on that for now. Thoughts
This is from the first sentence of our README and what is important is that we are a login plugin, but also specific to third parties. This is why I believe Bell never implemented a local strategy for your own username/password system like there is in Passport. Bell has been very focused on OAuth 1 & 2 but proposals like Active Directory login or SAML fit very easily as we're authenticating with a third party service in all these cases. But, with no. 3 it seems like we are not dealing with any third parties except potentially for sending the token across. Because of what I just described and because I don't see any standards describing how to make it secure I would say that it is not within the scope of Bell. Now, with that said maybe there is a way to generalize this or come up with an interesting API where Bell could do a little bit of work. Maybe it could be generalized with the act of refresh tokens in OAuth 2. Also interesting is to look at https://passwordless.net/ or other implementations like it (in any language). Maybe there is a way to generalize the concept with no 1. |
Closing this issue for now. If you have any comments to add please feel free to do so and I will reopen it. |
This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions. |
It seems that this project lacks support for a passwordless login scheme. T would be helpful to know if a passwordless login scheme is within the scope of this project, and whether any considerations have been made to support this feature in the near future.
The text was updated successfully, but these errors were encountered: