-
Notifications
You must be signed in to change notification settings - Fork 109
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Password-less Login #71
Conversation
This is next on my list! I hope to get to it within the next few days. 🎉 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@etruta Love it!
I'd like to upgrade this before release with a nonce or optimistic lock that allows these tokens to expire before the TTL. Right now my best idea is to add an accounts.last_login_at
field that is updated as expected, then compare it against a lock field in the token (just like with password resets). Thoughts? I'm happy to contribute that part.
Co-Authored-By: etruta <e.truta@gmail.com>
@cainlevy, What do you think about to update |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@cainlevy, What do you think about to update
accounts.last_login_at
inapi.NewSession
?
perfect 💯
@etruta I have a bit of extra time coming up. Let me know if I can be of any help? |
Hi @cainlevy, it's ok. I returned today with more time to this project too, until tomorrow I hope to solve this questions. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think ... I think that does it! Thanks for this contribution @etruta!
I'll start working on a demo integration and any bits of documentation needed to release this.
released in v1.5.0 🎉 |
Possibility to login from a link (token).
This has 2 methods:
GET /passwordless/token
: To request a passwordless token, that send the token to a webhook (responsible to send the email to account id);POST /passwordless/login
: To login with this token.The webhook url is setted by env APP_PASSWORDLESS_TOKEN_URL.
This token can be used until expired, your time to expire is setted by env PASSWORDLESS_TOKEN_TTL.