[Done] Passwordless sign-in #11515
Replies: 5 comments 17 replies
-
I like this idea but I'm not sure if it needs to be in the core. I believe the first question is: does it need to be in the core? If yes, the second question is: why? As explained here
I believe in this case maybe we don't need any new hook at all but if we do, that is the way to go. So my suggestion is to study more the possible new hooks, propose then here and when we decide the new hooks that are necessary we could go forward with a PR and also a package using these hooks to implement the desired feature. And to wrap up we would write a section in the guide explaining how to use it 😉 |
Beta Was this translation helpful? Give feedback.
-
@mgrivera - my use case is for users who rather than using email/password, simply want to be emailed a token and that token (either by URL or by entering a code) can login. Similar to what happens when you verify your email in the current meteor workflow. I believe it should be a separate feature built into the accounts core package. It would be possible to hack something together, but the thing about Meteor which attracts a lot of beginners is that user authentication is handled by core and can be trusted. If we're hacking something together not sure it can be relied on for long term. Accounts-Password is part of core, this would be an update to that. 95% of the workflow already exists with the process to validate a users new email. Just need to modify that and have it as something developers can toggle. I find password less access appealing because it's one less password to worry about. I have strong security on my email, I trust that. Bonus moves:
|
Beta Was this translation helpful? Give feedback.
-
Hello, everyone. You can log in passing a 6 length code, that is generated randomly and has an expiration of X hours(1 by default), to the method called: Meteor.loginWithToken(token, (err) => {
if (err) {
// handle error
} else {
// successful login!
}
}); You can request a token for a user, which can be an existing, or non-existing user by using: Accounts.requestLoginTokenForUser(selector, user); The selector is a mongo selector. A default user is an object that will be used to it if it not exists, so it's an object. Ex: { phone: 55555 }, { username: 33333}, {email: test@test.com}. If no user is found, a new one is created using the "user" object. By default, account-passwordless will send an email if an email is set for the user, pre-configured with the following:
which in turn can be customized with the following: Accounts.emailTemplates.sendLoginToken = {
subject(user) {
return "Your login token on YourWebsite";
},
text(user, token, url) {
return `Hello!
Type the following token in our login webpage to be logged in:
${token}
If you want, you can click the following link to be automatically logged in:
${url}
Thanks,
YourWebsite team
`
},
html(user, url) {
// This is where HTML email content would go.
// See the section about html emails below.
}
}; You can opt-out from email sending and also configuring the package with the following: Accounts.config({
sendLoginTokenByEmail: false,
loginTokenExpirationHours: 1 (default)
}); If you want to send the user to a different page than home("/"), you can use: Accounts.urls.loginWithTokenUrl = (token) => {
return Meteor.absoluteUrl(`${token}`);
}; Now, for the callbacks: CallbacksAccounts.onLoginWithTokenLink((token, done) => {
// called in the client side when a token is detected in the URL
// no need to call Meteor.loginWithToken(token) at the end
}) Accounts.onCreateLoginToken((token, user) => {
const { phone } = user.phone;
customSendSMSLogic(phone, token);
}); Am I missing any use-case for this package? Would an API like this be good enough? |
Beta Was this translation helpful? Give feedback.
-
I've started implementing this here: #11602 |
Beta Was this translation helpful? Give feedback.
-
Meteor 2.5 also includes a package called accounts-passwordless so this discussion is closed now. More details in the blog post coming soon about 2.5. |
Beta Was this translation helpful? Give feedback.
-
A new method of signing-in. Requires only e-mail from user and when signing-in it would send a one time link to the user's primary e-mail through which they would sign-in.
I think this could operate alongside SSO logins, but if active should replace accounts-password. There could be an argument that this could be a community package and I'm all for it, but I think with SAAS like Clerk we should include this in the core or at least dedicate a section in the guide for it.
Additional functionality could be build on top of this which would allow for things like admins in one click to log-in into an app like the user.
Relevant forums discussion: https://forums.meteor.com/t/can-we-build-password-less-authentication-into-accounts/55885?u=storyteller
Beta Was this translation helpful? Give feedback.
All reactions