-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Signup with phone number and OTP #9217
Comments
Support for OTP is already in Misskey. After creating an account, go to Settings > Security > Two-Factor Authentication. It is up to the instance administrator to require (or not) an email on signup. Using a phone number with SMS for the OTP is not supported currently. |
Signup, so I guess bli-ash wants to take the method of generating and uploading the OTP shared secret key on the user side. Authentication by phone number is probably an implementation of Amazon SNS, but an implementation that can only be used by AWS would not be very desirable. In addition, I personally don't like SMS authentication. Why does @bil-ash not want to use passwords in the first place? Translated with www.DeepL.com/Translator (free version) Signupなので、OTP共有秘密鍵をユーザー側で生成してアップロードする方法をとりたいということではないでしょうか。 電話番号での認証はAmazon SNSとかのAPIの実装なんだろうけど、AWSだけしか使えない実装はあまり好ましくないだろう。個人的にSMS認証は好きではない。 そもそもどうして @bil-ash はパスワードを使いたくないのですか? |
At first I would like to clarify that I do not need two-factor authentication, only sign-up using phone number facility. I would like to deploy misskey for a small(non-technical background) group and for my target group of users the most intuitive way of signing up is phone authentication or single sign-on using google/facebook/twitter. I prefer phone auth with OTP and web authentication. Is the following situation possible for sign-up? So for sign-ins after that user will enter their phone number and web auth credentials(most probably biometric for phone and password for desktop). |
I don't think phone number signup will be implemented immediately or not on the Misskey side, but if you are able to program it, what about the idea of using an invitation code? (Are you aware that you can make the instance invitation-only?) How to disable new user registration (= to be invitation-only):
During disabling new user registration, registration is available by using the invite code issued by admin. How to get an invite code:You can get the invite code from the top of the Control Panel, or if you want to automate it, you can create an application using API:
|
No, Misskey requires a password for signup. |
As a personal opinion, I dislike relying on phone numbers, email or other service IDs for Misskey logins. |
SMS doesn't like eMail SMTP, it has neither a common API call format nor a famous (and free) provider, which means combining with any paid SMS API may cause commercial controversies. If you really want to restrict user with phone numbers, what about setting up a new management server for requirements like account registration and password reset. Misskey has an open API system which can be accessed from your.instance.ltd/api-doc and is very developers friendly, it's easy to develop a peripheral project like this rather than modifying the codes itself. |
Ok. so I will try to implement something similar using the steps mentioned above. And since I have to implement it myself, I will close the issue now and open one later with the results |
Summary
I would like to able to signup users with mobile number and OTP instead of email address and password. Someone please confirm if it is possible. If yes, please inform about the files which will need to be changed
The text was updated successfully, but these errors were encountered: