adapting the strategy to send a token instead of an email link #8
Comments
|
Hey @fergusmeiklejohn I think it would be a fairly straightforward thing to do this. One thing to note here is this package works even without a database, so this workflow should work without database too. That means we have to encrypt and store the code inside the session cookie rather than storing it in the database. Happy to discuss more in the discord's #remix-auth channel too. |
|
This would be a nice feature to have because if people receive their email on a second device they cannot login with the magic link. A combination of magic link and pin token would help. Here is an example from https://www.okta.com/blog/2020/09/magic-links/
@fergusmeiklejohn did you ever get to implement the one-time-passcode strategy? |
|
Yeah, even I want this feature. Reopening this issue. |
I believe the package could use something like the newly published https://github.com/epicweb-dev/totp to get 2FA working. This is also how the epic stack handles 2FA (https://github.com/epicweb-dev/epic-stack/blob/main/docs/decisions/014-totp.md) |
Hi Bhanu, I just wanted to check in with you to ask you how feasible you think it would be to adapt this strategy to email the user a token which they would enter into the app to authenticate? Do you think it's worth me adapting it or would it be better for me to build a separate strategy?
Thanks!
The text was updated successfully, but these errors were encountered: