Replies: 1 comment 8 replies
-
|
The user has the "verified" flow with a verification token however it's not connected to the authentication method. Perhaps it's the auth method that should be verified, then if the user changes authentication method it would require a re-validation. |
Beta Was this translation helpful? Give feedback.
-
|
@ramkishore-yerubandi no, we did not find any temporary solition or valid workaround for "OTP" style of logins. The authentication and authorization were way to close and deeply embedded. Might have change now, was some time ago but atleast as i can remember. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the response @Psvensso. |
Beta Was this translation helpful? Give feedback.
-
|
@Psvensso were you able to create OTP based auth? I am doing same and stuck |
Beta Was this translation helpful? Give feedback.
-
|
As i replied to the above comment. No, username/password are/were to deeply integrated. |
Beta Was this translation helpful? Give feedback.
-
|
As mentioned in the long thread in #860, this could be accomodated as part of v2 which is currently under development. First step would be for someone to open an issue detailing the current limitations which prevent OTP flows, and suggesting changes to the APIs which would fix that. Since discussions are not tracked like issues, I totally forgot about this whole subject. So if an issue is created I can add it to the v2.0 roadmap and them we can work towards a good solution 👍 |
Beta Was this translation helpful? Give feedback.
-
Hi,
im working on a One-Time-Password authentication strategy and for this use-case i think it would be nice to store the OTP data on the session. Right now i can't see how i would store data on the current session object. The only way i can think of is to create my own session but that seems like a waste. If i then later add a cache strategy i would have to implement it on multiple places and... no. Cleanest would be to modify the existing session.
Could it be an idea to have a "extra properties" object on the Session with a "SessionService > getPropterty() / setProperty()" methods? Similar idea as for Entities.
Another option i guess would be to create my own plugin and db table to store the OPT but this seems both risky and over complicated. Think it's clean that the OTP belongs to the session and feels safer when it's salted with this user's session.
Any other idea's hwo to solve the use-case?
Beta Was this translation helpful? Give feedback.
All reactions