Skip to content

Authenticate user with OTP without password #6169

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
thobhanifreddy opened this issue Nov 1, 2019 · 4 comments
Closed

Authenticate user with OTP without password #6169

thobhanifreddy opened this issue Nov 1, 2019 · 4 comments

Comments

@thobhanifreddy
Copy link

I want user to authenticate just using phone number and OTP.

My flow is something like this.

Sign up: Enter Phone -> generate OTP -> verify OTP -> success
Login: Enter Phone -> generate OTP -> verify OTP -> success

I saw there is a closed PR #5306 for this. I will definitely look at it later but right now I need POC app using OTP flow.

I was wondering if I can use custom auth and get it working. I tried to integrate it

new ParseServer({
  databaseURI: process.env.databaseUri,
  cloud: process.env.CLOUD_CODE_MAIN || __dirname + "/cloud/main.js",
  appId: process.env.organinationId,
  restAPIKey: process.env.organinationSecret,
  javascriptKey: process.env.organinationSecret,
  serverURL: server.api,
  masterKey: process.env.organinationSecret,
  auth: {
    otpAuth: {
      module: CustomAuth
    }
  }
});

But I can't find any documentation to move ahead.

Can anyone guide how to achieve simple OTP authentication flow?
@dplewis
Copy link
Member

dplewis commented Nov 1, 2019

duplicate: #6152

This is a highly requested feature.

@thobhanifreddy
Copy link
Author

@dplewis I checked that issue before posting. I am not requesting feature(I mean not requesting in this issue).

What I am asking is can I get it working in using Custom Auth? If yes, can someone guide me how?

(I will try to work on closed PR during university breaks)

@dplewis
Copy link
Member

dplewis commented Nov 1, 2019
edited
Loading

@thobhanifreddy It is doable in Custom Auth but I'd recommend using cloud code (that's how I do it). An example is in that thread I posted (cloud code), it will be almost the same with custom Auth.

  1. Register Provider - this generates the code and you have to same it to the DB and send the code to the user (phone / email)
  2. Custom Auth - Verify if the code is correct with username.

https://docs.parseplatform.org/js/guide/#custom-authentication-module

Here are coding examples of custom auth
https://github.com/parse-community/Parse-SDK-JS/blob/master/integration/test/ParseUserTest.js#L773

https://github.com/parse-community/Parse-SDK-JS/blob/master/integration/server.js#L17

Let us know if the docs aren't clear.

@dplewis dplewis closed this as completed Nov 1, 2019
@tehsunnliu
Copy link

Hi, is there anyone who can help me implement login/signup only with phone number and otp?
What I've achieved till now is based on this this, User requests for OTP from cloud code then while verifying OTP we signup a user or login user with a new password and return the session token.
This method, however, has problems.

  1. Every time a user login with the OTP the old session gets deleted because the password has changed.
  2. Since we are sending only session token, from client-side when I call Parse.User.become() it doesn't create installationId,

I tried custom Auth but no success. This requires the user to be already registered somewhere.
I'm not sure If I understood everything right and if I'm missing something. Please correct me if I'm wrong.

I really want users to be able to log in only with OTP and have multiple sessions just as login and logout.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dplewis @thobhanifreddy @tehsunnliu