search

SE17GroupH / ZapServer

Server side stuff for Zap
1 stars 0 forks source link

Creating API calls for storing Microsoft cognitive id #18

Closed DevArenaCN closed 7 years ago

thegreyd commented 7 years ago

I was rethinking the process to login. Currently, a user needs to login before using any of the alternative login methods. Ideally this shouldn't be the case.

For the magic link, we don't need the password, only email.

For Voice we shouldn't need the password, only the email and the voice sample. With every email , there is a microsoft profile id; hence we verify the voice sample with the profile id associated with the provided email id.

DevArenaCN commented 7 years ago

For fingerprint I don't think you can leave the text password out because you can't do a hash with the fingerprint and the user's email address. For the other two, ideally we don't need to do that, but what I have in mind is that the text-based password can be a contingency plan where magic link or voice doesn't work or is not applicable. Also, if the user changed his text password, or main password, those authentication method should not authenticate the user anyway. I think you can change it to email only if you want, let me know if you really wanna go with this route so I can make some changes.

thegreyd commented 7 years ago

@DevArenaCN Yes you are correct about fingerprint. For that, the fingerprint needs to be registered on the device, and the user first needs to login with the password. After these two steps have been done the first time, we allow the user to login with fingerprint, by sending password in the background.

Text based password will still be an option. SO in total there will be 4 options on the login screen. the first field will be email which is absolutely needed. next 4 buttons - password, magic link, voice, fingerprint.

Changing the password would not change magic link. For voice also, it shouldn't in the ideal case if we are associating the email and the voice profile id. The key to make voice auth better is to store the profile id on the server. That way i can just enter the email, record my voice and login directly.

I have gone through some rails tutorials, and have a local instance of ZapServer running. I will be experimenting with it, and hopefully help in adding this functionality. We don't necessarily have to do this before demo day. What he have now is good, and we can talk to the professor about how this functionality will be in the next release.

DevArenaCN commented 7 years ago

That's probably a good idea. I can see if I can make this happen after the mid term.

thegreyd commented 7 years ago

Future enhancement