Closed eugapx closed 1 year ago
One of the function of OTP device is to confirm the phone / email How should we store the information if the phone number/email is confirmed? Should it cover the case when user have multiple confirmed phone numbers? You need to separate OTP device and user 3pid i.e. email phone So, User has phone_number, email fields + can have several OTP devices for phone/email, right? for listing devices i suggest /otp-devices/ with type = email, sms (not phone), totp (google auth) Should type be a required param? How should serializer look like? Non-required fields for phone/email or type(mobile/email) + value ("test@test.com" or "+0122xxxx")? Okay, so you want the same ViewSet for both Otp/phone right? We store otp/email devices in different models. So get_queryset will be like
One of the function of OTP device is to confirm the phone / email
You need to separate OTP device and user 3pid i.e. email phone
phone_number
email
for listing devices i suggest /otp-devices/ with type = email, sms (not phone), totp (google auth)
get_queryset
if type == 'email': DeviceModel = EmailDevice else: DeviceModel = PhoneDevice return DeviceModel.objects...
Is it okay for you?
user registration and invitation methods and template: standard User fields = first_name, last_name, email, phone Should we treat email/phone as unconfirmed on registration/invitation? Should we allow User creation if there already a User with the same email/phone? Should we allow User creation if there already a User with the same OTP device? extra User fields / serializer override in settings Should we just save these fields in User model? So it will be like first_name, last_name, etc? magic signin link How it differs from otp (email/phone/static/totp) verification on BE side?
user registration and invitation methods and template: standard User fields = first_name, last_name, email, phone
extra User fields / serializer override in settings
Should we just save these fields in User model? So it will be like first_name, last_name, etc?
first_name
last_name
magic signin link
How it differs from otp (email/phone/static/totp) verification on BE side?
otp (email/phone/static/totp) verification
My questions regarding the current readme
Is it okay for you?