v 1.x discussion

[eugapx]

My questions regarding the current readme

One of the function of OTP device is to confirm the phone / email

• How should we store the information if the phone number/email is confirmed? Should it cover the case when user have multiple confirmed phone numbers?

You need to separate OTP device and user 3pid i.e. email phone

• So, User has phone_number, email fields + can have several OTP devices for phone/email, right?

for listing devices i suggest /otp-devices/ with type = email, sms (not phone), totp (google auth)

• Should type be a required param?
• How should serializer look like? Non-required fields for phone/email or type(mobile/email) + value ("test@test.com" or "+0122xxxx")?
• Okay, so you want the same ViewSet for both Otp/phone right? We store otp/email devices in different models. So get_queryset will be like

if type == 'email':
    DeviceModel = EmailDevice
else:
    DeviceModel = PhoneDevice

return DeviceModel.objects...

Is it okay for you?

user registration and invitation methods and template: standard User fields = first_name, last_name, email, phone

• Should we treat email/phone as unconfirmed on registration/invitation?
• Should we allow User creation if there already a User with the same email/phone?
• Should we allow User creation if there already a User with the same OTP device?

extra User fields / serializer override in settings

• Should we just save these fields in User model? So it will be like first_name, last_name, etc?

• magic signin link

• How it differs from otp (email/phone/static/totp) verification on BE side?