hmellor / auction-website

An open-source auction hosting system
https://hmellor.github.io/auction-website/
MIT License
107 stars 52 forks source link

WhatsApp authentication #75

Open ciroiriarte opened 6 months ago

ciroiriarte commented 6 months ago

A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] The no password authentication is nice for this kind of applications given the use case, and allows non tech savvy user access.

On the other side, users cannot be actually identified in a given forum and tech savvy enough users can create multiple accounts.

Describe the solution you'd like OTP authentication vía usual messaging application would be nice (SMS, WhatsApp, Telegram), it would allow to define phone number as user and no password is needed. To accomodate different channels, a module/plugin approach would be desired.

Describe alternatives you've considered User and password authentication, but users forgetting password would be a nightmare.

Additional context I would like to use this application to add auction functionality to a WhatsApp group we have at a school Sale group. Currently offers get all messed up in the chat, difficult to consolidate pictures and offers for a single item. The idea would be to add the item to this app and post link to it in the group, users will go to the auction web site and authenticate with OTP registering the same phone number we see in the WhatsApp group.

hmellor commented 6 months ago

Firebase does support authentication using phone numbers https://firebase.google.com/docs/auth/web/phone-auth. However, on the free plan (Spark), they only allow 10 SMS verifications per day https://firebase.google.com/docs/auth/limits#phone-auth, which could be problematic depending on the scale of your group.

If you wanted to contribute a PR that implements this authentication method and make it optional for the host I'd be open to accepting that PR.

However, there has been a similar request for a new auth type in #76, so you might want to coordinate how multiple optional auth types are handled.