Open fergusmeiklejohn opened 2 years ago
pbteja1998
commented
2 years ago Hey @fergusmeiklejohn I think it would be a fairly straightforward thing to do this. One thing to note here is this package works even without a database, so this workflow should work without database too. That means we have to encrypt and store the code inside the session cookie rather than storing it in the database. Happy to discuss more in the discord's #remix-auth channel too.
marcojakob
commented
1 year ago This would be a nice feature to have because if people receive their email on a second device they cannot login with the magic link. A combination of magic link and pin token would help.
Here is an example from https://www.okta.com/blog/2020/09/magic-links/
@fergusmeiklejohn did you ever get to implement the one-time-passcode strategy?
pbteja1998
commented
1 year ago Yeah, even I want this feature. Reopening this issue.
agcty
commented
1 year ago Yeah, even I want this feature. Reopening this issue.
I believe the package could use something like the newly published https://github.com/epicweb-dev/totp to get 2FA working. This is also how the epic stack handles 2FA (https://github.com/epicweb-dev/epic-stack/blob/main/docs/decisions/014-totp.md)
Hi Bhanu, I just wanted to check in with you to ask you how feasible you think it would be to adapt this strategy to email the user a token which they would enter into the app to authenticate? Do you think it's worth me adapting it or would it be better for me to build a separate strategy? Thanks!