Closed ruralopez closed 4 years ago
I don't believe there is a security reason to not include it. Though perhaps there is a UX question. That is, at which stage of the process do you include the check box to remember the device when you are authenticating via OneTouch?
I'm absolutely for including this, if we can find a good way to include it in the UI.
Thanks for bringing it up and let me know if you need any pointers around the repo.
Thanks for your answer @philnash, maybe we can use the same checkbox currently used in verify-token
form. Just retrieving state on onetouch-status
success trigger and sending the variable as a query string to the server could be enough (like onetouch_uuid
). Then, in devise_authy_controller.rb
we can replicate remember_device
helper in 'approved' case for GET_authy_onetouch_status
.
Sounds good! Give it a go and we will see how it comes together.
Hi @philnash, I already created a Pull Request with a possible solution for this Issue. Is there anything else I should do? Please if you can review my code would be awesome. Thanks!
Thanks for the PR! I will take a look soon :)
Hi! Is there any reason to avoid remember device on OneTouch login flow? I noticed that
remember_device
helper is not used anywhere in OneTouch login process, and this could be a very useful usability improvement.I could submit a PR if necessary, but I want to be sure this is not the intended behavior cause some security issue.
Thanks!