Alternative Login Method: One Time Code

[cstrnt]

Problem Currently, the only way to use UnInbox is by Passkey Auth. While passkeys are a super nice technology and are really secure they're not that well known (yet) and this might hinder people from using UnInbox and that should never be a blocker.

Constraints:

• no external services
• great user experience

Proposed Solution Implement a One Time Code login method. When the user wants to sign-up / login they will need to enter an email address. They will receive an email containing a code containing 6 characters (number/uppercase letters). They can then enter this code in combination with their email to login or signup.

Technical Details

• The code must be shortlived (< 3 mins?) and bound to an email address (compound index) and should be stored hashed in the database.
• We need to write a custom auth.js provider for that, the email/magiclink provider should be a good reference / starting point

[skushagra9]

can I work on this ??

[cstrnt]

@skushagra9 we'll still need to discuss some things regarding the implementation. Will keep you in the loop. Also @simonorzel26 had some interest in doing this

[simonorzel26]

you can assign to me if needed

[McPizza0]

@simonorzel26 we're putting this on hold as we evaluate switching to Lucia auth

[McPizza0]

working on a larger refactor of the auth system, will work this in somehow

[ezra-en]

81 is directly related to this issue, and #79 switches us over to Lucia as required.

[McPizza0]

closing in favor of #81