Decide on login system

[ryyan]

Need to decide on how we're going to go about logging multiple people into the same session.

A couple examples below using theoretical scenarios,

Traditional user accounts (username/password)

• User A logs in and "Starts a vote" and invites friends which sends out the URL/text
• Those users log in and vote on a place
• Voting ends with time/everyone voting and everyone gets the decided time and location

PROS:

• Users can save their individual preferences (favourite places for lunch, dinner, etc..)
• Users can save friend lists

CONS:

• Yet another password

  Unique URL per Session

• User A starts a Session, recieves a unique URL (sandwhich.com/182j3lijfd)
• User A then sends that URL to friends
• Once voting is complete, the URL will display the decided time/location

PROS:

• No account creation
• We aren't required to create as much security

CONS:

• Users can't save preferences?
• No way to send email/text once voting is ended?

[chadswen]

Auth through google accounts might be nice. Is this a mobile app? Push notifications of a new vote sent to the selected users would be a good way to share i think.

Really, there are plenty of good ways to do auth and also share a new session with your lunchbunch. We should just pick whichever ways sound most practical and do that first.

[mcntrn]

I like the way whatsapp does it. They ask for your phone number when you first install then they send you a verification text message, they validate that you got the text and presumably send you some sort of session token.

That way you don't have to worry about a password. The downside is that if you log in on a different device your previous token will expire.

Google and FB auth could be used to add profile info and friend lists.

[davidgwking]

Is this a mobile-only app or will it provide both a browser and mobile front end?

If the latter then unified session management will be necessary. In this case, users will likely expect to use the same login pattern for both

[ryyan]

Currently propped up as a web app.

The front-end should be crazy simple (sign in, vote, done), so we could whip up native apps to go with a web app (which would also work on mobile). All hitting the same REST backend.

Wondering if we should create multiple repos, one for each platform? (API, WebApp, IOS, Android)

[ryyan]

Back on topic, we could include "Continue as Guest" and have users enter their name and preferences before voting. This is assuming people join sessions by invite only. Also voting wouldn't begin until everybody has joined and enter preferences (if they didn't already have an account with predefined ones)

[eduderewicz]

we're all google/android users right? v1 could definitely be google auth...

Later versions: I support using google, facebook, twitter, etc. auth vs requiring a fresh username/pw

[ryyan]

http://notebook.ideapublic.org/2014/one-less-password/

Here's another possibility. Passwordless login, where it emails users with their session URL