Texting instead of emailing?

zanderxyz / veil

Simple passwordless authentication for your Phoenix apps

MIT License

166 stars 15 forks source link

Texting instead of emailing? #13

Closed cblavier closed 3 years ago

cblavier commented 6 years ago

Nice project, I love how simple it is!

I was wondering how complex it would be to text the secure link to some users instead of emailing them? Each user should be able to either login with its email or phone number

zanderxyz commented 6 years ago

Hi,

You can definitely do this but there'd be some costs involved to handle the texting. Twilio offers a paid API for sending SMS messages and there is an Elixir API Client.

To integrate with Veil, you would need to change the send_link_email function in veil.ex to send a text message using the Twilio API instead of an email. In the existing implementation you can see this part generates the sign in link: new_link_url(conn, request.unique_id).

I'd say it's probably not worth integrating this into Veil, given the work is mostly setting up the Twilio API etc - changing the send_link_email function is trivial once that part is done.

niahoo commented 6 years ago

Great idea.

Maybe just providing a way to override the function call through mix config ?

cblavier commented 6 years ago

I guess there would be also some work involved in identifying users not only with their email address but also with their phone number Le 9 juil. 2018 à 17:41 +0200, Zander notifications@github.com, a écrit :

Hi, You can definitely do this but there'd be some costs involved to handle the texting. Twilio offers a paid API for sending SMS messages and there is an Elixir API Client. To integrate with Veil, you would need to change the send_link_email function in veil.ex to send a text message using the Twilio API instead of an email. In the existing implementation you can see this part generates the sign in link: new_link_url(conn, request.unique_id). I'd say it's probably not worth integrating this into Veil, given the work is mostly setting up the Twilio API etc - changing the send_link_email function is trivial once that part is done. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

niahoo commented 6 years ago

Phone number could be fetched with help of the email, but I guess some apps would not store any email so yes ... it could be better to have an actual implementation to look at before going further.

zanderxyz commented 6 years ago

You're correct that you'd have to identify by phone number, so phone numbers entered as a string would need to be parsed into E164 format and then saved as a string. I know that libraries exist in other languages for this (e.g. PhoneNumberKit for Swift) but might not for Elixir yet.

matthewford commented 5 years ago

There is https://github.com/madebymany/passwordless_auth for sms.