Comments (17)
We could use the WebAuthn API for the client-side prospect which has wide compatability with firefox, chrome, edge and safari.
from appwrite.
Anonymous login or login by username without an email would be great as some projects don't have unique emails for their users.
from appwrite.
@christyjacob4 thats sound like a good idea but we don’t want to be biased towards a commercial company like @twillio (which I love, but that doesn’t matter), or make the setup more complex. I guess that we should allow different adapters to allow the enabling of this kind of features as there are no notable open-source solutions that I am aware of either for calls or SMS.
How do you see the workflow of enabling SMS / Call services as part of the authentication service? Is it part of the settings? A new settings page just for auth? Love to get your feedback
Anyway I think it important that we put a lot of emphasis on making sure we stay un-opinionated where we can’t use open-source solutions and easy to get started or setup even when such a 3rd party integration possible, meaning it shouldn’t be a requirement to setup.
from appwrite.
Hi @eldadfux you might want to have a look at Jasmin SMS gateway to implement SMS login and varification. It is open source and can be readily containerized with Docker, and it supports both http and smpp protocols.
from appwrite.
SMS OTP login will be the best one.
from appwrite.
My suggestions on this are
- Email OTP login alone isn't much safe (without a password). 2FA should be enforced in this case.
- SMS based login doesn't require 2FA.
- Anonymous login is a good idea but certain checks should be implemented to prevent abuse.
from appwrite.
@sagarvd01 thanks for your feedback.
Why in your opinion OTP alone isn't safe enough?
About the Anonymous login, we already have abuse mechanism in place the work on all login methods to protect from brute-force attacks.
from appwrite.
@eldadfux There are also situations where a user may want to receive a call get the OTP instead of an SMS. Twilio seems to be the most popular option to handle SMS, Calls and Emails
https://www.twilio.com/
from appwrite.
Hi @eldadfux , in my opinion, email ownership may be changed over time. Especially when users login with business emails. So we can't distinguish whether it's the same person or not.
Additionally, Firebase by Google provides a good sdk for authentication purpose, which will reduce a lot of work.
from appwrite.
@sagarvd01 I definitely agree that email ownership may change over time. This is something we need to think of when relying on email as the main recovery process and identification of the user's accounts.
I don't think the usage of business email should be a major concern for us, as this can actually be treated as an advantage for people wanting to have different accounts for personal or company usage.
Regarding Firebase, we are building an open-source and self-hosted product. Meaning, people can use it for free, set it up everywhere they want and control their data. Relying on a commercial, paid, SAAS product as an internal dependency will go against all these goals.
from appwrite.
@monatis wow this seems like a really cool project and it's awesome they have a docker container! checking it out now.. thank you!
from appwrite.
Glad I found this amazing project , one thing that keeps me away to switch from Firebase is Phone number auth , any update about SMS login method?
thanks!
from appwrite.
@m7md10 this is something we definitely want to add, but no timelines yet.
from appwrite.
A create session & return access token would be very useful login alternative.
from appwrite.
Hardware U2F keys would be a nice addition for those who require alot of security on appwrite
from appwrite.
@PineappleIOnic cool idea!
from appwrite.
As mentioned in #354 another useful method we can add here is to login with existing OAuth access tokens (today we are creating them ourselves). This will be specially beneficial when integrating with native OAuth SDKs for better UX.
from appwrite.
Related Issues (20)
- 🐛 Bug Report: A user can update permissions to grant additional permissions
- 🐛 Bug Report: Account SDK Client Request in Render HOT 2
- 🚀 Feature: Authjs with Appwrite adapter HOT 5
- Appwrite Internal Error HOT 3
- Add these Headers for this error : {"message":"Server Error","code":500,"type":"general_unknown","version":"0.12.73"}
- 🐛 Bug Report: CLI Project List command - distorted table and irrelevant data output. HOT 5
- 🐛 Bug Report: Web SDK fails to disconnect when the unsubscribe function is returned HOT 3
- 🐛 Bug Report: AppwriteException [Error]: Server Error when accessing database from appwrite function by schedule HOT 4
- 🐛 Bug Report: Query select returns not explicitly requested fields HOT 5
- 🐛 Bug Report: Duplicate Executions of Cloud Functions HOT 3
- 🐛 Bug Report: Display Name settings aren't saving HOT 2
- 🐛 Bug Report: Proxy pass Apache HOT 2
- 🐛 Bug Report: account.createRecovery returns 500 general_unknown if the user doesn't have a name HOT 3
- 🚀 Feature: Introduce Custom JWT Expiration Date Support HOT 2
- 🐛 Bug Report: Unable to add most recently created collection (collection #26) as a relationship attribute HOT 2
- 🐛 Bug Report: Default Login email template missing {{user}} variable, always reads broken "Hey,," HOT 14
- 🐛 Bug Report: Phone Auth Verification HOT 2
- 🐛 Bug Report: Incorrect Error Handling When Passing Int as documentId parameter HOT 9
- 🐛 Bug Report: 500 error HOT 2
- 🐛 Bug Report: HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from appwrite.