Comments (5)
@AndrewNatoli i think that would be the most secure option but agree that's probably way more than we need.
from cmpd-holiday-gift.
@jonvin006 We're changing how authentication works in the app from the above description
from cmpd-holiday-gift.
Changes to workflow:
Auth
- User enters phone no.
- If exists, enter login flow
- If does not exist, enter registration flow
Registration
- User registers (mobile phone no. required)
- Request for Approval email is dispatched to admin with Approval CTA
- Admin clicks CTA
- Admin logs in, approves user.
- Can view which app user registered from.
- Can select apps user has access to and access level.
- Admin should be able to see which app the user registered from, then select each app the user should be able to access as well as the access-level for each app.
- Approval email is dispatched to user notifying them that they can login.
Login
- User enters phone number from registration
- User sent login pin from Firebase
- User enters login pin, Firebase token forwarded to server
- Resolve user access & access level from token.
- If allowed access & enabled, user is logged in.
- If not allowed or disabled, shown inactivity page
from cmpd-holiday-gift.
@AndrewNatoli the main pieces that I am concerned about are the email CTAs. Our conversation about how easy it is for our user base to lose emails has kind of stuck in my head. Not sure of what a good solution to that problem would be though.
SMS would probably be the easiest user experience, but that's not free.
Push notifications would force users to auth with a browser that supports them.
Thoughts?
from cmpd-holiday-gift.
@chimon2000 Registration by counselors is typically done at their desk I imagine meaning they should have access to their email at the time they register. Logging in however they may be on a mobile device that they don't have access to their email on so I think overall the flow is fine.
We can also build out the admin to support showing registered users that have registered and verified, as well as the ones that have not verified their account yet.
An even crazier idea would be doing verification by phone. We have the school's number in the affiliation
table; we could have the counselor put their extension in. But I think that's where we'd be going down the road of over-engineering 😆
from cmpd-holiday-gift.
Related Issues (20)
- Adopted Children Page
- Adoption FAQ page HOT 2
- Scaffold adoption site module
- Rewire authentication on backend with Firebase Strategy
- Allow mock authentication in test environments HOT 1
- Scaffold Adoption Site FE
- Contact page
- Endpoint to list children available to be adopted
- Account registration no longer works
- request.user does not contain the user ID HOT 8
- New users can login without approval after email verification
- Affiliations should be pulled from database on registration
- User lists not working
- Users approval not working
- Requests that don't return JSON throw errors.
- Add "Incomplete" pre-approval status to nomination approval workflow
- Launch priorities discussion HOT 1
- Affiliations list not displaying data
- Set up Heroku deployments HOT 1
- Allow Administrators to manage dates used in templates
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cmpd-holiday-gift.