Popularity
4.8
Growing
Activity
0.0
-
36
4
2

Monthly Downloads: 201
Programming language: Elixir
License: Apache License 2.0
Tags: Authentication    
Latest version: v0.2.0

passwordless_auth alternatives and similar packages

Based on the "Authentication" category

Do you think we are missing an alternative of passwordless_auth or a related project?

Add another 'Authentication' Package

README

PasswordlessAuth

This library enables you to implement a simple passwordless login or 2-factor / multi-factor authentication. It can also be used as part of a user registration process.

It works by sending a text message with a numeric code to the phone number provided by the user. You can then request the user to verify the code they received before it expires.

See Usage for example usage.

Text messages are sent with the Twilio API via ex_twilio.

Documentation

Documentation is available at https://hexdocs.pm/passwordless_auth

Installation

Add :passwordless_auth to your list of dependencies in mix.exs:

def deps do
  [
    {:passwordless_auth, "~> 0.1.0"}
  ]
end

Configuration

PasswordlessAuth depends on ExTwilio config so you need to set ExTwilio config in your config/config.exs file:

config :ex_twilio,
  account_sid: "TWILIO_ACCOUNT_SID",
  auth_token: "TWILIO_AUTH_TOKEN",
  workspace_sid: "TWILIO_WORKSPACE_SID" # optional

Optionally set PasswordlessAuth config in your config/config.exs file:

config :passwordless_auth,
  garbage_collector_frequency: 30, # seconds; optional (defaults to 30 if not provided)
  num_attempts_before_timeout: 5, # optional (defaults to 5 if not provided)
  rate_limit_timeout_length: 60, # seconds; optional (defaults to 60 if not provided)
  verification_code_ttl: 300 # seconds, optional (defaults to 300 if not provided)

Usage

A passwordless authentication flow could look like this:

1. Send a verification code to the user's phone number

User enters their phone number to request a verification code.

PasswordlessAuth.create_and_send_verification_code(
  "+447123456789",
  messaging_service_sid: "abc123..."
)

2. Verify the code

User receives a text message with their verification code and enters it into the login form.

PasswordlessAuth.verify_code(
  "+447123456789",
  "123456"
)

Returns true or false.

Once a code has been verified, it should be removed so that it can't be used again:

PasswordlessAuth.remove_code("+447123456789")

3. Authenticate session / issue token

It's up to you to decide what to do once a user has verified their phone number.

You could match the phone number to a user account, then authenticate the user's session for that user account, or issue them a token with claims for that user account, which Guardian could help you with.

If there is no user account with that phone number, you could allow the user to register by requesting more information from them.

TODO

  • [x] Tests
  • [x] Twilio options can be passed to create_and_send_verification_sms rather than requiring messaging_service_sid to be configured
  • [x] Make verification code length configurable
  • [x] Add license
  • [x] Generate documentation
  • [x] Publish on hex.pm
  • [ ] Email authentication method


*Note that all licence references and agreements mentioned in the passwordless_auth README section above are relevant to that project's source code only.