[discuss] code authentication service

[ozsay]

Hi,

I implemented a new authentication service which validates a previously sent code to the client.

Common use-cases:

• login with code provided by sms
• login with code provided by email

The service both sends the code ("prepare authentication") using a code-provider and validates it after the client logs-in.

TODO:

• implement core service
• implement twilio sms provider
• add unit tests
• api docs ?

@davidyaha Thoughts?

[codecov]

Codecov Report

❗ No coverage uploaded for pull request base (master@0470532). Click here to learn what that means.
The diff coverage is 96.72%.

@@           Coverage Diff            @@
##             master    #776   +/-   ##
========================================
  Coverage          ?   95.2%           
========================================
  Files             ?      85           
  Lines             ?    1835           
  Branches          ?     356           
========================================
  Hits              ?    1747           
  Misses            ?      80           
  Partials          ?       8

Impacted Files	Coverage Δ
...ages/code/src/utils/randomstring-code-generator.ts	100% <100%> (ø)
packages/code/src/errors.ts	100% <100%> (ø)
packages/code/src/index.ts	100% <100%> (ø)
packages/code/src/utils/simple-code-hash.ts	100% <100%> (ø)
packages/code/src/accounts-code.ts	94.87% <94.87%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0470532...937f60a. Read the comment docs.

[davidyaha]

Although it's safe to say that twilio pretty much dominates this field, I wonder if we should allow the user to supply some SMSService rather then depending on twilio.
Another option is to just call this package code-provider-twilio so that it will serve as an example for others that need different SMS providers. Once we get another feature request about some other provider we could refactor for generic SMS providers.
@pradel thoughts?

[ozsay]

renaming it to twilio will prevent another layer of abstraction that we might not need.. so i'm +1 for doing it.

[NickBolles]

notifme is a pretty good abstraction, and their notification catcher is really cool.

[davidyaha]

Wow didn't know about notifme.. it looks great! What do you think @ozsay?

[ozsay]

it may be useful, though I can't see all the features that twilio provides (like messagingServiceSid)

[pradel]

@ozsay From my understanding of the pr, this service can't be used alone since it does not take care of the user account creation right?

[ozsay]

@pradel true. we use it with another service.

[pradel]

I guess this should be clarified somewhere in the documentation as we want the service to be able to register a user I think.