auth layer
Opened this issue · 1 comments
In this app i want to mainly implement phone number and email based login. for now we'll only implement phone number based authentication.
when we talk phone authentication Firebase seems to be good option and infact i even tried that but it takes quite a long time than it should(on an average you'll see message coming in 4-5 seconds) but in real life for production app this time is a lot. through a simple aws sms service(along with lambda and elasticache) i was able to achieve this under 3-4 seconds which is perfectly fine to me.
one more problem with firebase is that you can't change the actual text message you want to send so you'll have to stick with the generic message.
even though aws now supports flutter but it does not yet provide a proper implementation that the reason i had to implement my own auth flow.
Current Implementation: as of now very basic auth part is done.
what's Left:
- saving jwt into shared preference
- linking user profile with aws cognito, although i will work without it but this is recommended way for good architecture flow
- implemeting OTP invalidate flow after certail expiry passed
- implementing Resend OTP flow
- a good looking UI with ability to handle all use cases(right now it just works but not up to the mark)
- rate limit and abuse restriction
Once this all is done, I'll try to see how feasible it's to implement email based login(passwordless or gmail)
Note: for now I'm not planning to support IOS as it's out of scope of this project untill we finish the android MVP
- this is implemented.
- for now we won't implement this
- before doing this we'd have to migrate from aws lambda to our own server #4
- resend flow for client side is complete but for server side we have to complete this #4 first
- so far a decent UI has been developed for Login and OTP page. apart from that basic linking is also done for OTP autofill and manual flow. it's working fine as of now but it requires some tuning and optimization.
- this is go to stage 2