Authenticators in signup and login
louischan-oursky opened this issue · 1 comments
Problem
The configuration primary_authenticators
is read by signup and login.
Skygear prompts the user the setup the 1st authenticator during signup.
Skygear only allows the user to use the authenticators listed in primary_authenticators
during login.
If primary_authenticators
is changed from ["password"]
to ["oob_otp"]
, users who only have password can no longer authenticate themselves.
Suggested solution by Ben
Ben suggested that we could separate primary_authenticators
into two fields, one for signup, one for login.
So if the developer wants to migrate from password to OOB OTP the configuration change is
# old config
# field names are temp
primary_authenticators_signup: ["password"]
primary_authenticators_login: ["password"]
# new config
primary_authenticators_signup: ["oob_otp"]
# It is very important that the developer moves "password" to login
# otherwise existing users cannot authenticate anymore
primary_authenticators_login: ["oob_otp", "password"]
Actually the “solution” I suggested above in Slack is just a business case understanding from the user...
For our solution, we might want to consider a general solution, if we will support multiple types of sign up / login UI some days (now we only have one), we might want to allow configuration of “all authenticators enabled in this app”, plus the authenticators usable at login / signup for each UI....
But maybe the above is a bit overkill, we don’t have a solid use cases of how / why people want multiple signup / login UI yet.