Hello devs!,
I have suggestion but I don’t know where to send/post, that’s why I post here.
As I stated above “you…”.
I would like to suggest the password less auth. to be added in your feature.
And for those people/dev that successfully achieve this method using backendless.
Please help me achieving this…
REGARDS,
YHAL
Are you referring to something like biometrics or some kind of two factor authentication? I found this whitepaper from Microsoft about password-less authentication. For biometrics, that may be hard considering the majority of desktop computers don’t have any kind of thumbprint scanning or webcam face scanning abilities.
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE2KEup
For a third party two-factor authentication, you’d need the majority of users to be ok with downloading an additional application to verify their account and I’m not sure if that is feasible. Here is Microsoft’s example of an auth app:
I know that the publishing site, Medium, implemented an email-only login system that sends you a login token every time you want to access the site. That introduces a bit of friction that some people might not want to deal with.
Perhaps instead of email, having the ability to log in with your phone number and using a text code? Looks like Auth0 has this capability of texting and code-confirming.
@Brewhouse_Digital
Oh… sorry for not clarifying. I want to achieve is to not use any password… just an email/username and after clicking/logging in the server send one time Link to login.
In Firebase it calls “passwordless” login.
Since user id in users table is unique and random, why don‘t you use it instead of the password? First time when user registers, you create user, and return user id along with other informations, then the id will be cached in the user device, and when the user perform sensitive action, send user id along the request (device -> backendless), and check if he‘s allowed to do that action( if data related to that id are okay)
You should be careful that you don‘t send user row to any other person except for the one who has its id…but you still need a way to retrieve that id when it‘s not cached in user device
I‘m not sure how good is this way. I‘m not an expert in authentication and security field.
Hi everyone @John_Aerial_Azcune @Brewhouse_Digital @Hassan_Kanso
We already have that implemented. In the Business Logic, in Backendless.UserService.login method you can pass user’s objectId as the first argument (though you have to use your Code Runner API key). Is that what you seek?
Regards, Igor
Do you mean: if I press button upon filling up the username/email, it will send link for saying “click to Ok to login”…
This is how I see it:
@Igor_Bogunkov
Tnx for your response!!
just a follow up question…
Now I already implement passwordless login,
My question is:
“HOW CAN I IMPLEMENT PASSWORDLESS REGISTRATION?” Is it possible to do this?
The “Password” column is mandatory and is not deleted from the “Users” table. As an option, I would suggest you create your own table for users. Where you add and select as mandatory only those columns that you consider necessary. This may solve your problem.
Regards,
Marina
@Marina.Kan
Tnx for your response…
Yeah I already think that possibility so I searched in advanced… but Im hoping if there are already implemented in backendless that I skipped in reading docs so that’s why I ask in this forum…
BTW…
tnx! and I’ve a lot of fun and things that I learned while discussing this
Happy coding with Backendless!
Regards,
Marina
Tnx…
@Marina.Kan
right now I’m confused…
Can you give me sample structure or workflow on how to achieve.
On where to start,
Or Do I really need to make my own authentication?
Thanks in advance.
Regards,
YHAL
@John_Aerial_Azcune Firstly you need to create a table in Data section. And then using our Business Logic Codeless system you can add logic to this table.
Why you don’t need password? How does your users perform authorization? I mean how they retrieve user-token if they can’t perform login operation with password?
Regards,
Marina
@Marina.Kan
As I stated above.
That is the main goal/reason why I want to authenticate/register/login the users/my account.
That means you can’t access my data unless you have my email/phone Number/other authentication that will receive the one time login/register link.
REGARDS,
YHAL
I can offer you next steps:
Regards,
Marina
Tnx…
This help me a lot…
I’m a type of guy who “YOU DO THE IDEA, I’LL DO THE CODE”…
cause if I think of an idea, my mind wander around even this piece will not help to my code…
Hahahahah…
Thank you for your time…
And sorry for consuming your time.
BEST REGARDS,
YHAL
EDIT 1:
now I foresight the biggest hole/problem in this…
“THE SECURITY RULES” hahahaha…silly me…
I guess I’ll make a new thread for this,right?