-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Second device login? #5
Comments
That sounds like an interesting UX. Obviously the gem isn't built to accommodate that at the moment. Off the cuff I think you could accomplish something like that by having the Rails server store some kind of nonce session value (think Maybe there's an easier way I'm not thinking of but that's one way. You'd want to be careful your busy wait endpoint isn't vulnerable to timing attacks or things of that nature |
Thanks @abevoelker! Good ideas. I think I may try implementing my own ideas; I don't need all the "weight" of Devise for this, as it's a (very) simple application. And, yeah, I think I'll just have it say, "Refresh this page once you've clicked the email link" to avoid a busy-wait. Up to you if you want to close this. |
For the record, this was inspired by a web exercise app, that let me log in to (for example) a smart-TV browser that I didn't have email set up on (nor would I want to). I also don't have email set up on my tablet. |
@csterritt Got it, yeah that use case makes perfect sense then. If you don't want the full weight of Devise but want something a little more useful than session variables, you could write a Warden strategy (Devise is built on top of Warden if you didn't know). Devise requires Rails but Warden works with any Rack app. I found this RailsConf video to be a useful primer on Warden when writing this gem if you go that route. Closing this for now since it doesn't pertain to the gem. Good luck to you on your project |
Thanks Abe! I'll give that a look.
…On Tue, Aug 10, 2021 at 10:33 AM Abe Voelker ***@***.***> wrote:
@csterritt <https://github.com/csterritt> Got it, yeah that use case
makes perfect sense then. If you don't want the full weight of Devise but
want something a little more useful than session variables, you could write
a Warden strategy
<https://github.com/wardencommunity/warden/wiki/Strategies> (Devise is
built on top of Warden if you didn't know). Devise requires Rails but
Warden works with any Rack app. I found this RailsConf video
<https://www.youtube.com/watch?v=QBJ3G40fxHg> to be a useful primer on
Warden when writing this gem if you go that route.
Closing this for now since it doesn't pertain to the gem. Good luck to you
on your project
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#5 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAJIHMGDXJ6CCDS376352DT4E2E7ANCNFSM5BWZ5YQA>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email>
.
|
Hi -- first, thanks for doing devise-passwordless! It's a cool thing, and seems to work.
I have a use case that doesn't appear to work:
Any clues appreciated -- Thanks!
The text was updated successfully, but these errors were encountered: