🚀 Feature: Allow demo user functionality for phone auth without sending actual sms #7411
Comments
stnguyen90
added
the
product / auth
|
@gaurav-chandra, thanks for creating this issue! 🙏🏼 Would you please provide some insight into why this is needed? |
|
We have to share the credentials with google play testers so that they can login and check. Similarly, many payment gateway providers need test credentials. If using phone auth, we have to trigger an otp but what happens in the case of google play testers who do not use physical sim cards and we need to give them the demo credentials and the number cannot receive an otp? The app is stuck in that case. This approach helps in making sure that the app testers are able to login using phone auth. Or provide a way to login a user using node sdk on the server side and pass that session to the client sdk. |
|
@gaurav-chandra, thanks for the insight! You mentioned this is needed for testers to test your app. Does your app only have phone authentication? |
|
Yes, only phone auth. It removes duplicate signups as a user can use multiple emails to create accounts. In India, phone auth is the norm and almost 85% companies, even amazon India, allows users to use their mobile numbers, only, to login as still lot of people do not use emails or do not check emails but check sms. Earlier when I used to use php mysql for rest api, I could very easily make demo accounts using phones as I had the responsibility to create auth function in my code. Edit: I think, and I have limited knowledge about appwrite implementation, that providing a way to login a user using server sdk is the best approach, and then passing the session to client sdk, as this way there is no restriction on the number of sms providers which can be used/supported by appwrite. |
|
@gaurav-chandra You can create users with "verified" phone numbers directly as admin. It could be the solution for you. |
Thought about it but it wouldn't work as I need the auth to create a session and not sending an otp will not create a session as we need to confirm the OTP. |
|
This issue will be prioritized for the next version, most likely 1.6. |
🔖 Feature description
When we are using phone auth, we have to mandatorily trigger an otp for logging in. Because of this demo accounts cannot be setup like 9999999999 or we cannot make any user as demo user so that the credentials can be shared with payment gateway providers or google play store testers or any other person who wants to have a look at the app without creating any profile or waiting for otp.
The hack outlined by @stnguyen90 on discord
_APP_SMS_PROVIDER=user:password@mockdoes not work🎤 Pitch
allow any user in auth to be set as demo user in console and add a defailt otp like 123456. triggering phone auth will check if the user is a demo user or not and will return true instead of triggering an otp.
👀 Have you spent some time to check if this issue has been raised before?
🏢 Have you read the Code of Conduct?
The text was updated successfully, but these errors were encountered: