Webstudio
Log in

Join the Webstudio community

Updated 10 months ago

Home

At a glance

The community member has implemented a version of email OTP (one-time password) passwordless authentication on a platform called WS. They consider it a workaround, but it works fine. The community members in the comments discuss various aspects of the implementation, such as getting stuck on a step, hitting rate limits, and the use of a login token in the request body to identify the user. They also discuss the security of the approach, with one community member suggesting combining it with a secret resource key as a reasonably secure way to handle authentication at the backend.

Useful resources
SSantosh
·
finally implemented my version of email OTP passwordless auth on WS ... i guess they are workarounds but works just fine ..... try it out pls 🙂

https://ws-supabase-auth.wstd.io/
O
S
7 comments
OOleg Isonen
I got stuck on this step
Attachment
image.png
OOleg Isonen
Attachment
image.png
OOleg Isonen
tried again, I see you are hitting rate limit
SSantosh
This is it .. the login token is via the body variable and can be accessed wherever need to supply to backend to identify user as needed

https://discord.com/channels/955905230107738152/955905231227609158/1234932140664426536
SSantosh
Does this make sense @Oleg Isonen ? Combine with a secret resource key ... it is a resonably secure way ... right?

All auth filters .. i will do at my backend that exposes REST calls basically
SSantosh
@Jeremy ... yes ... I basically want to have user level auth that I can use after that. The unauthorized is not needed and slightly irritating ... but I basically want the API key in the body system search variable ... so I needed to do a document.load refresh
Attachment
CleanShot_2024-05-01_at_08.28.482x.png
OOleg Isonen
resource is very secure, isn't getting exposed to the client
Add a reply
Sign up and join the conversation on Discord