Giter VIP home page Giter VIP logo

Comments (4)

ldesplat avatar ldesplat commented on May 31, 2024

I am composing an answer to your questions but until I can formulate it properly, would you like to elaborate on why you think it would fit in bell's scope? I know that's the question you asked but I would like to hear your opinion on it.

from bell.

ldesplat avatar ldesplat commented on May 31, 2024

Types of passwordless systems that I am aware of

  1. Public/Private Key - ie. Client Authentication in SSL or SSH Key based authentication
  2. OTP - You generate a token on your phone or trusted device. I know it stands for One Time Password :)
  3. Service sends a token typically to your email or through SMS
  4. Not very related here but visual or behavioral recognition

I believe you may be talking about number 3 so let's concentrate on that for now.

Thoughts

Bell is a third party login plugin for hapi.

This is from the first sentence of our README and what is important is that we are a login plugin, but also specific to third parties. This is why I believe Bell never implemented a local strategy for your own username/password system like there is in Passport.

Bell has been very focused on OAuth 1 & 2 but proposals like Active Directory login or SAML fit very easily as we're authenticating with a third party service in all these cases. But, with no. 3 it seems like we are not dealing with any third parties except potentially for sending the token across.

Because of what I just described and because I don't see any standards describing how to make it secure I would say that it is not within the scope of Bell.

Now, with that said maybe there is a way to generalize this or come up with an interesting API where Bell could do a little bit of work. Maybe it could be generalized with the act of refresh tokens in OAuth 2. Also interesting is to look at https://passwordless.net/ or other implementations like it (in any language). Maybe there is a way to generalize the concept with no 1.

from bell.

ldesplat avatar ldesplat commented on May 31, 2024

Closing this issue for now. If you have any comments to add please feel free to do so and I will reopen it.

from bell.

lock avatar lock commented on May 31, 2024

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.

from bell.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.