Comments (4)
I am composing an answer to your questions but until I can formulate it properly, would you like to elaborate on why you think it would fit in bell's scope? I know that's the question you asked but I would like to hear your opinion on it.
from bell.
Types of passwordless systems that I am aware of
- Public/Private Key - ie. Client Authentication in SSL or SSH Key based authentication
- OTP - You generate a token on your phone or trusted device. I know it stands for One Time Password :)
- Service sends a token typically to your email or through SMS
- Not very related here but visual or behavioral recognition
I believe you may be talking about number 3 so let's concentrate on that for now.
Thoughts
Bell is a third party login plugin for hapi.
This is from the first sentence of our README and what is important is that we are a login plugin, but also specific to third parties. This is why I believe Bell never implemented a local strategy for your own username/password system like there is in Passport.
Bell has been very focused on OAuth 1 & 2 but proposals like Active Directory login or SAML fit very easily as we're authenticating with a third party service in all these cases. But, with no. 3 it seems like we are not dealing with any third parties except potentially for sending the token across.
Because of what I just described and because I don't see any standards describing how to make it secure I would say that it is not within the scope of Bell.
Now, with that said maybe there is a way to generalize this or come up with an interesting API where Bell could do a little bit of work. Maybe it could be generalized with the act of refresh tokens in OAuth 2. Also interesting is to look at https://passwordless.net/ or other implementations like it (in any language). Maybe there is a way to generalize the concept with no 1.
from bell.
Closing this issue for now. If you have any comments to add please feel free to do so and I will reopen it.
from bell.
This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.
from bell.
Related Issues (20)
- How to get facebook profile picture with custom size? HOT 5
- Support for idp with self signed certificates HOT 3
- Only node 12
- Require hapi 19
- Change plugin name to @hapi/bell
- Expose public API to refresh tokens HOT 2
- Replace Yahoo Social Directory Web Service HOT 2
- Issue with the meetup provider HOT 1
- "Failed obtaining twitch user profile" when using Twitch provider HOT 4
- Support functions for `provider.auth` and `provider.token` HOT 2
- Sign in with apple HOT 5
- Using for 3rd party tenants HOT 3
- docs: api page tutorial links to dead page HOT 1
- Improve the debugging experience when a payload is involved HOT 1
- Please document usage of local strategy
- Support client credentials as functions HOT 3
- Improve handling of rate limiting by Okta provider
- Add timeout configuration for requests
- Change callback path HOT 4
- Big cookie size
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bell.