please visit the popular challenger bank https://web.tide.co/login/ for an example.
Their auth strategy is to present the user with a QR code that changes every 30 seconds (I'm sure this is a representation of some form of hash representing a token). In order for the user to authenticate, they must open the mobile app, authenticate and then scan the QR code via the app. This fires a request back to the provider who then match the two tokens and then authenticated the online website and shows the dashboard.
I am curious how this strategy keeps the login page on the webpage constantly listening for a change in the backend to know for sure the QR code has been scanned from an authenticated device. Are Tide keeping a channel open at their log in page, creating a session cookie and storing it locally. Some scalable and reliable way to return back to the browser from the mobile app.
If you were re-creating this in rails, where would you start?
I came to the forum for exactly this question.
I do not have the full answer but it would appear creating an Oauth2 service as your auth.site.com app is a good start.
The auth service will act as authorizer to any pre-registered apps such as app1 and app2 etc Chris has some good content on Oauth2 so give those a watch for an intro and then work out your strategy form there.
for some weird reason my attempt to send is taking 60 seconds + i'm not getting any error (or anything obviuous), have you experienced this?
Rendering notification_mailer/welcome.html.erb within layouts/mailer
Rendered notification_mailer/welcome.html.erb within layouts/mailer (Duration: 0.3ms | Allocations: 81)
NotificationMailer#welcome: processed outbound mail in 3.0ms
Delivered mail 5ed7d1bc53d59_5243ff1f6436e6c235e1@Deargs-MBP.mail (60054.4ms)
Date: Wed, 03 Jun 2020 17:37:16 +0100
Subject: welcome to our app
<br> /* Email styles need to be inline */<br>
=> #, , , >, , , , >