Skip to content

auth - well knowns and small gotchas #105

Open
Open
auth - well knowns and small gotchas#105
@joe-getcouragenow

Description

@joe-getcouragenow
joe-getcouragenow
opened on Jan 7, 2021

The login flow is full of weird little gotchas..

  1. Our Flutter GUI does not work with "Suggest Password" in Chrome.
  • Well known MIGHT help..
    login_screen

  1. Verification goes to an URL but down not ask you to login on that same page. SO then any MITM on your email means they can do account takover.

  2. Naming and routing for "well knowns" makes it play well with Browsers and password managers. Its become a standard to help the world all get along basically.

For our own Auth System:
Well Known Change Password support
"./well-known/change-password"
https://web.dev/change-password-url/

Same goes for our later OAuth system:
"https://server.com/.well-known/openid-configuration"

https://github.com/fmitra/authenticator

  • Good basis for the hardening we will need later
  • Demo works well.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions