I haven’t been across the latest developments in Meteor but have been using it quietly in the background.
Just wondering if there has been any discussion into extending the Accounts package to include password-less authentication?
I’ve seen a few 3rd party packages, but this seems like more of a core capability that Accounts should have.
It is almost there with the email verification already doing the heavy lifting: generating a token, sending the email, login the user in on clicking the link, I am sure the token must expire too (haven’t looked into it).
I imagine to build this in would be relatively simple. Probably use a different token type in the user document to not confuse email validation with login. Needs a new email template and hook for the client to login. Some documentation to cover its use on the docs site.
Here are two implementations which I am sure are great and work, but are each more than half a decade old and maybe unsupported.
Hi! I’m finding something like this.
The user login, if it is the “first time”, he receive an email with a link.
Clickind the link authorize login for sometimes.
After this or a logout, the user have to login again.
On first registration this is what happens anyway because the user needs to validate/verify their email address. On clicking that link they are logged in. Just need a way to offer this as a login method.
Meteor allows you to create a custom login method:
Meteor.startup(function() {
Accounts.registerLoginHandler('your-method-name', (options) => {
// console.log('custom login');
const { someField, otherField } = options;
if (!someField || !otherField) {
return undefined; // don't handle
}
// run some code to validate login data here
const serviceName = 'your-custom-service'; // works like password, this data will be stored in users.services field
const serviceData = {
id: 'someUniqueId', // must have this field.
somedata: 'someValue',
// other data here
};
const serviceOptions = {
// additional option
};
const result = Accounts.updateOrCreateUserFromExternalService(
serviceName,
serviceData,
serviceOptions,
);
if (!result || !result.userId) {
throw new Meteor.Error('something wrong', 'Something does not go right');
}
On the client side
// call this to login user
Accounts.callLoginMethod({
// there data must match your back-end code above
methodArguments: [
{
someField: 'some data',
otherField: 'some other data',
},
],
userCallback: (error) => {
if (error) {
// login failed
showError(error.message);
} else {
// login successfully
// do something here
}
},
});
It’s funny that I don’t remember how I found that. But it’s there in the Accounts package. Sometime you need to dig into the code and it’s open source. WOW.