authentication icon indicating copy to clipboard operation
authentication copied to clipboard
verified publisher icon cakephp

LoginLink functionality

Open dereuromark opened this issue 2 years ago • 4 comments

See https://symfony.com/doc/current/security/login_link.html

probably similar to the Token authenticate, but more stateful, and probably with a similar hashing algo. The database approach would be something that could be custom user land plugin.

dereuromark avatar Feb 07 '24 22:02 dereuromark

It looks like there are few components to a login flow like this:

  • A way for a user to request a new link. We can't easily provide the controller logic but we could provide interfaces/methods for generating signed tokens.
  • A way to deliver tokens to users. I think this would need to be an application concern.
  • Views for requesting links. I don't think we can provide this either.
  • An Authenticator that fetches tokens out of the request and can login the user.

Do we need storage for tokens? It seems like a signed token could contain the identifier, expiration time. If we wanted to support a limited number of token uses, we could store that data in a cache backend instead of requiring formal schema.

markstory avatar Feb 08 '24 20:02 markstory

For the old auth component I built a token based system, that stores the token in DB It has the advantage of invalidation control - and shorter URLs :)

But for this kind of plugin here it seems the Symfony style with a hash and all params contained seems sufficient. This way no storage is needed, they are basically just valid then until expiration.

dereuromark avatar Feb 08 '24 21:02 dereuromark

I'm biased to stateless tokens as they are simpler to get going and can offer the same level of security as stateful ones can (with some caching).

markstory avatar Feb 09 '24 15:02 markstory