I'd like to implement a custom auth for my users collection, where a custom code will be sent to the users email and once they enter it they are authed.
Any simple way to achieve this ?
@kris0x Good morning kris - I've done something like this!
This is similar to a "verify email" token in a way
It would sort of work like this
1.) User is created, a hook fires and sends an email to the user. The custom email can be easily defiend on your collection and it should include a URL to your frontend with a unique id (could be the created collection id). For instance...
2.) Create a custom endpoint on your auth collection that will be used to authorize the user. You want to check a property on the request, probably "token" and then update the verified property on the user.
3.) On your frontend, make sure the link you sent in the email will function. The frontend app needs to get the query parameter value from the URL (or allow them to enter a token), and then make an API request to your custom endpoint.
That's a quick overview of how I did it, happy to share examples.
Hey thanks for response. I see what you mean. My usecase though is that I don't want my users to enter passwords at all.
They would enter email and then they would receive a 6 digit code or link that they can click that would auth them
do I need this for this ?
Found this here
@kris0x If you don't want to use passwords for auth, then you could create a non-auth collection and deal with data using a token
I really like auth capacities of payload (cookie etc)