Module: StandardId::PasswordlessFlow

Extended by:

ActiveSupport::Concern

Includes:

PasswordlessStrategy

Included in:

Api::PasswordlessController, Web::LoginController, Web::LoginVerifyController

Defined in:

app/controllers/concerns/standard_id/passwordless_flow.rb

Overview

Public concern for host app controllers that need passwordless OTP capabilities.

Include this in your custom controllers to generate and verify OTP codes without mounting the WebEngine’s built-in login controllers.

Requires the including controller to have access to ‘request` (standard in all Rails controllers). No other dependencies are needed – both `generate_passwordless_otp` and `verify_passwordless_otp` only use `request`.

Examples:

Usage in a host app controller

class Auth::LoginController < ApplicationController
  include StandardId::PasswordlessFlow
  include StandardId::WebAuthentication # needed for session_manager
  include StandardId::LifecycleHooks

  def create
    generate_passwordless_otp(username: params[:email])
    redirect_to verify_path
  end

  def verify
    result = verify_passwordless_otp(username: params[:email], code: params[:code])
    if result.success?
      session_manager.sign_in_account(result.account)
      redirect_to root_path
    else
      render :verify, status: :unprocessable_content
    end
  end
end

Constant Summary

Constants included from PasswordlessStrategy

StandardId::PasswordlessStrategy::STRATEGY_MAP