Is it possible in server side to check the user with password?
I want something like this in my authentication:
- First the user should fill up their email and password
- If the email and password is valid, then proceed to 3.
- Then this is the final authentication, the phone session.
I want this kind of authentication to further protect the user. Because I am going to handle a health data. In the 1, I want to use the cloud function to check if this kind of account is already exist on backend, if it is, then it will send true, otherwise false. If then exist now the final login session will be the phone session.
It sounds like you want multi factor authentication?
it something like that
It might be best to use some oauth provider that has support for multifactor authentication.
sir steve is it okay that:
- user will logein their email and password
- If it suceed then the system will execute the function to unverified the phone number of the user. Then the systel will automatically send the token to the user
- So that the user will have multifactor authentication.
Is this okay?
I don't think you need to worry about getting the token after signing up/logging in the user, since that process already checked the token. I'm guessing you already have a way of storing phone numbers in a collection. All you have to do is create 2 login screens the first that normally logs in or sign up the user and the other that's like a gatekeeper after checking if the number is new or in the database. If it's in the database proceed. If it's not then add it then proceed
Pretty simple π
You could make checking the database for a phone number a cloud function. Would be better to start with something simple first. Good luck π and keep appwriting <:appwritecheers:892495536823861258>
The problem is this is only client side validation which isn't safe
