Rails 'devise' alternative: Password-less (2FA) & Database-less User Sign-in/Sign-up Using One-Time-Password in 2 Minutes

#rails

#ruby

#user management

#2fa

#two-factor-authentication

#phone verification

Definition

Password-less login (authentication) means the user does not need to remember her credentials. Instead when she identifies herself using a username, the system sends to the device associated with the username a one-time password (OTP), which she uses to complete the login. By requiring a device in place of a traditional password, you also gain the extra security of two-factor authentication (2FA).

Benefit

Why we implemented database-less, password-less user authentication?

Reduce development effort
- Password-less login obviates a lot of user management flows, e.g., no password reset, no password strength evaluator, etc.
Less friction to acquire users; users do not need to create credentials
Onboard real users who can be contacted timely, i.e., by phone number, which is critical for economy sharing, fintech, online reservations industry
Reduce churn resulting from users abandoning our service because they forget their passwords due to infrequent logins

Outcome in 2 Minutes

You start from creating a brand new Ruby On Rails app, and end up with an app that has password-less sign-up, login, logout pages, and a method in your backend current_user_hash that returns the current logged-in user.

Check out the 2-minute video: http://www.youtube.com/watch?v=MNubspdhWM8_ctg

Check out the sample app code: https://github.com/ringcaptcha/user-management-rails-gem-sample-app

Requirements

user_management_rails gem: https://rubygems.org/gems/user_management_rails
Free account on RingCaptcha to send OTP through SMS/voice, and store users: https://ringcaptcha.com

Outline

Make Rails app
Install user_management_rails gem
bundle install
Run generator to create sign-up, login, logout pages
Launch Rails server
Try!

Details

1. Make Rails app

$ rails new YOUR_APP_NAME

2. Add `user_management_rails` to `YOUR_APP_NAME`/Gemfile directory

gem 'user_management_rails'

3. Install the gem

$ bundle install

4. Generate the routes, controllers, and views

This step requires you to signup for a free account on RingCaptcha, to get API keys for sending SMS, and storing users.

Once you have logged in, goto https://my.ringcaptcha.com/apps (by clicking 'My Apps' on the left menu), and the click 'Create new' on the top right

Configure your app:

Select 'Web' as 'App type'
Add in your 'Domain' name (without http/https)
Click 'Create App'

On the 'My Apps' screen, you can see your app and under the column 'App Key' is your RINGCAPTCHA_APP_KEY

Click on the 'Gear Icon' ('Customize') on the right side of your app

On the 'Customize' window, customize User Management:

Click on 'ADVANCED'
Check ''Enable User Management Integration'
Click 'Save changes'

On the 'Customize' window, get the UM_KEY

Click on 'ADVANCED'
Now you should see 'UserManagement Application ID', which is your UM_KEY

With RINGCAPTCHA_APP_KEY and UM_KEY, you can send SMS/voice OTP and store the verified phone in the cloud respectively. You can generate the route, controllers, and views code using the generator, which expects those keys

$ rails generate user_management_rails:install --ringcaptcha-key=YOUR_RINGCAPTCHA_APP_KEY --um-key=YOUR_UM_KEY

These are the files generated:

create  config/initializers/user_management.rb
create  app/controllers/user_management_controller.rb
create  app/views/user_management/signup.html.erb
create  app/views/user_management/login.html.erb
create  app/views/user_management/home.html.erb
 route  root 'user_management#signup'
 route  post '/logout', to: 'user_management#logout'
 route  get '/login', to: 'user_management#login'
 route  get '/home', to: 'user_management#home'
 route  mount UserManagementRails::Engine, at: '/'