Password-less login (authentication) means the user does not need to remember her credentials. Instead when she identifies herself using a username, the system sends to the device associated with the username a one-time password (OTP), which she uses to complete the login. By requiring a device in place of a traditional password, you also gain the extra security of two-factor authentication (2FA).
Why we implemented database-less, password-less user authentication?
- Reduce development effort
- Password-less login obviates a lot of user management flows, e.g., no password reset, no password strength evaluator, etc.
- Less friction to acquire users; users do not need to create credentials
- Onboard real users who can be contacted timely, i.e., by phone number, which is critical for economy sharing, fintech, online reservations industry
- Reduce churn resulting from users abandoning our service because they forget their passwords due to infrequent logins
Outcome in 2 Minutes
You start from creating a brand new Ruby On Rails app, and end up with an app that has password-less sign-up, login, logout pages, and a method in your backend
current_user_hash that returns the current logged-in user.
Check out the 2-minute video: http://www.youtube.com/watch?v=MNubspdhWM8_ctg
Check out the sample app code: https://github.com/ringcaptcha/user-management-rails-gem-sample-app
- Free account on RingCaptcha to send OTP through SMS/voice, and store users: https://ringcaptcha.com
- Make Rails app
- Run generator to create sign-up, login, logout pages
- Launch Rails server
1. Make Rails app
$ rails new YOUR_APP_NAME
3. Install the gem
$ bundle install
4. Generate the routes, controllers, and views
This step requires you to signup for a free account on RingCaptcha, to get API keys for sending SMS, and storing users.
- Register with RingCaptcha at https://my.ringcaptcha.com/register
- Once you have logged in, goto https://my.ringcaptcha.com/apps (by clicking 'My Apps' on the left menu), and the click 'Create new' on the top right
Configure your app:
- Select 'Web' as 'App type'
- Add in your 'Domain' name (without http/https)
- Click 'Create App'
- On the 'My Apps' screen, you can see your app and under the column 'App Key' is your
- Click on the 'Gear Icon' ('Customize') on the right side of your app
On the 'Customize' window, customize User Management:
- Click on 'ADVANCED'
- Check ''Enable User Management Integration'
- Click 'Save changes'
On the 'Customize' window, get the
- Click on 'ADVANCED'
- Now you should see 'UserManagement Application ID', which is your
UM_KEY, you can send SMS/voice OTP and store the verified phone in the cloud respectively. You can generate the route, controllers, and views code using the generator, which expects those keys
$ rails generate user_management_rails:install --ringcaptcha-key=YOUR_RINGCAPTCHA_APP_KEY --um-key=YOUR_UM_KEY
These are the files generated:
create config/initializers/user_management.rb create app/controllers/user_management_controller.rb create app/views/user_management/signup.html.erb create app/views/user_management/login.html.erb create app/views/user_management/home.html.erb route root 'user_management#signup' route post '/logout', to: 'user_management#logout' route get '/login', to: 'user_management#login' route get '/home', to: 'user_management#home' route mount UserManagementRails::Engine, at: '/'
5. Launch Rails server
$ rails s
In Rails, you can now use the method
current_user_hash, to retrieve a
Hash representing the logged in user.