cli icon indicating copy to clipboard operation
cli copied to clipboard

Published 20 hours ago verified publisher icon ipinfo

Link based authentication / account creation

Open coderholic opened this issue 3 years ago • 6 comments

CLI currently lets you paste in an existing API token. It'd be awesome if it supported signing up for a new token and creating an account from the CLI. Would need some web changes, and not needed for v1, but we should think through what this flow might look like.

coderholic avatar Mar 03 '21 23:03 coderholic

I guess the flow could look like:

$ ipinfo signup
Fullname: <first> <last>
Email: <email>
Password: <pw>
Signing you up...
Done! Please check <email> for a confirmation code.

$ ipinfo signup-confirm
Code: <code>
Confirming...
Done! You're now logged in with token <token>.
Use `ipinfo logout` to unauthenticate.

UmanShahzad avatar Mar 04 '21 02:03 UmanShahzad

I think we can do something better than that.

We can simplify login and logout and replace with init, that can take an API token as an argument, eg:

$ ipinfo init $token Token set $

Or when you don't pass one in:

$ ipinfo init
1) Enter an existing API token
2) Create a new account

(if you're already logged in, it could show a token already set warning)

If you select 2 then we could ping the website and get a unique URL for you to signup, eg something like:

$ ipinfo init
2
Go to ipinfo.io/signup/cli/$uniqueid to get your access token. Press enter when done
[enter]
All set with token $token

The ipinfo.io/signup/cli/$uniqueid could be the normal signup flow, or it could be streamlined. But then we could support fetching the token from the same Ip at ipinfo.io/signup/cli/complete/$uniqueid or something.

coderholic avatar Mar 05 '21 02:03 coderholic

Oh that's really nice, I especially like that it consolidates the login process into it in a simple way.

Right, so:

  1. We can make a strongly rate-limited endpoint for generating unique IDs for CLI signups to get the initial ID.
  2. The user gets their URL, follows through to sign up, and in the background the CLI is pinging an endpoint using the unique ID to check if the signup is complete.
  3. Hitting enter here will cause the CLI to try pinging immediately rather than on the interval, but even without hitting enter it can see that the process is complete via the interval pings.
  4. If the ping is "successful" (i.e. signup complete), we get back the user's token and save it and finish.

UmanShahzad avatar Mar 05 '21 04:03 UmanShahzad

Yeah - except I think we can just generate the ID on the client - some UUID or random number, and we just pair it to the IP on the server (so assume ip, id is unique)

coderholic avatar Mar 05 '21 04:03 coderholic

Right, that reduces one endpoint needed, and the /signup/cli/<id> endpoint can do the actual pairing of id+ip, and pinging + getting the token will require both.

Looks well-fleshed out to me now.

UmanShahzad avatar Mar 05 '21 05:03 UmanShahzad

Tagging this as something we can do for v2.

UmanShahzad avatar Mar 26 '21 11:03 UmanShahzad