discord-moodle-bot
discord-moodle-bot copied to clipboard
🛂 Add alternative authentication method
⚠️ This user story is a draft and will be implemented only if it becomes really necessary. So give it a +1 if u need this!
As a User I want to use the registration token for a onetime login because I cannot use WebAuthn (Buy a freaking security stick, NOW!)
Description:
Maybe in a far away universe there will be the case when a user does not have the possibility to use WebAuthn. In this situation, the user should be able to use the registration token as a "one-time login token", to get access to the web interface without registration.
As this is not the primary authentication method, the access is a bit hidden. The idea is, to hove the registration button for more than 7 seconds, the switch to the
🟢 In scope:
- Add new a endpoint
- Delete reg token after the jwt has been generated
- Update Frontend according to the description
- Update documentation api and wiki
🔴 Not in scope:
- replace webauthn
What should be the result?
GIVEN a user has a reg token WHEN the user decided to use one-time login THEN to reg token will become invalid and the user receives a normal jwt
GIVEN a user has a reg token WHEN' the user hovers the reg button for more than 7 sec THEN the button will changes its text to e.g "Use one-time login"