How to have passwordless work alongside conventional authentication

[githubble01]

Hi!

I'd be happy to get some pointers on how to implement passwordless alongside conventional user/password authentiation.

The instructions are explains how to replace conventional username/password with passwordless.

[abevoelker]

Are you referring to having both login strategies on the same model (e.g. User)? Or having separate models for each different strategy (e.g. PasswordUser and PasswordlessUser)?

The former I haven't tested, and may be possible although it would be a pain. The latter, see the multiple user section of the README. You'll want to be sure to follow the "scoped views" section instructions so that your passwordless model has different login view forms than the username/password one.

[githubble01]

Yes, having both login strategies on the same model is what I mean.

I think I've managed to solve it for my app quite simply though. In my app there is no passwordless signing-up in the front end. The user is required to send a passwordless sign-up request via email.

After having received the passwordless sign-up request email, the app creates an account and sends a magic link back. This way, the front-end doesn't have to be "aware" och the magic link strategy. The user still is able to create a password using the existing "forgot password routine".

This is how I did it. I left the devise_for as is and changed the devise_scope according to the instructions.

# User account
devise_for :users,
  controllers: {
    omniauth_callbacks: "users/omniauth_callbacks",
    registrations: "users/registrations",
    sessions: "users/sessions" 
  }

devise_scope :user do
  get "session/otp", to: "sessions#otp"
  get "/users/magic_link",
      to: "devise/passwordless/magic_links#show",
      as: "users_magic_link"
end

[abevoelker]

Great, glad you figured it out and thanks for sharing what worked for you in case future users have a similar need. Closing this unless there's anything else. Thanks.

[brandoncc]

I have a need for this, so thanks for sharing your solution @githubble01

[ryanfb]

Thanks to the pointers here, I was able to implement a slightly different method of having devise-passwordless work alongside conventional password-based authentication where it still gets used as the sessions controller, which I've written up in a blog post: Flexible Passwordless Rails Authentication with devise-passwordless

[abevoelker]

Very nice article Ryan! I will add a section to the README about this since it’s clearly something people want that I didn’t anticipate. But now I can see why

…

On Sun, Mar 13, 2022 at 11:18 AM Ryan Baumann ***@***.***> wrote: Thanks to the pointers here, I was able to implement a slightly different method of having devise-passwordless work alongside conventional password-based authentication where it still gets used as the sessions controller, which I've written up in a blog post: Flexible Passwordless Rails Authentication with devise-passwordless <https://blog.podqueue.fm/2022/03/13/flexible_passwordless_rails_authentication_with_devise-passwordless/> — Reply to this email directly, view it on GitHub <#7 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AABFO47TRMORMFQ4FWL7FPLU7YPNDANCNFSM5E7NEZTQ> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. You are receiving this because you modified the open/close state.Message ID: ***@***.***>