Level 88
Well, you need to store the data somewhere. Since you have a stateless API, you probably use JS to communicate with the server. You can store if the user passed in localStorage.
Aug 10, 2020
3
Level 9
Best way to implement an OTP system on a stateless API?
Hello,
I need to integrate an OTP system (One Time Password) to an API using Sanctum.
- The user logins
- He receives an OTP code by SMS or mail
- He fills the code on the app
- Then he can access to his account
But since it's an API, my routes are under the api middleware and not web : I can not use a session.
So, how do I store whether or not my user has passed the OTP step?
I need to save this information in order to authorize or not other requests.
Level 9
@bobbybouwmann Yes but I can not rely only on localStorage since it can be altered by the user
Level 88
The token is shorted lived, right? You only have to keep it in localStorage for 30 seconds until the user is logged in. You can store a timestamp in there and if that is expired you also clear the value.
The OTP is only there to log the user in. After that, you have a cookie from Sanctum that you can use to authenticate the user. The OTP is just an extra check, not the actual login.
Please or to participate in this conversation.