Authentication is one of the key elements of many web applications. It is the stone wall between the application and its users, so it's important that the authentication approach is secure and easy to use. But, what is this "authentication"? It's a way of ensuring only users authorized by our application are allowed to use the application. As I am sure you know, there are many ways to authenticate a user, such as Email/Password, OpenID Connect, SAML, SSO, and so on.
Today, we're going to take a look at another approach: Password-less authentication.
What is Password-less Authentication?
When a user registers for a website, the application allows the user to chose their credentials, usually a username or email/password. The user can then enter those credentials anytime to login to the application. Password-less authentication is basically eliminating the password part and using just the email to both register and login.
How this works is, when a user registers to our application, an email is sent to activate their account. This allows us to verify if the email belongs to the user. Now that we have a verified email. The next time that user tries to login, we will send them an email with the token for the user to use to sign into the app. Once the user clicks on the link with the token, the application will authenticate the user.
Continue reading %Password-Less Authentication in Rails%
by Vinoth via SitePoint
