Authenticators in signup and login

[louischan-oursky]

Problem

The configuration primary_authenticators is read by signup and login.
Skygear prompts the user the setup the 1st authenticator during signup.
Skygear only allows the user to use the authenticators listed in primary_authenticators during login.

If primary_authenticators is changed from ["password"] to ["oob_otp"], users who only have password can no longer authenticate themselves.

Suggested solution by Ben

Ben suggested that we could separate primary_authenticators into two fields, one for signup, one for login.

So if the developer wants to migrate from password to OOB OTP the configuration change is

# old config
# field names are temp
primary_authenticators_signup: ["password"]
primary_authenticators_login: ["password"]

# new config
primary_authenticators_signup: ["oob_otp"]
# It is very important that the developer moves "password" to login
# otherwise existing users cannot authenticate anymore
primary_authenticators_login: ["oob_otp", "password"]

[chpapa]

Actually the “solution” I suggested above in Slack is just a business case understanding from the user...

For our solution, we might want to consider a general solution, if we will support multiple types of sign up / login UI some days (now we only have one), we might want to allow configuration of “all authenticators enabled in this app”, plus the authenticators usable at login / signup for each UI....

But maybe the above is a bit overkill, we don’t have a solid use cases of how / why people want multiple signup / login UI yet.