Experimenting a bit, I’m finding it’s not possible to use passwordless sign-in via email with the iOS app.
I’m running a WordPress site with some wonderful but not very not-tech savvy people who have trouble creating secure passwords and remembering them. A couple years ago we made the site passwordless via email – it helped a lot. Users no longer have passwords or use any other accounts to login, it’s all via emailed links.
We added Discourse a couple weeks ago and are using SSO from the WordPress site. This is all working great with our test audience we’ve invited in.
Then I realized the Discourse mobile apps would be nice to use also. So I started looking into it.
The issue with authentication in the iOS app
Sign-on in the iOS app happens in a browser window within the app.
In my case (as described above) it sends the user to our WordPress sign in. The user puts in their email and asks for the link. The link comes in via email. Clicking on that link opens it in Safari.app. Even if one was clever and copied then link, you can’t paste a URL into the URL bar within the browser window created in the Discourse iOS app. (see iOS screenshot below)
So I figured, well maybe we can switch our SSO from the WordPress side to the Discourse side and let our users get their passwordless email link that way. Basically, let’s subtract the WordPress part to keep it simpler and see what happens.
It’s basically the same problem. Here’s what happened.
I have a login for meta.discourse.org. I’m not using any other login method like github or twitter, just a passwordless email link. (Curious side note: I actually never created a password because I first authenticated with github, then removed that method) When I login I click on “with email” and get sent a link. When I open the link, again, I go to the safari app - which won’t help me login to the Discourse iOS app. And I can’t paste that unique URL into my URL bar (not that doing so would be a great solution for my non-tech savvy users).
None of this is a “bug” per se - each piece is sorta working the way it’s supposed to. And I admit, it’s a bit of an edge case. Most people have multiple logins and don’t use passwordless email exclusively.
However it is an issue for our users and it’d be splendid to come up with a solution.
But that’s the question: what would the solution be? I’d love to have my passwordless-email-link-loving users be able to use the mobile apps. Could there be a way?