Passwordless sign in via email + iOS app


(Steve Lambert) #1

Experimenting a bit, I’m finding it’s not possible to use passwordless sign-in via email with the iOS app.

Some context

I’m running a WordPress site with some wonderful but not very not-tech savvy people who have trouble creating secure passwords and remembering them. A couple years ago we made the site passwordless via email – it helped a lot. Users no longer have passwords or use any other accounts to login, it’s all via emailed links.

We added Discourse a couple weeks ago and are using SSO from the WordPress site. This is all working great with our test audience we’ve invited in.

Then I realized the Discourse mobile apps would be nice to use also. So I started looking into it.

The issue with authentication in the iOS app

Sign-on in the iOS app happens in a browser window within the app.

In my case (as described above) it sends the user to our WordPress sign in. The user puts in their email and asks for the link. The link comes in via email. Clicking on that link opens it in Safari.app. Even if one was clever and copied then link, you can’t paste a URL into the URL bar within the browser window created in the Discourse iOS app. (see iOS screenshot below)

So I figured, well maybe we can switch our SSO from the WordPress side to the Discourse side and let our users get their passwordless email link that way. Basically, let’s subtract the WordPress part to keep it simpler and see what happens. :thinking:

It’s basically the same problem. Here’s what happened.

I have a login for meta.discourse.org. I’m not using any other login method like github or twitter, just a passwordless email link. (Curious side note: I actually never created a password because I first authenticated with github, then removed that method) When I login I click on “with email” and get sent a link. When I open the link, again, I go to the safari app - which won’t help me login to the Discourse iOS app. And I can’t paste that unique URL into my URL bar (not that doing so would be a great solution for my non-tech savvy users). :face_with_raised_eyebrow:

Ok, so…

None of this is a “bug” per se - each piece is sorta working the way it’s supposed to. And I admit, it’s a bit of an edge case. Most people have multiple logins and don’t use passwordless email exclusively.

However it is an issue for our users and it’d be splendid to come up with a solution. :wink:

But that’s the question: what would the solution be? I’d love to have my passwordless-email-link-loving users be able to use the mobile apps. Could there be a way?

:thinking:


(Sam Saffron) #2

Apologies for the somewhat short answer :slight_smile: but yeah sorting this out is very much on our shortlist of things to get done. @joffreyjaffeux is going to be working on this.


(Jeff Atwood) #4

Why do they need to use the app? Why not just use the mobile browser?

If the users are not tech savvy, adding another rando app to the mix doesn’t feel like a win?


(Steve Lambert) #5

Good point. Look at me right now, I’m actually responding to this via the mobile browser! That’s a good fallback.


(Jeff Atwood) #6

Consider the Gordian Knot officially :scissors:


(Steve Lambert) #7

I had an job early in my life working life as a QA engineer. Old habits… Hope it’s useful though.