Day 13

Signing in with phone-first authentication

Ryan Strickler
Dec 10, 2016 · 2 min read

So it turns out that when you’re doing a phone-first sign-up process, there’s quite a bit to think about when it comes to signing in. Or at least there is when I’m doing it, which might just be me letting things get out of hand.

When a visitor signs up, I’m creating a few different records to keep track of things. A device record is automatically generated when someone comes to the site in a new browser. If they’re returning, then we look at a cookie saved in their browser to identify them. To verify the visitor, we use a phone record: to track their number and verify them in the “real” world with a text message. For first timers, a user record is created. This record is anonymous at first and just ties things together between a phone and the browser or browsers it belongs to.

So when a guest signs out and signs back in, we hit their phone number with a text message again to make sure it’s still legit. We’ve already confirmed the phone number, so to keep track of what’s going on for anything after the first time, I’m creating a signin record, so a guest can sign in multiple times. Each signin is tied to a user and a device.

Now that I’m getting deeper into things, I think a better way is to also connect the phone record to the signin. I’ll move the unique tokens I was using to confirm the phone number to the signin records instead and that way I can use the same process for both the initial sign up phase and future sign in phases.

After I make this change, either process will look like this:

  • Confirm the signin, based on the unique token sent by text.
  • Confirm the related phone, if necessary.
  • Mark the device associated with the signin as authenticated.
  • Upgrade the user from “visitor” to “guest” if it’s their first time signing in.

What am I missing? I’d love to hear your thoughts.

Hopefully having things highly separated will prove to be helpful long-term, rather than painful. It’s a lot to think about in some ways, but there’s some logical separation that helps keep things clear and keeps my controllers and models smaller.

Little King: Daily Log

Building something every day.

Ryan Strickler

Written by

Building something every day. Launching something new every 6 weeks. Writing about everything along the way.

Little King: Daily Log

Building something every day. Launching something new every 7 weeks. Writing about everything along the way.

Ryan Strickler

Written by

Building something every day. Launching something new every 6 weeks. Writing about everything along the way.

Little King: Daily Log

Building something every day. Launching something new every 7 weeks. Writing about everything along the way.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch

Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore

Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store