One-click login NO passwords! [FREE]

Comments

• Options

  R_J Ex-Fanboy Munich Admin

  July 2019

  I like that idea very much. The two factor authentication idea is all around, but I think for forums there is a benefit if registration is as easy as possible "Login in with service XY" SSO solutions are a great way to deal with it, and being able to simply use your mail without setting up a social media account is a nice idea.

  The plugin doesn't offer a "register with fast.co" option, though. Only signing in with an existing account seems to be supported. I think it should also be usable to make registration more easy. Since your service doesn't store any information, the only thing which can be made more easy would be to make the password fields superfluous.

  But there are several (major) problems with the current implementation (in the order of appearance):

  1. The plugins file name should be named like the class name.
  2. When the plugin is enabled, the administrators mail address is automatically sent to your APIs /enroll endpoint. Sending private data without giving the user the choice to do so is a no go.
  3. Since the admin user is not even notified about the account that has been created with this mail address he cannot even use it to look at the statistics; the mail used for that auto-enrollment is communicated
  4. Buttons are HUGE. It's that big, that even your "Fast" logo needs to get truncated in the panel. If they are used together with other social network logins, they shouldn't be as big as that, but only a small icon, too.
  5. If there is that FAB like login button, which helps you at any point to log in, I would have the expectation that after logging in I would be redirected to that page again, but as far as I understood, that is not yet working
  6. "As far as I understood", because in my setup, a forum behind a proxy secured with basic auth, the button loading api crashes my site as soon as I login and I never see anything different than "transferring data from api.fast.co" and as a result "a website is slowing down your browser"

  

  

  
  

  By the way: that handy api.fast.co/api/enroll endpoint allows using parts of your services with unauthorised mail addresses. I suggest to send a "to finish your enrollment process click here" mail which - well authorises an automagical enrollment

  1
• Options

  domm New

  July 2019

  Thanks so much for your feedback, this is a beta v1 of the Vanilla plugin so really appreciate this feedback.

  We truly believe that better security does not need to sacrifice user experience, and our #1 goal is to maker it far easier and faster for users to login or register to your forums, whilst providing them better security.

  We also believe that users shouldn't have to use a social network and sell their data to advertisers, or be a member of another network as a trade off for the ease of use, that's why we built Fast.

  Everyone benefits from making it easier to register and login.

  The plugin does supports the ability to create new accounts automatically for users logging in for the first time. After authentication, the user then is simply asked to create a username, which makes registration extremely simple and frictionless for users.

  1. The plugins file name should be named like the class name. Good suggestion
  2. When the plugin is enabled, the administrators mail address is automatically sent to your APIs /enroll endpoint. Sending private data without giving the user the choice to do so is a no go. This is purely designed to make installation easy, and that the app is owned by the site admin.
  3. Since the admin user is not even notified about the account that has been created with this mail address he cannot even use it to look at the statistics; the mail used for that auto-enrollment is communicated. We are actually about to release an automatic email for app owners on app creation so that they know they can access dashboard and see statistics.
  4. Buttons are HUGE. It's that big, that even your "Fast" logo needs to get truncated in the panel. If they are used together with other social network logins, they shouldn't be as big as that, but only a small icon, too. Buttons load via a JS library external to this plugin automatically, they expand/shrink to fit the size of the container they are housed in, to allow the site owner to determine the appropriate size. We also have a new version of the button library launching in a week which has a much better aesthetic, and more robust responsiveness. Will display automatically for all existing sites.
  5. If there is that FAB like login button, which helps you at any point to log in, I would have the expectation that after logging in I would be redirected to that page again, but as far as I understood, that is not yet working. You are correct, this is exactly how it should work, was left out of this plugin version unfortunately.
  6. "As far as I understood", because in my setup, a forum behind a proxy secured with basic auth, the button loading api crashes my site as soon as I login and I never see anything different than "transferring data from api.fast.co" and as a result "a website is slowing down your browser" hmmmm if you are already authenticated with basic auth, it should load, interested to know if there is another issue here

  Regarding your /enroll suggestion, we have considered this many times, but left it open as we can monitor for abuse, and it makes installation much easier. Also, once we release the automated email to new app admins, we will include a link for "This wasn't me"

  We have released this Addon as open and would love to have the community help to further develop this Addon, we have made public our Github repo - https://github.com/fast-af/vanilla-forums-addon and would encourage you and others to get more involved. :)

  0