A Vendure plugin allow users log in using email and verification code
A lot of times we want visitors (aka customers) to complete their purchase order as quick as possilble. However, they usually hesitate to create a credential to a random online shop at checkout step. So we provide a way to quickly authenticate those visitors by their email and a verification code that is sent to their email.
- Expose a GraphQL Query "
requestOneTimeCode
". - Add an authentication strategy to GraphQL mutation "
authenticate
".
yarn add @denz93/vendure-plugin-simple-auth
or
npm i --save @denz93/vendure-plugin-simple-auth
import { SimpleAuthPlugin } from "@denz93/vendure-plugin-simple-auth";
...
export const config: VendureConfig = {
...
plugins: [
...
SimpleAuthPlugin.init(options) //see Options
]
}
-
attempts:
number
Plugin will invalidate the verification code after user's
attempts
.
default: 5 -
ttl:
number
Time to live
How long the verification code is valid for.
default: 600 (seconds) -
length:
number
How many digits/alphabets the verification code should be.
default: 6 -
includeAlphabet:
boolean
Should allow alphabet characters.
default: false (akadigits only
) -
isDev:
boolean
If true, the verification will return along with the response of query.
requestOneTimeCode
.
It's for debug and testing.
default: false -
cacheModuleOption:
CacheModuleOption
By default, the plugin use
"memory"
for caching which is underlying using NestJs CacheModule.
To change cache store toRedis
,MongoDB
, etc, please see NestJs CacheModule docs here.
You also want to see here fromcache-manager
which is underlying used by NestJs.
Note: should use cache-manager 4.x if using Vendure under 2.x
default: {} -
checkCrossStrategies:
boolean
Strictly enforce unique email among all strategies
For example:
- One day, user "John" sign in using Google authentication with "john@gmail.com".
- Another day, user "John" sign in using One-time passcode authenication (this plugin) with the same email.
- This plugin will throw an error if the flag is enabled.
default: false.
Note: This only works if Google authentication plugin using email as an identifier
** Note: Since v1.3.0
you don't need to config this step anymore. The plugin will automatically append the handler
to Email Plugin
// vendure-config.ts
import { oneTimeCodeRequestedEventHandler } from '@denz93/vendure-plugin-simple-auth';
...
export const config: VendureConfig = {
...
plugins: [
...
EmailPlugin.init({
...
handlers: [...defaultEmailHandler, oneTimeCodeRequestedEventHandler]
})
]
}
- Prevent cross authenticate (Ex: users use same email for GoogleAuth and SimpleAuth)