Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create secure method of authentication #117

Open
jamespfluger opened this issue Mar 12, 2023 · 0 comments
Open

Create secure method of authentication #117

jamespfluger opened this issue Mar 12, 2023 · 0 comments
Labels
android This issue relates to the Android project aws This issue directly relates to Amazon Web Services (AWS) enhancement New feature or request .net-middleware This issue relates to the Alexa services projects

Comments

@jamespfluger
Copy link
Owner

To connect a device with Alexa, right now we're using an unauthenticated API that relies on Alexa speaking a OTP to find a device. This isn't ideal because someone could theoretically spam the API with a payload and block the API.

It'd be better to have an authenticated account system set up, which would require a host of new problems to solve:

We'll need:

  • A sign up website, fully compatible with "Sign Up" and "Sign In" and "Forgot Password" - maybe we can do this with a Blazor page? That sounds like a fun project to get into
  • Preferably some form of MFA, either via an MFA app, email, or phone. Let's go with the cheapest MFA option
  • Someplace secure to store the passwords. This should be done using a service and not implemented on our own. This is the hard part because security needs to be more important than it's been treated.
  • Implement authentication into the app - ideally using an easy service
  • Implement authentication into the API - ideally using an easy service

This may have to be it's own project and would be considered an epic.
@jamespfluger jamespfluger added enhancement New feature or request android This issue relates to the Android project .net-middleware This issue relates to the Alexa services projects aws This issue directly relates to Amazon Web Services (AWS) labels Mar 12, 2023
@jamespfluger jamespfluger changed the title Update method of authentication Create secure method of authentication Jun 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
android This issue relates to the Android project aws This issue directly relates to Amazon Web Services (AWS) enhancement New feature or request .net-middleware This issue relates to the Alexa services projects
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jamespfluger