Problem
The current AUTH block covers the simple email/password case:
## AUTH
provider: firebase
method: email
This does not cover:
- MFA (a second step after password entry)
- OAuth popups (require window focus handling)
- Email verification flows
- CAPTCHA challenges
- SSO redirects
For a simple habit tracker this is fine. For most production apps
it is not.
Proposed change
Either extend the AUTH vocabulary with optional fields for these
flows, or allow a full multi-step AUTH UI block (same step grammar
as capability UI steps) so complex auth flows can be described
explicitly.
Source
Raised during implementation review against production apps with
multi-factor authentication requirements.
Problem
The current AUTH block covers the simple email/password case:
This does not cover:
For a simple habit tracker this is fine. For most production apps
it is not.
Proposed change
Either extend the AUTH vocabulary with optional fields for these
flows, or allow a full multi-step AUTH UI block (same step grammar
as capability UI steps) so complex auth flows can be described
explicitly.
Source
Raised during implementation review against production apps with
multi-factor authentication requirements.