AuthUR is our name for our "Authorized User Registration" system which relies on sequences of "Authorized User Requests" and associated "Authorized User Response" replies.
Facebook Oauth Login: To login as a user and post content you must be a registered Facebook user and Login to Storybook (which was also a registered FB application) using the FB Oauth authentication scheme. The measure of security provided by this Login method is sufficient to satisfy Facebook requirements. Other social media also provide similar user ID schemes. These schemes notify the authorization provider, for example Facebook, that you have logged into the associated application. The lack of privacy and security are two of the reasons Storybook does not support social media logins.
The next three login methods are presented as functional demos of some common login techniques.
SignUp-SignIn: To login as a user you must first authenticate yourself as having control over an email address by a token exchange, after which logins are done by entering both the Password and the verified email address or a user name we extract as the recipient name from the email address (the Username will change if the email address is changed). A periodic revalidation of the user email may be appropriate for this method.
Magic Links: Instead of asking a user for a password, this form of no password authentication asks a user to enter their previously registered email address into the login box. An email is then sent to them, with a link they can click to log in. This process is repeated each time the user logs in because by default the Magic Link cannot be used more than once. Time to live (TTL) is a consideration for this scheme, how long is the link good or valid. The default TTL is two minutes. Password entries for this login choice are ignored.
One-Time Passwords/Codes: One-time passwords (OTP) or one-time codes (OTC) are similar to magic links but require users to input a code as a single use Password instead of simply clicking a link. The OTP is sent to their previously registered email or mobile device. This process is repeated each time a user logs in because by default the OTP cannot be used more than once. TTL is a consideration for this scheme, how long is the OTP good or valid. The default TTL is two minutes. Password entries are ignored for this choice until after an OTP has been requested and then the emailed OTP Password is used to Login one time.
The MFA scheme used by Storybook leverages NFT images and encryption technologies to present a unique Multi-Factor Authentication method.
AuthUR NFT Image MFA: Multifactor Authentication schemes in general rely on a concept using two "factors" to identify a user. One factor is something the user knows, for example their password.The second factor is something the user (and hopefully only the user) has in their possession. Frequently the factor that the user possesses is a key fob with a frequently changing displayed code value, or perhaps more commonly a code sent by SMS messaging to their cellphone. A user is required to input the MFA code as an additional single use Password. This process is repeated each time a user logs in because by default the MFA token cannot be used more than once. TTL is a consideration for this scheme, how long is the MFA good or valid. The default TTL is two minutes. Password entries are ignored for this choice after an MFA has been requested until it is used to Login one time.
