Adds one-time password (OTP) authentication to your user resource

Adds the OTP strategy to your user resource — passwordless authentication via a short code (e.g. XKPTMH) sent via email or SMS.

Brute-force protection is required by the strategy. By default this task composes an audit_log add-on (creating one if it doesn't already exist) and wires brute_force_strategy {:audit_log, :audit_log} into the strategy.

Example

mix ash_authentication.add_strategy.otp

Options

• --user, -u - The user resource. Defaults to YourApp.Accounts.User
• --identity-field, -i - The field on the user resource that will be used to identify the user. Defaults to email
• --name, -n - The name of the OTP strategy. Defaults to otp.

Notes

registration_enabled?: true (sign-in becomes an upsert) is not currently supported by this task because the verifier forbids the :audit_log brute-force strategy in registration mode, and the alternatives (:rate_limit or {:preparation, ...}) require user-supplied configuration. Add the strategy by hand and follow the OTP tutorial if you need that mode.