The Temporary Password Generator is a microservice that generates Temporary-Passwords associated with arbitrary data (payload). The generated codes may be subsequently consumed by the Temporary Password Generator and be converted into JWTs.
The Temporary Password Generator may be used to implement a passwordless-login flow:
- The Temporary Password Generator issues a code linked to the user details (payload).
- The code is sent to the user (e.g.: via SMS)
- The user submits the received code to the Temporary Password Generator
- The Temporary Password Generator signs a JWT containing the user details (payload)
The service exposes three endpoints:
- /create Used to generate a new code associated with a payload.
- /verify Used to consume a previously-generated code and obtain its details and a signed JWT containing its data.
- /public-key Used to retrieve the public key to verify the signed JWTs.
/verify endpoint may be exposed on the Internet to be used by clients to exchange codes with JWTs.