Temporary Password Generator
danger
The Temporary Password Generator plugin is deprecated, and no active development, new versions, or bug fixes are planned. It will reach end of life with the v14.0.0 of the console.
Summary
The Temporary Password Generator is a microservice that generates Temporary-Passwords associated with arbitrary data (payload). The generated codes may be subsequently consumed by the Temporary Password Generator and be converted into JWTs.
The Temporary Password Generator may be used to implement a passwordless-login flow:
- The Temporary Password Generator issues a code linked to the user details (payload).
- The code is sent to the user (e.g.: via SMS)
- The user submits the received code to the Temporary Password Generator
- The Temporary Password Generator signs a JWT containing the user details (payload)
Exposed endpoints
The service exposes three endpoints:
- /create Used to generate a new code associated with a payload.
- /verify Used to consume a previously-generated code and obtain its details and a signed JWT containing its data.
- /public-key Used to retrieve the public key to verify the signed JWTs.
/verify endpoint may be exposed on the Internet to be used by clients to exchange codes with JWTs.