WestKeys
Handling TOTP
Currently building authentication for a mobile app, and the flow goes as follows:
User inputs phone # > User receives TOTP SMS > User inputs TOTP > User is logged in
Would you store TOTP in DB or in memory (ETS or GenServer)?
Most Liked
benwilson512
Database. It lets you run multiple versions of your app easily, and if your app goes offline, that doesn’t nuke people’s code.
GenServers / ets are a great way to store ephemeral state or cache values. TOTP codes are short lived but not ephemeral.
Exadra37
It means that if you store them in memory and your server goes off or restarts before the user receives the TOPT and inputs it, then the application will not recognize the valid TOPT and the user is forced to repeat the process.
benwilson512
would you have a separate table for them, or just stick them in the account/user table ?
Definitely a separate table. You want to track individual issuances of these codes.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #javascript
- #code-sync
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance








