11. Verification/02. Generate TOTP (💪 problem)

Generate TOTP

👨‍💼 Now we're going to use @epic-web/totp to generate a time-based one-time password. We'll want to make it valid for 10 minutes and use the SHA256 algorithm. We're going to use the defaults for everything else (though you may consider using a bigger character set to increase the entropy of the password).

Once we've got the TOTP generated and the verification added to the database, we're going to want to send an email with the one-time password. We're already sending them an email, so we'll just add the TOTP to the email we're already sending.

Another cool thing the

/verify

route supports is the ability to pre-fill the TOTP code based on search params. So in addition to sending the code for the user to copy/paste or type in, we can also send them a link that takes them straight to the /verify page with the code pre-filled. We can even have the loader automatically validate the code without them having to do anything.

While auto-submission is a very handy feature, it can also be a problem because some anti-virus software will automatically open links in emails. If the link contains a TOTP code, then the anti-virus software will automatically validate the code and the user won't be able to use it. So you may prefer to not auto-validate the code or you may choose to not delete the code once it's been used and just let it expire.

In this exercise, instead of sending the user to onboarding with the email in the verifySession, we're going to send them to /verify with some search params and email them the code.

You'll be creating two URLs, one with the code which we'll email the user and the other without the code which we'll use to redirect the user.

📜 @epic-web/totp generateTOTP

← Previous Next →

Edit on GitHubEdit this page on GitHub

problem solution diff chat

general
Migration to Vite: Server-only module referenced by client
Fabian 🌌:
Hi, I'm working on migrating to Vite following the remix docs (https://remix.run/docs/en/main/guides...
1 · 21 days ago
general
Remix Vite Plugin
Binalfew 🚀 🌌:
<@105755735731781632> Now that remix officially supports vite (though not stable) what does it mean...
✅1
3 · a year ago
general
Welcome to EpicWeb.dev! Say Hello 👋
Kent C. Dodds ◆ 🚀🏆🌌:
This is the first post of many hopefully!
17
78 · a year ago
general
🔭foundations
Solutions video on localhost:5639 ?
quang 🚀 🌌:
Hi, so I'm having a hard time navigating (hopefully will be better with time) The nav on epicweb.de...
✅1
9 · 10 months ago
🔐auth
Where are we getting target_type from?
Salym 🚀 🏆 🌌:
I don't see target_type in ur verification schema, how are we generating this?
✅1
9 · 2 months ago
🔐auth
Unknown file extension ".png" for ".../user.png"
TraderDave79 🌌:
I'm going through the `web-auth` module and in the "Require Authenticated" exercise, after making th...
✅1
9 · 3 months ago
🔐auth
github.com refuses to connect in workshop app
TraderDave79 🌌:
Web Authentication / OAuth / 02. GitHub Strategy / Problem & Solution apps, when clicking "Login wit...
✅1
3 · 3 months ago
general
Epicshop is now social and mobile friendly!
Kent C. Dodds ◆ 🚀🏆🌌:
I'm excited to announce that now the Epic Web workshops are mobile friendly! https://foundations.ep...
🎉2
0 · 3 months ago
🔐auth
Github token added on refactor of connection model exercise
abraham_aguilera 🌌:
Where does the newly created `GITHUB_TOKEN` come from in the `resolveConnectionData` introduced in t...
2 · 3 months ago
💾data
general
📝forms
🔭foundations
double underscore?
trendaaang 🌌:
What with the `__note-editor.tsx`? I don't see that in the Remix docs and I don't remember Kent talk...
✅1
2 · 4 months ago
🔐auth
RBAC with Entity scoping
abraham_aguilera 🌌:
Hi all! I'm working on implementing access control but I want to be able to scope permissions per en...
✅1
3 · 4 months ago
🔐auth
💾data
08. ROLE-BASED ACCESS / 02. ROLES SEED - migration to local vs production
Fabian 🌌:
So I'm in a bit over my head with this one, in particular with how migration works in a local env vs...
✅1
1 · 4 months ago
🔐auth
Redirect Cookie > 03. Redirect missing ProgressToggle form
Román 🏆 🚀 🌌:
This last exercises of the Auth module isn't showing the ProgressToggle form for some reason. I fork...
✅1
5 · 9 months ago
💾data
🔐auth
Prisma batching in the Require Authorized (07/03/solution)
ajara 🌌 🚀:
When I did the `requireUser` function in `auth.server.ts` I thought about using `requireUserId` func...
✅1
4 · 5 months ago
🔭foundations
💾data
general
📝forms
🔐auth
Native Logging
trendaaang 🌌:
I was thinking that it could be useful to log every CRUD operation to help track down errors. Is tha...
✅1
6 · 5 months ago
general
The video play is pretty laggy currently
QzCurious 🌌:
I thought I should tag you for this <@105755735731781632>. Please take a look if something wrong.
✅2
9 · 6 months ago
general
New Workshop Scheduled
Kent C. Dodds ◆ 🚀🏆🌌:
Hey Epic Web devs! I wanted to let you know before everyone else on here: https://www.epicweb.dev/ev...
2
0 · 6 months ago
general
Deploying an exercise
Khoi 🚀 🌌:
Dear <@105755735731781632> , First of all, I really appreciate your effort in building this EPIC cou...
✅1
1 · 6 months ago
general
"Start App" throws error: Error: Cannot add empty string to PrefixLookupTrie
Martin 🌌:
✗ npm run start > start > kcdshop start [playground:4000] [playground:4000] > dev [playground:4000...
✅1
7 · 10 months ago
general
📝forms
Can't start the playground
trendaaang 🌌:
Been a minute since I last worked on this course. Just tried running the app and was notified that t...
✅1
3 · 7 months ago
general
Question about the Workshop App tabs
sjollivier 🌌:
Just started the course. I might have missed this in the Getting Started video, but how should I be ...
✅1
1 · 7 months ago

Create Post