I am writing an app (Android/Apple in Flutter) that I eventually want to have a passwordless signup/login system. However many of the solutions use 3rd-party authentication servers for the tokens, which require setting up accounts, API keys, watching usage limits, incurring charges, etc
Ones that spring up a lot are combinations of Flutter with:
- Firebase
- AWS Cognito
- Cotter
- Auth0
- etc.
I don't want to sign up for a service where I will have to manage API usage and costs etc. So, is this a fairly simple process to keep it all in-house on my webserver with an open-source solution (and usage limits are then only on my own server), or is this a huge undertaking that I'm not aware of yet?
I simply want to:
Signup:
App -> Enter email address -> Account not found: Signup -> Device Trusted -> Confirm Email -> App Authenticated.
Login:
App -> Enter email address -> Account found, device trusted -> Authenticated
Everyday use:
App -> Session token stored -> Device still authenticated -> Continue
Online portal login:
Enter email address -> Account found -> Use App to confirm login attempt -> Continue
Thanks