#[CLOSED] Test user credentials in Appwrite

in appwrite cloud?

Sorry I don't understand your question. What do you mean by fixed otp?

when you submit app in google play store , we have to provide a account so that they can watch our app , in mobile authentication with otp , how we will pass any my mobile number with reusable fixed otp so that they can login without asking me for otp . like firebase give this feature . you can set any fixed otp to any number . How will i achieve this in appwrite.

Why don't you simply create one and provide them with the login details?

It's not a requirement, you can offer (if your app has) alternative login methods, so by sharing a password and email you should be fine

i have only mobile with otp login system , so i have to give mobile number and fixed otp

because my app get rejected because of this

we have to give more login method to achieve this?

I used an app with login in with OTP only

Just provide a note that you can use any phone and login will be created

I passed both apple and Google Play logins

yes you r right

but my app rejected before just because any user can not access my paid content , and google play console account wants a login credential that can access all paid content without purchasing it , for this i have to give a phone in which all content should show without any purchase.

What kind of paid content is it?

You could just give a code

A referrals code

i am creating educational course , so i sell course on app

by referal code i have to make such system so that by that code content is free, right?

you can just use a function for the app's auth process, instead of directly using createPhoneSession.

In the function, check if the number input by the user is something like 111-111-111. If it is, accept the 1234 otp, and create a session for that user

If the number is not the preset one, just run the normal phone auth flow

Not too tough to implement

Yes. Also as far as I know Google requires to use their payment system for in app content

its not compulsary , otherwise no one will sell course through google because of expensive charge , every body use razorpay , i also used that , i have used in almost 40 apps , all are in firebase , so it accepted through fixed otp

but its make my auth to run slow , because of extra layer , and for this we have to modify many code to get that

it really shouldn't affect your auth flow slower

and i will suggest appwrite to give this feature in future , because its compulsary for every app who use mobile auth , like firebase

it's just a simple check. if it's the test number, accept the fixed otp, and create a session .

if it isn't fixed number, exit the function

it should add hardly 20-40ms which is not at all noticeable

yes but if you think about 10k user login per day , it will cost noticable extra bandwidth by running this function.

why?

those 10k users don't even need to use the functio

maybe i phrase it wrong

see

in your code, when the user clicks the login button after inputting their number, a function is called right?

a local function, not an appwrite function

so for this i have to make it in client side?

in this local function, you must be sending the phone number to createPhoneVerification right?

Instead of directly doing this, just check if the entered number is your test number

i was thinking about cloudfunction

if it is, move them to the next screen and ask for otp, and accept the preset otp

if the number is not the test number, do the actual verification

no just a normal function in your app

but then any body can see this phone and preset otp and access all paid content to free

its not safe

You can just block the number after your app is published to play store

there's a Block account button in the user's settings

i am creating application from 3 years , and i show google does not just review one time , it checks many time , even if my app is not live , so if i delete , my app will be rejected

this problem i get many times , before firebase

this solution not works for google upload

okay

then how about this

instead of doing all the logic in the local function, just check if the number is a test number. If it is, create the session with OTP in your cloud function

This way, your OTP will not be visible on the client side.

if the number isn't a test number, do the normal flow.

Are you using flutter or java/kotlin?

Regardless of the framework, are you familiar with tree-shaking?

i used kotlin and flutter , but right now my app is in kotlin

.

no , heard this first time , but if this can solve my problem , i will learn about this

https://developer.android.com/build/shrink-code

This is a very common practice in mobile development. Read up on it

this is not fully secure , there is way to reverse this process

What's this process?

shrinking code

I'm askign what's the process to reverse?

i dont know , but reverse engineer can do it

Shubham it seems like you're trying to acheive the impossible.

i think this is better approach

Hacking is always a possibility

An app or website is never 100% secure

It's just harder to get into

i know , no body can fully. secure application

Exactly.

So you shouldn't be looking to do this - make hacking impossible

but its my work to atleast check all , that i can think its easy

It is easy, but it looks like you want 100% security. This is virtually impossible 😅

yes but we can make the layer so that normal hacker can not do this

The mthod I suggested, of sending the mobile number and and otp on cloud function is as good as it can get

At least for now.

i know it , even big platform like udemy and courseera app data leak

yes this is better approach

Actually i have planned to move completely from firebase and django to appwrite

so in migrating , i have lots of problem , and i have to ask every question

that's absolutely okay