We're going to add a feature that will allow apps to work without the user needing to create or enter a password.
...
| POST | /v3/auth/email/signIn | |
|---|---|---|
| auth | no authentication, public endpoint | |
| body | { "email": "<email.address>", "study": "<studyId>", "password": "<password>", "token" : "<token>" } | |
| returns | 200 | with user session |
| 412 | with user session | |
| 404 | { "statusCode": 404, "entityClass": "Account", "message": "Account not found.", "type": "EntityNotFoundException" } |
If the token has been issued, retrieve the user's identity and return a session. Optionally, if a password value has also been submitted, reset the password before returning the session.
...
| method | Description |
|---|---|
| requestEmailSignIn(SignIn signIn) |
|
| emailSignIn(CriteriaContext context, SignIn signIn) |
|
...
- User fills out survey on the web
- User signs up using their phone number (on the phone, or in the web page? I think this matters)
- SMS is sent which takes user to app store/googe play store so they can download the app
- After the app installed the information from the online portion is remembered (ex. consent has been filled out)
Alx: I don't think it's possible to do this. If you have documentation on this, please provide it. For example, branch.io is "fingerprinting" a device in order to re-establish state after an app install... I don't see how this will work if user starts on desktop, and then switches to their phone).
First Install- Native App to Native App
...
In both applications the implementation is fairly straightforward, Android Studio has a built in feature that allows you create and test domains on your app. iOS has docs that are also straightforward. Note: neither of these can be tested until the certiciate is in place.
Other Considerations
There are several cases when deep links won't work, links inside the Gmail, Inbox and Facebook apps for instance.
...
The main selling point of these services is that they allow for keeping information known through install (contextual linking). It has yet to be determined how difficult/or not difficult this is to do without their services.
Examples of contextual linking with branch io, the 'magra' example shows an actual link that was texted to recieve an app install link
[Alx]: The issue we will have with this is straightforward. From the website, to collect consent, we need an identity, and for an identity, we'll need an email address or phone number. The workflow would look something like this:
...
- sends SMS message to the phone number provided
- when user enters SMS message, user is signed in to the account and verified
- all the consent information that was gathered from web page and put in URL is used by app to sign consent
- app receives back re-authentication token in sign in session
...
Example of contextual linking with google firebase here they show an example of how someone could open the app on the web like so:
<ahref="https://abc123.app.goo.gl/?link=https://example.com/content?item%3D1234&apn=com.example.android&ibi=com.example.ios"></a>
Open this page in our app!
In this example we have the link embedded inside the web page, but for our purposes we would want it sent via sms.