- /login by email & password
- /register by email & password
- /passwords/forgot
- /passwords/reset
- /oauth/fb
2FA, if user logs in with a new device with a new device ids OR new IP we need to send them a otp via email to validate.
Consider using Kong for authentication layer. We don't write our own crypto, so why should we write our own auth?
If we roll out our own authserv, we'll need to use http://passportjs.org/docs, and on valid credentials return a JSON web token that all other microservices consume to proceed. We also need to move out the database tables for Local.js, Facebook.js, and Google.js.
Q: What's the relationship between User.js and these credential objects?