Using Google's two-factor authentication, as you try to login, a prompt is pushed to your phone so you just have to acknowledge with a tap that you are the one signing in.
I was wondering how it is implemented.
How is the prompt pushed to your phone? Is it a classic Android notification?
How does the website wait for the acknowledgment? I noticed that while waiting, a xhr request is pending for a maximum of 20 seconds. 
What is the cost of a pending request?
What does this request do server side? Does it periodically ask if the authentication done? Is it done in a stateless way?
Aucun commentaire:
Enregistrer un commentaire