Building OhTP, an OTP solution. (Part 1)
I recently started working as a Backend Developer at a small company that builds enterprise financial tech solutions. Recurring issues that we have is centred around the following statements.
Another user didn't get their OTP after requesting for it.
We need to change our SMS service provider
Did the system even send out the OTP at all? 😅
Being a lazy guy myself, this naturally made me work more than I'd love to. Tracking faults in a system that was very convoluted. This isn't what I signed up for (Lol, it is 😅). Then, I started to think.
Why don't we have an open-source service that handles this kind of thing? What exactly is stopping me from building this? It is simply an opportunity to flex my muscles. I love sending out OTPs, I simply don't like implementing the system that does that. It is unfortunate that like most popular design choices, most OTP systems aren't usually built very securely. A lot of us (myself, specifically) aren't strange to building sketchy OTP pipelines in our projects. This introduces some level of vulnerability in the system for anyone who cares enough to look.
I made up my mind to go ahead and build a system that
- is able to generate a strong OTP and send it to the recipient.
- is able to send this OTP via various media ranging from SMS, email to WhatsApp and telegram.
- is easily extensible via plugins to support any medium of choice.
- is able to verify the OTP and send webhooks to the parent project.
- can be verified via URL, web SDK and API. After which a webhook is sent to a designated Endpoint.
- be queried for all egress communication within any time interval.
- send any metadata along with the webhook.
This meant that the system could handle authorisation and user verification for you and your system simply has to create a user from the embedded metadata. Forget password pipeline implementations would be easy easy to build that it currently is. Yay!!! 🎉🎉🎉🎉🎉🎉
Needless to say, this was a proposed solution to my problem. One that I hope others who have that same kind of problem will appreciate and eventually use.
So, Shall we begin?
Well, not so fast. I write several programming languages and I have been a huge GoLang fan for the bulk of this year. Words in the street is that it's an improved version of C, a language that I have been writing for several years. I was very sure that this is definitely the time to learn GoLang. How hard could it be? Famous last words.
Well, it wasn't hard to learn. I write Go comfortably as we speak. The unfortunate part of that story is that I wasn't able to use this "huge" project as a first project using GoLang. So, I let Go go. I'll find somewhere to use you. It just isn't this one.
Then came Typescript. I write enough typescript to make the project development fast while learning new things on the way. The perfect language for this use case. I have always wanted an opportunity to watch an "Advanced Typescript" video I found online. I haven't watched the video yet. I hope it isn't another one of my famous last words. For now, we move fast.🏎️💨💨
I set out to create a map of my thoughts and what I wanted from the project and I came up with a sketch, one that is sketchy at best.
It shows the bulk of my ambition in short term.( I haven't forgotten my ambition to work in Telegram. Always in my heart.)
While I have initiated the project and have written some code, I want this article to be the first of many describing my intentional drive for personal growth while developing something that I think is a solution to a problem I face. If I don't build that solution, who will.
If you would like to see what I have done so far, check it out. And I know it a bad choice of name. I'm not much of a name person. We'll find an alternative as we proceed.
Thanks for reading. Watch out for more to come.