CONTENTS OF THIS FILE
---------------------

 * Introduction
 * Requirements
 * Recommended Modules
 * Installation
 * Features
 * Configuration
 * Maintainers


INTRODUCTION
------------

The Authorization Code module provides an API for developers for generating and
validating secured, customizable and convenient authorization codes.

Authorization Code is helpful when:
 * Developing a decoupled login page (SPA)
 * Improving the UX on the site, using a one-time authorization code login,
   instead of or in addition to the traditional login with password option
 * Making the site more secure by allowing users to login with one time
   authorization code

 * For a full description of the module visit:
   https://www.drupal.org/project/authorization_code

 * To submit bug reports and feature suggestions, or to track changes visit:
   https://www.drupal.org/project/issues/authorization_code


REQUIREMENTS
------------

This module requires no modules outside of Drupal core.


INSTALLATION
------------

 * Install the Authorization Code module as you would normally install a
   contributed Drupal module. Visit https://www.drupal.org/node/1897420 for
   further information.


FEATURES
--------

Key features:
 * Secured authorization code generator
 * Exceptions based error handling (using PHP exception classes) which allows
   highly customizable error handling
 * Errors are written to Drupal's watchdog
 * Can be integrated with any message provider - SMS, email, Slack.. (the
   module does not provide any of those integrations OOTB)
 * Supports multiple authorization channels in parallel - end user may select
   whether to authorize via email or SMS
 * The authorization process has three phases:
 * Pre-send validations, for example check that a given user has a phone number,
   and only if he does - send him an SMS message
 * Send the authorization code - integrate with one or more messaging service
   provider and send the authorization code
 * Load user callback - called after a successful authorization
 * Debug mode option for better developer experience
 * Auto. login after authorization

Security features:
 * CSRF token validation
 * Customizable flood control
 * Configurable daily limit
 * Configureable code length
 * Configurable code expiration time
 * Safe Information disclosure! Won't reveal data about existing users via error
   messages
 * Brute force protection (due to those security features)


CONFIGURATION
-------------

    1. Navigate to Administration > Extend and enable the module.
    2. Navigate to Administration > Web Services > Authorization Code to
       configure.
    3. Configurations include: Code length, Flood threshold, Flood window, Daily
       code limit, Max fetch count, and Code expiration time. There is also the
       option to put the module in debug mode.
    4. Save configuration.


MAINTAINERS
-----------

 * Eyal Shalev - https://www.drupal.org/u/eyal-shalev

Supporting organization:

 * Dofinity - https://www.drupal.org/dofinity
