react-on-rails VS rotp

You should take a look at https://github.com/shakacode/react_on_rails. I created that repo back in 2015 and it's still going strong. Popmenu.com uses it and we've got 5,000 restaurant chains on the Rails monolith and huge traffic and transaction volume. Check out the html source of a popmenu site, like https://110grill.com. You'll see react-on-rails in the source.

It's me, Justin, the guy the started React on Rails and React on Rails Pro many years ago! I'll be following this thread!

The problem is I have no idea how to implement the "remember me" feature in that gem without just making the tokens not refresh for a very long time (I think that would be a security concern). So then I looked more into react_on_rails to just use sessions with Devise as a normal rails app, but I don't know if I'll be able to deploy that on AWS because of the changes I have to do to the webpacker/webpack config to allow for a better folder structure. I've never done that so I don't know if there may be any issues.

I have a production level Ruby on Rails app that is slowly transitioning from pure Rails with JS sprinkles to a Rails backend and React frontend kind of situation using React on Rails.

https://github.com/shakacode/react_on_rails - It was last updated 2 months ago & can do prerendering. I'm not sure why more people aren't suggesting this.

https://github.com/shakacode/react_on_rails use this instead. It's maintained and preferred nowadays

React on Rails is an integration of React + Webpack + Rails + rails/webpacker including server-side rendering of React, enabling a better developer experience and faster client performance. 4,558 stars by now

Your authentication mechanism should include multiple factors, something the user knows and something the user has. If you are using Devise, you can use the devise-two-factor gem. If you have custom authentication, you can use the rotp gem to generate OTP codes and verify those during login.

Aside from SMS scams, SMS is the least secure type of 2FA. I recommend implementing OTP via authenticator apps like Authenticator and 1Password. You can use the rotp gem for this: https://github.com/mdp/rotp

What you're describing sounds a lot like OTP https://github.com/mdp/rotp. It's a well known and standard way of issuing one time passwords (typically 6 digits that a user confirms by entering it in).

rotp: https://github.com/mdp/rotp and

Use https://github.com/mdp/rotp/ -- it's super simple to get TOTP 2FA set up. Friends don't let friends use SMS 2FA.

ROTP (The Ruby One Time Password Library) is a Ruby library for generating and validating one time passwords (HOTP & TOTP) according to RFC 4226 and RFC 6238. It is compatible with Google Authenticator available for Android and iPhone and any other TOTP based implementations. 1,217 stars by now